def test_get_bad_type_selection(self, *args):
""" Invalid string selection of two roles """
roles = [
('idp1', 'arn:aws:iam::123577191723:role/KalturaAdmin'),
('idp2', 'arn:aws:iam::271867855970:role/BoxAdmin'),
]
with self.assertRaises(InvalidSelection):
get_selection(roles)
def test_get_2of2_selections(self, *args):
""" Select the second of two roles """
roles = [
('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'),
('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'),
]
self.assertEqual(get_selection(roles), roles[1])
def test_selections_bad_profile_role(self, *args):
""" If a bad Profile role is set, then get_selection prompts the user.
"""
profile_role = 'arn:aws:iam::617683844790:role/BadRole'
roles = [
('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'),
('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'),
]
with patch('sys.stdout', new=StringIO()):
with self.assertLogs('awscli_login.util', 'ERROR') as cm:
get_selection(roles, profile_role)
error = ERROR_INVALID_PROFILE_ROLE % profile_role
self.assertEqual(
cm.output,
["ERROR:awscli_login.util:%s" % error],
)
def test_get_single_selection(self, mock_input):
""" When a single role is returned by the IdP do not ask for input """
roles = [('idp', 'arn:aws:iam::224588347132:role/KalturaAdmin')]
with patch('sys.stdout', new=StringIO()) as mock_stdout:
self.assertEqual(get_selection(roles), roles[0])
mock_input.assert_not_called()
output = mock_stdout.getvalue()
self.assertEqual(output, "", "get_selection printed output:"
"\n%s\n----\n" % output)
def test_selections_profile_role(self, *args):
""" Profile role is selected when valid and present """
roles = [
('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'),
('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'),
]
profile_role = roles[1][1]
with patch('sys.stdout', new=StringIO()) as stdout:
role = get_selection(roles, profile_role)
self.assertEqual(
stdout.getvalue(), '', 'User was prompted for a selection '
'even though the Profile role was set!')
self.assertEqual(role, roles[1], 'Profile role was not selected!')
def main(profile: Profile, session: Session):
is_parent = True
try:
client = boto3.client('sts')
# TODO force-refresh should kill refresh!
if not profile.force_refresh:
profile.raise_if_logged_in()
# Must know username to lookup cookies
profile.get_username()
try:
saml, roles = refresh(
profile.ecp_endpoint_url,
profile.cookies,
)
except Exception:
creds = profile.get_credentials()
saml, roles = authenticate(
profile.ecp_endpoint_url,
profile.cookies,
*creds,
)
role = get_selection(roles)
expires = save_sts_token(session, client, saml, role)
if not profile.force_refresh:
is_parent = daemonize(profile, session, client, role, expires)
except Exception as e:
raise
finally:
if not is_parent:
logger.info('Exiting refresh process')
def test_get_empty_selection(self, *args):
""" Attempt to select from an empty role set """
with self.assertRaises(SAML):
get_selection([])
