def test_log_handler_parses_assertion(mock_requests_session, argv, prompter,
client_creator, cache_dir, caplog):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)])
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % saml_assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--verbose')
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
decoded_assertion = base64.b64decode(saml_assertion).decode('utf-8')
expected_assertion = xml.dom.minidom.parseString(decoded_assertion)
expected_assertion = expected_assertion.toprettyxml()
expected_log = ('awsprocesscreds.saml', logging.INFO,
'Received the following SAML assertion: \n%s' %
expected_assertion)
assert expected_log in caplog.record_tuples
def test_cli(mock_requests_session, argv, prompter, assertion, client_creator,
capsys, cache_dir):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
stdout, _ = capsys.readouterr()
assert stdout.endswith('\n')
response = json.loads(stdout)
expected_response = {
"AccessKeyId": "foo",
"SecretAccessKey": "bar",
"SessionToken": "baz",
"Expiration": mock.ANY,
"Version": 1
}
assert response == expected_response
def test_verbose(mock_requests_session, argv, prompter, assertion,
client_creator, cache_dir):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--verbose')
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
logger = logging.getLogger('awsprocesscreds')
assert logger.level == logging.INFO
pretty_handlers = [
h for h in logger.handlers if isinstance(h, PrettyPrinterLogHandler)
]
assert len(pretty_handlers) == 1
handler = pretty_handlers[0]
assert handler.level == logging.INFO
def test_retrieve_saml_assertion_3(mock_requests_session, argv, prompter,
assertion, client_creator, cache_dir):
session_token = {
'sessionToken': 'spam',
'status': 'PASSWORD_EXPIRED',
'_links': {
'href': 'href'
}
}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
with pytest.raises(SAMLError):
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
def test_log_handler_parses_dict(mock_requests_session, argv, prompter,
client_creator, cache_dir, caplog,
mock_pkg_resources):
session_token = {'sessionToken': 'spam'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example'
role_arn = 'arn:aws:iam::123456789012:role/monty'
saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)])
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % saml_assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--verbose')
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
expected_params = {
'PrincipalArn': provider_arn,
'RoleArn': role_arn,
'SAMLAssertion': saml_assertion.decode('utf-8')
}
expected_log_message = (
'Retrieving credentials with STS.AssumeRoleWithSaml() using the '
'following parameters: %s' %
json.dumps(expected_params, indent=4, sort_keys=True))
expected_log = ('awsprocesscreds.saml', logging.INFO, expected_log_message)
assert expected_log in caplog.record_tuples
def test_retrieve_saml_assertion_1(mock_requests_session, argv, prompter,
assertion, client_creator, cache_dir):
session_token = {
'sessionToken': 'spam',
'status': 'FAILED',
'errorSummary': 'Testing failure'
}
token_response = mock.Mock(spec=requests.Response,
status_code=401,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
with pytest.raises(SAMLError):
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
def test_no_cache(mock_requests_session, argv, prompter, assertion,
client_creator, capsys, cache_dir):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
argv.append('--no-cache')
expected_response = {
"AccessKeyId": "foo",
"SecretAccessKey": "bar",
"SessionToken": "baz",
"Expiration": mock.ANY,
"Version": 1
}
call_count = 5
for _ in range(call_count):
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
stdout, _ = capsys.readouterr()
assert json.loads(stdout) == expected_response
assert mock_requests_session.post.call_count == call_count
assert mock_requests_session.get.call_count == call_count
assert prompter.call_count == call_count
def test_retrieve_saml_assertion_5(mock_requests_session, argv, prompter,
assertion, client_creator, capsys,
cache_dir):
session_token = {'sessionToken': 'spam', 'status': 'MFA_REQUIRED'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
with mock.patch(
"awsprocesscreds.saml.OktaAuthenticator.process_mfa_verification",
return_value=assertion):
saml(argv=argv,
prompter=prompter,
client_creator=client_creator,
cache_dir=cache_dir)
stdout, _ = capsys.readouterr()
assert stdout.endswith('\n')
response = json.loads(stdout)
expected_response = {
"AccessKeyId": "foo",
"SecretAccessKey": "bar",
"SessionToken": "baz",
"Expiration": mock.ANY,
"Version": 1
}
assert response == expected_response
