def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_auth_okta(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.return_value = None
ret = keyman.auth_okta()
self.assertEqual(ret, None)
def test_auth_okta_unknown_error(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.UnknownError
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_auth_okta_bad_password(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.InvalidPassword
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_auth_okta_bad_password(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.InvalidPassword
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_auth_okta(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.return_value = None
ret = keyman.auth_okta()
self.assertEqual(ret, None)
def test_auth_okta_unknown_error(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.UnknownError
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_start_session_xml_failure(self, session_mock, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
xml_error = xml.etree.ElementTree.ParseError()
session_mock.side_effect = xml_error
with self.assertRaises(aws.InvalidSaml):
keyman.start_session()
def test_aws_auth_loop_invalidsaml(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = aws.InvalidSaml()
keyman.okta_client = mock.MagicMock()
ret = keyman.aws_auth_loop()
assert keyman.start_session.called
self.assertEqual(ret, 1)
def test_auth_okta_duo_mfa_no_factor(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.handle_duo_factor_selection = mock.MagicMock()
keyman.okta_client.auth.side_effect = [duo.FactorRequired('a', 'b'),
True]
keyman.okta_client.duo_auth.side_effect = [False, True]
keyman.user_input = mock.MagicMock()
keyman.auth_okta()
keyman.handle_duo_factor_selection.assert_has_calls([mock.call()])
def test_start_session(self, aws_mock, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.return_value = 'assertion'
aws_mock.Session = mock.MagicMock()
keyman.start_session()
keyman.okta_client.assert_has_calls(
[mock.call.get_assertion(appid=mock.ANY, apptype='amazon_aws')])
aws_mock.assert_has_calls(
[mock.call.Session('assertion', profile=mock.ANY)])
def test_handle_appid_selection_from_okta_no_aws(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar"])
keyman.config.accounts = None
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name="selector_menu")
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_aws_apps.return_value = []
with self.assertRaises(NoAWSAccounts):
keyman.handle_appid_selection(okta_ready=True)
def test_aws_auth_loop_profile_error(self, config_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
profile_exc = botocore.exceptions.ProfileNotFound(profile="")
keyman.start_session.side_effect = profile_exc
keyman.okta_client = mock.MagicMock()
ret = keyman.aws_auth_loop()
assert keyman.start_session.called
self.assertEqual(ret, 4)
def test_auth_okta_duo_mfa_passcode(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = duo.PasscodeRequired('a', 'b')
keyman.okta_client.duo_auth.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = '000000'
keyman.auth_okta()
keyman.okta_client.duo_auth.assert_has_calls([
mock.call('a', 'b', '000000'),
])
def test_auth_okta_mfa(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.PasscodeRequired('a', 'b',
'c')
keyman.okta_client.validate_mfa.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = "000000"
keyman.auth_okta()
keyman.okta_client.validate_mfa.assert_has_calls([
mock.call('a', 'b', "000000")
])
def test_auth_okta_duo_mfa_no_factor(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.handle_duo_factor_selection = mock.MagicMock()
keyman.okta_client.auth.side_effect = [
duo.FactorRequired("a", "b"),
True,
]
keyman.okta_client.duo_auth.side_effect = [False, True]
keyman.user_input = mock.MagicMock()
keyman.auth_okta()
keyman.handle_duo_factor_selection.assert_has_calls([mock.call()])
def test_auth_okta_answer(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
factor = {'id': 'foo', 'profile': {'questionText': 'a'}}
keyman.okta_client.auth.side_effect = okta.AnswerRequired(factor, 'b')
keyman.okta_client.validate_answer.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = 'Someanswer'
keyman.auth_okta()
keyman.okta_client.validate_answer.assert_has_calls([
mock.call('foo', 'b', 'Someanswer'),
])
def test_auth_okta_duo_mfa_passcode(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = duo.PasscodeRequired("a", "b")
keyman.okta_client.duo_auth.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = "000000"
keyman.auth_okta()
keyman.okta_client.duo_auth.assert_has_calls(
[
mock.call("a", "b", "000000"),
],
)
def test_handle_appid_selection_from_okta(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar"])
keyman.config.accounts = None
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name="selector_menu")
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_aws_apps.return_value = [
{"name": "myAccount", "appid": "myID"},
]
keyman.handle_appid_selection(okta_ready=True)
assert keyman.okta_client.get_aws_apps.called
def test_handle_appid_selection_from_okta(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar'])
keyman.config.accounts = None
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name='selector_menu')
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_aws_apps.return_value = [
{'name': 'myAccount', 'appid': 'myID'}
]
keyman.handle_appid_selection(okta_ready=True)
assert keyman.okta_client.get_aws_apps.called
def test_auth_okta_answer(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
factor = {"id": "foo", "profile": {"questionText": "a"}}
keyman.okta_client.auth.side_effect = okta.AnswerRequired(factor, "b")
keyman.okta_client.validate_answer.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = "Someanswer"
keyman.auth_okta()
keyman.okta_client.validate_answer.assert_has_calls(
[
mock.call("foo", "b", "Someanswer"),
],
)
def test_auth_okta_mfa_retry(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.PasscodeRequired(
"a",
"b",
"c",
)
keyman.okta_client.validate_mfa.side_effect = [False, True]
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = "000000"
keyman.auth_okta()
keyman.okta_client.validate_mfa.assert_has_calls(
[
mock.call("a", "b", "000000"),
mock.call("a", "b", "000000"),
],
)
def test_start_session(self, aws_mock, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.return_value = "assertion"
aws_mock.Session = mock.MagicMock()
keyman.start_session()
keyman.okta_client.assert_has_calls(
[
mock.call.get_assertion(appid=mock.ANY),
],
)
aws_mock.assert_has_calls(
[
mock.call.Session(
"assertion",
profile=mock.ANY,
role=None,
region=mock.ANY,
session_duration=mock.ANY,
),
],
)
