def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_start_session_xml_failure(self, session_mock, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
xml_error = xml.etree.ElementTree.ParseError()
session_mock.side_effect = xml_error
with self.assertRaises(aws.InvalidSaml):
keyman.start_session()
def test_aws_auth_loop_multirole(self, config_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.start_session().assume_role.side_effect = aws.MultipleRoles
keyman.handle_multiple_roles = mock.MagicMock()
keyman.aws_auth_loop()
keyman.handle_multiple_roles.assert_has_calls([mock.call(mock.ANY)])
def test_start_session(self, aws_mock, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.return_value = 'assertion'
aws_mock.Session = mock.MagicMock()
keyman.start_session()
keyman.okta_client.assert_has_calls(
[mock.call.get_assertion(appid=mock.ANY, apptype='amazon_aws')])
aws_mock.assert_has_calls(
[mock.call.Session('assertion', profile=mock.ANY)])
def test_aws_auth_loop(self, config_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.aws_auth_loop()
keyman.start_session.assert_has_calls(
[mock.call(), mock.call().assume_role()])
def test_aws_auth_loop_exception(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = Exception()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
assert keyman.start_session.called
def test_aws_auth_loop_exception(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = Exception()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
assert keyman.start_session.called
def test_aws_auth_loop_invalidsaml(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = aws.InvalidSaml()
keyman.okta_client = mock.MagicMock()
ret = keyman.aws_auth_loop()
assert keyman.start_session.called
self.assertEqual(ret, 1)
def test_aws_auth_loop_connectionerror(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
err = requests.exceptions.ConnectionError()
keyman.start_session.side_effect = err
ret = keyman.aws_auth_loop()
assert keyman.start_session.called
self.assertEqual(ret, 3)
def test_aws_auth_loop_profile_error(self, config_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
profile_exc = botocore.exceptions.ProfileNotFound(profile="")
keyman.start_session.side_effect = profile_exc
keyman.okta_client = mock.MagicMock()
ret = keyman.aws_auth_loop()
assert keyman.start_session.called
self.assertEqual(ret, 4)
def test_aws_auth_loop_continue(self, config_mock, sleep_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.config.reup = True
session_instance = mock.MagicMock()
session_instance.is_valid = True
keyman.start_session = mock.MagicMock()
keyman.start_session.return_value = session_instance
with self.assertRaises(Exception):
keyman.aws_auth_loop()
sleep_mock.assert_has_calls([mock.call(60)])
def test_aws_auth_loop(self, config_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.wrap_up = mock.MagicMock()
keyman.handle_multiple_roles = mock.MagicMock()
keyman.handle_multiple_roles.return_value = True
keyman.aws_auth_loop()
keyman.start_session.assert_has_calls(
[mock.call(), mock.call().assume_role(mock.ANY)])
assert keyman.wrap_up.called
assert keyman.handle_multiple_roles.called
def test_start_session(self, aws_mock, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.return_value = "assertion"
aws_mock.Session = mock.MagicMock()
keyman.start_session()
keyman.okta_client.assert_has_calls(
[
mock.call.get_assertion(appid=mock.ANY),
],
)
aws_mock.assert_has_calls(
[
mock.call.Session(
"assertion",
profile=mock.ANY,
role=None,
region=mock.ANY,
session_duration=mock.ANY,
),
],
)
def test_aws_auth_loop_reauth(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
session_instance = mock.MagicMock()
session_instance.assume_role.side_effect = okta.ReauthNeeded
session_instance.is_valid = False
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = session_instance, Exception()
keyman.handle_multiple_roles = mock.MagicMock()
keyman.auth_okta = mock.MagicMock()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
keyman.auth_okta.assert_has_calls([mock.call(state_token=None)])
def test_aws_auth_loop_multirole_no_match(self, config_mock):
config_mock().reup = False
config_mock().screen = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
session_instance = mock.MagicMock()
session_instance.assume_role.side_effect = aws.MultipleRoles
keyman.start_session = mock.MagicMock()
keyman.start_session.return_value = session_instance
keyman.handle_multiple_roles = mock.MagicMock()
keyman.handle_multiple_roles.return_value = False
ret = keyman.aws_auth_loop()
keyman.handle_multiple_roles.assert_has_calls([mock.call(mock.ANY)])
self.assertEqual(ret, 1)
def test_aws_auth_loop(self, config_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
keyman.wrap_up = mock.MagicMock()
keyman.handle_multiple_roles = mock.MagicMock()
keyman.handle_multiple_roles.return_value = True
keyman.aws_auth_loop()
keyman.start_session.assert_has_calls(
[
mock.call(),
mock.call().assume_role(mock.ANY),
],
)
assert keyman.wrap_up.called
assert keyman.handle_multiple_roles.called
def test_aws_auth_loop_multirole(self, config_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
session_instance = mock.MagicMock()
session_instance.assume_role.side_effect = aws.MultipleRoles
keyman.start_session = mock.MagicMock()
keyman.start_session.return_value = session_instance
keyman.handle_multiple_roles = mock.MagicMock()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
session_instance.assume_role.assert_has_calls([
mock.call(),
mock.call(),
])
keyman.handle_multiple_roles.assert_has_calls([
mock.call(mock.ANY)
])
def test_aws_auth_loop_continue(self, config_mock, sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.config.reup = True
session_instance = mock.MagicMock()
session_instance.is_valid = True
keyman.start_session = mock.MagicMock()
keyman.start_session.return_value = session_instance
keyman.handle_multiple_roles = mock.MagicMock()
keyman.handle_multiple_roles.return_value = True
with self.assertRaises(Exception):
keyman.aws_auth_loop()
sleep_mock.assert_has_calls(
[
mock.call(60),
],
)
assert keyman.handle_multiple_roles.called
