def test_get_credentials_role_duration_auto_refresh_exit(
aws_lib: MagicMock, create_autoawsume_profile: MagicMock,
safe_print: MagicMock):
config = {}
arguments = argparse.Namespace(
target_profile_name='role',
external_id='myexternalid',
role_duration='43200',
role_arn=None,
session_name='mysessionname',
mfa_token='123123',
force_refresh=True,
auto_refresh=True,
region=None,
)
profiles = {
'role': {
'role_arn': 'myrolearn',
'source_profile': 'user',
},
'user': {
'aws_access_key_id': 'AKIA...',
'aws_secret_access_key': 'SECRET',
'mfa_serial': 'mymfaserial',
},
}
with pytest.raises(SystemExit):
default_plugins.get_credentials(config, arguments, profiles)
safe_print.assert_called()
def test_get_credentials_role_from_cli(aws_lib: MagicMock,
create_autoawsume_profile: MagicMock,
assume_role_from_cli: MagicMock):
config = {}
arguments = argparse.Namespace(
target_profile_name='user',
external_id='myexternalid',
role_duration=None,
role_arn='myrolearn',
source_profile=None,
session_name='mysessionname',
mfa_token='123123',
force_refresh=True,
auto_refresh=False,
region=None,
)
profiles = {
'role': {
'role_arn': 'myrolearn',
'source_profile': 'user',
},
'user': {
'aws_access_key_id': 'AKIA...',
'aws_secret_access_key': 'SECRET',
},
}
result = default_plugins.get_credentials(config, arguments, profiles)
assert result == assume_role_from_cli.return_value
def test_get_credentials_no_mfa_user(aws_lib: MagicMock,
create_autoawsume_profile: MagicMock):
config = {}
arguments = argparse.Namespace(
target_profile_name='user',
external_id='myexternalid',
role_duration=None,
role_arn=None,
session_name='mysessionname',
mfa_token='123123',
force_refresh=True,
auto_refresh=False,
region=None,
)
profiles = {
'role': {
'role_arn': 'myrolearn',
'source_profile': 'user',
},
'user': {
'aws_access_key_id': 'AKIA...',
'aws_secret_access_key': 'SECRET',
},
}
result = default_plugins.get_credentials(config, arguments, profiles)
aws_lib.get_session_token.assert_not_called()
aws_lib.assume_role.assert_not_called()
assert result == {
'AccessKeyId': 'AKIA...',
'SecretAccessKey': 'SECRET',
'SessionToken': None,
'Region': None,
}
def test_get_credentials_auto_refresh(aws_lib: MagicMock,
create_autoawsume_profile: MagicMock):
config = {}
arguments = argparse.Namespace(
target_profile_name='role',
external_id='myexternalid',
role_duration=None,
role_arn=None,
session_name='mysessionname',
mfa_token='123123',
force_refresh=True,
auto_refresh=True,
region=None,
output_profile=None,
)
profiles = {
'role': {
'role_arn': 'myrolearn',
'source_profile': 'user',
},
'user': {
'aws_access_key_id': 'AKIA...',
'aws_secret_access_key': 'SECRET',
'mfa_serial': 'mymfaserial',
},
}
aws_lib.assume_role.return_value = {
'SourceExpiration': '2077-10-24',
}
result = default_plugins.get_credentials(config, arguments, profiles)
aws_lib.get_session_token.assert_called_with(
{
'AccessKeyId': 'AKIA...',
'SecretAccessKey': 'SECRET',
'SessionToken': None,
'Region': None
},
region=None,
mfa_serial='mymfaserial',
mfa_token='123123',
ignore_cache=True,
duration_seconds=None,
)
aws_lib.assume_role.assert_called_with(
aws_lib.get_session_token.return_value,
'myrolearn',
'mysessionname',
region=None,
external_id='myexternalid',
role_duration=0,
)
assert result == aws_lib.assume_role.return_value
