def test_get_sts_access(self, mock_boto3_client):
"""Test _get_sts_access success."""
expected_access_key = FAKE.md5()
expected_secret_access_key = FAKE.md5()
expected_session_token = FAKE.md5()
assume_role = {
'Credentials': {
'AccessKeyId': expected_access_key,
'SecretAccessKey': expected_secret_access_key,
'SessionToken': expected_session_token
}
}
sts_client = Mock()
sts_client.assume_role.return_value = assume_role
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
credentials = _get_sts_access(iam_arn)
sts_client.assume_role.assert_called()
self.assertEquals(credentials.get('aws_access_key_id'),
expected_access_key)
self.assertEquals(credentials.get('aws_secret_access_key'),
expected_secret_access_key)
self.assertEquals(credentials.get('aws_session_token'),
expected_session_token)
def test_check_org_access_fail(self):
"""Test _check_org_access with boto exception."""
iam_arn = 'arn:aws:s3:::my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
access_exists = _check_org_access(access_key_id, secret_access_key,
session_token)
self.assertFalse(access_exists)
def test_get_sts_access_no_cred(self, mock_boto3):
"""Test _get_sts_access with no credentials."""
client = Mock()
client.assume_role.return_value = {}
mock_boto3.return_value = client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
self.assertIsNone(access_key_id)
self.assertIsNone(secret_access_key)
self.assertIsNone(session_token)
def test_get_sts_access_fail(self, mock_boto3_client):
"""Test _get_sts_access fail."""
sts_client = Mock()
sts_client.assume_role.side_effect = _mock_boto3_kwargs_exception
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
self.assertIsNone(access_key_id)
self.assertIsNone(secret_access_key)
self.assertIsNone(session_token)
def test_get_sts_access_none(self, mock_boto3_client):
"""Test _get_sts_access handles no credentials."""
assume_role = {}
sts_client = Mock()
sts_client.assume_role.return_value = assume_role
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
self.assertIsNone(access_key_id)
self.assertIsNone(secret_access_key)
self.assertIsNone(session_token)
def test_get_sts_access_fail(self, mock_boto3_client):
"""Test _get_sts_access fail."""
logging.disable(logging.NOTSET)
sts_client = Mock()
sts_client.assume_role.side_effect = _mock_boto3_kwargs_exception
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
with self.assertLogs(level=logging.CRITICAL):
credentials = _get_sts_access(iam_arn)
self.assertIn('aws_access_key_id', credentials)
self.assertIn('aws_secret_access_key', credentials)
self.assertIn('aws_session_token', credentials)
self.assertIsNone(credentials.get('aws_access_key_id'))
self.assertIsNone(credentials.get('aws_secret_access_key'))
self.assertIsNone(credentials.get('aws_session_token'))
def test_provider_org_fail(self, check_org_access, check_cost_report_access, check_s3_access):
"""Test creating a provider with AWS org access failure."""
iam_arn = 'arn:aws:s3:::my_s3_bucket'
bucket_name = 'my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
s3_resource = boto3.resource(
's3',
aws_access_key_id=access_key_id,
aws_secret_access_key=secret_access_key,
aws_session_token=session_token,
)
s3_resource.create_bucket(Bucket=bucket_name)
provider_interface = AWSProvider()
try:
provider_interface.cost_usage_source_is_reachable(iam_arn, bucket_name)
except Exception:
self.fail('Unexpected error thrown')
def test_get_sts_access(self, mock_boto3_client):
"""Test _get_sts_access success."""
expected_access_key = 'mock_access_key_id'
expected_secret_access_key = 'mock_secret_access_key'
expected_session_token = 'mock_session_token'
assume_role = {
'Credentials': {
'AccessKeyId': expected_access_key,
'SecretAccessKey': expected_secret_access_key,
'SessionToken': expected_session_token
}
}
sts_client = Mock()
sts_client.assume_role.return_value = assume_role
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
self.assertEqual(access_key_id, expected_access_key)
self.assertEqual(secret_access_key, expected_secret_access_key)
self.assertEqual(session_token, expected_session_token)
def test_cost_usage_source_is_reachable(self, check_org_access, check_cost_report_access):
"""Verify that the cost usage source is authenticated and created."""
check_org_access.return_value = True
check_cost_report_access.return_value = True
iam_arn = 'arn:aws:s3:::my_s3_bucket'
bucket_name = 'my_s3_bucket'
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
s3_resource = boto3.resource(
's3',
aws_access_key_id=access_key_id,
aws_secret_access_key=secret_access_key,
aws_session_token=session_token,
)
s3_resource.create_bucket(Bucket=bucket_name)
provider_interface = AWSProvider()
try:
provider_interface.cost_usage_source_is_reachable(iam_arn, bucket_name)
except Exception:
self.fail('Unexpected Error')
def test_provider_cur_fail(self, check_cost_report_access):
"""Test creating a provider with AWS cost report access failure."""
check_cost_report_access.return_value = False
iam_arn = 'arn:aws:s3:::my_s3_bucket'
bucket_name = 'my_s3_bucket'
provider_interface = AWSProvider()
with self.assertRaises(ValidationError):
provider_interface.cost_usage_source_is_reachable(iam_arn, bucket_name)
access_key_id, secret_access_key, session_token = _get_sts_access(
iam_arn)
s3_resource = boto3.resource(
's3',
aws_access_key_id=access_key_id,
aws_secret_access_key=secret_access_key,
aws_session_token=session_token,
)
s3_resource.create_bucket(Bucket=bucket_name)
provider_interface = AWSProvider()
with self.assertRaises(ValidationError):
provider_interface.cost_usage_source_is_reachable(iam_arn, bucket_name)