def test_credentials_are_generated_from_user(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role.return_value = Struct({
'credentials':
Struct({
'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'
})
})
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
cli.main([
'test.py', 'user', arn, session_name, '--profile', 'test-profile',
'--region', 'un-south-1'
])
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test-profile]', 'output = json', 'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN', ''
])
def test_credentials_are_generated_from_user(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role.return_value = Struct({'credentials':
Struct({'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'})})
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
cli.main(['test.py', 'user', arn, session_name,
'--profile', 'test-profile',
'--region', 'un-south-1'])
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[test-profile]',
'output = json',
'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN',
''])
def test_existing_profiles_are_preserved(self):
write_config_file(self.TEST_FILE,
'[test]',
'output = none',
'region = us-west-2',
'aws_access_key_id = TEST_KEY',
'aws_secret_access_key = TEST_ACCESS',
'aws_security_token = TEST_TOKEN',
'aws_session_token = TEST_TOKEN')
AwsCredentialsFile(self.TEST_FILE).add_profile(
'dev', 'un-west-5', Struct({'access_key': 'ACCESS_KEY',
'secret_key': 'SECRET_KEY',
'security_token': 'SESSION_TOKEN',
'session_token': 'SESSION_TOKEN',
'expiration': 'TEST_EXPIRATION'}))
six.assertCountEqual(self, read_config_file(self.TEST_FILE),
['[test]',
'region = us-west-2',
'aws_access_key_id = TEST_KEY',
'aws_secret_access_key = TEST_ACCESS',
'output = none',
'aws_security_token = TEST_TOKEN',
'aws_session_token = TEST_TOKEN',
'',
'[dev]',
'output = json',
'region = un-west-5',
'aws_access_key_id = ACCESS_KEY',
'aws_secret_access_key = SECRET_KEY',
'aws_security_token = SESSION_TOKEN',
'aws_session_token = SESSION_TOKEN',
''])
def test_credentials_are_generated_from_saml(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = Struct({
'credentials':
Struct({
'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'
})
})
mock_sts.connect_to_region.return_value = mock_conn
sys.stdin = StringIO(
saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
]))
cli.main([
'test.py', 'saml', '--profile', 'test-profile', '--region',
'un-south-1'
])
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test-profile]', 'output = json', 'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN', ''
])
def test_existing_profiles_are_preserved(self):
write_config_file(self.TEST_FILE, '[test]', 'output = none',
'region = us-west-2', 'aws_access_key_id = TEST_KEY',
'aws_secret_access_key = TEST_ACCESS',
'aws_security_token = TEST_TOKEN',
'aws_session_token = TEST_TOKEN')
AwsCredentialsFile(self.TEST_FILE).add_profile(
'dev', 'un-west-5',
Struct({
'access_key': 'ACCESS_KEY',
'secret_key': 'SECRET_KEY',
'security_token': 'SESSION_TOKEN',
'session_token': 'SESSION_TOKEN',
'expiration': 'TEST_EXPIRATION'
}))
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test]', 'region = us-west-2', 'aws_access_key_id = TEST_KEY',
'aws_secret_access_key = TEST_ACCESS', 'output = none',
'aws_security_token = TEST_TOKEN',
'aws_session_token = TEST_TOKEN', '', '[dev]', 'output = json',
'region = un-west-5', 'aws_access_key_id = ACCESS_KEY',
'aws_secret_access_key = SECRET_KEY',
'aws_security_token = SESSION_TOKEN',
'aws_session_token = SESSION_TOKEN', ''
])
def test_profile_is_added(self):
AwsCredentialsFile(self.TEST_FILE).add_profile(
'dev', 'un-west-5', Struct({'access_key': 'ACCESS_KEY',
'secret_key': 'SECRET_KEY',
'session_token': 'SESSION_TOKEN',
'expiration': 'TEST_EXPIRATION'}))
six.assertCountEqual(self, read_config_file(self.TEST_FILE),
['[dev]',
'output = json',
'region = un-west-5',
'aws_access_key_id = ACCESS_KEY',
'aws_secret_access_key = SECRET_KEY',
'aws_security_token = SESSION_TOKEN',
'aws_session_token = SESSION_TOKEN',
''])
def test_profile_is_added(self):
AwsCredentialsFile(self.TEST_FILE).add_profile(
'dev', 'un-west-5',
Struct({
'access_key': 'ACCESS_KEY',
'secret_key': 'SECRET_KEY',
'session_token': 'SESSION_TOKEN',
'expiration': 'TEST_EXPIRATION'
}))
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[dev]', 'output = json', 'region = un-west-5',
'aws_access_key_id = ACCESS_KEY',
'aws_secret_access_key = SECRET_KEY',
'aws_security_token = SESSION_TOKEN',
'aws_session_token = SESSION_TOKEN', ''
])
def test_credentials_are_generated_from_token(self):
token = Struct({'credentials':
Struct({'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN',
'expiration': 'TEST_EXPIRATION'})})
Actions.persist_credentials(self.TEST_FILE,
'test-profile',
'un-south-1', token, True)
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[test-profile]',
'output = json',
'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN',
''])
def test_credentials_are_generated_from_token(self):
token = Struct({
'credentials':
Struct({
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN',
'expiration': 'TEST_EXPIRATION'
})
})
Actions.persist_credentials(self.TEST_FILE, 'test-profile',
'un-south-1', token, True)
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test-profile]', 'output = json', 'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN', ''
])
def test_credentials_are_generated_from_saml(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = Struct({'credentials':
Struct({'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'})})
mock_sts.connect_to_region.return_value = mock_conn
sys.stdin = StringIO(saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP']))
cli.main(['test.py', 'saml',
'--profile', 'test-profile',
'--region', 'un-south-1'])
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[test-profile]',
'output = json',
'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN',
''])
def test_profile_is_updated(self):
write_config_file(self.TEST_FILE,
'[dev]',
'output = none',
'region = us-west-2',
'aws_access_key_id = OLD',
'aws_secret_access_key = REDUNDANT',
'aws_session_token = EXPIRED')
AwsCredentialsFile(self.TEST_FILE).add_profile(
'dev', 'un-west-5', Struct({'access_key': 'ACCESS_KEY',
'secret_key': 'SECRET_KEY',
'session_token': 'SESSION_TOKEN',
'expiration': 'TEST_EXPIRATION'}), True)
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[dev]',
'region = un-west-5',
'aws_access_key_id = ACCESS_KEY',
'aws_secret_access_key = SECRET_KEY',
'output = json',
'aws_security_token = SESSION_TOKEN',
'aws_session_token = SESSION_TOKEN',
''])
