def test_exec_setups_environment_variables(self, mock_popen): token = Struct({ 'credentials': Struct({ 'access_key': 'TEST_ACCESS_KEY', 'secret_key': 'TEST_SECRET_KEY', 'session_token': 'TEST_TOKEN', 'expiration': 'TEST_EXPIRATION' }) }) with mock.patch('os.environ') as mock_env: mock_env.copy.return_value = {} Actions.exec_with_credentials('un-south-1', 'echo hello', token) mock_popen.assert_called_with( ['echo', 'hello'], env={ 'AWS_ACCESS_KEY_ID': 'TEST_ACCESS_KEY', 'AWS_DEFAULT_REGION': 'un-south-1', 'AWS_SECRET_ACCESS_KEY': 'TEST_SECRET_KEY', 'AWS_SESSION_TOKEN': 'TEST_TOKEN' }, shell=False)
def test_mfa_is_passed_to_sts(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn arn = 'arn:role/developer' session_name = 'dev-session' Actions.user_token('un-south-1', arn, session_name, mfa_serial_number='arn:11111', mfa_token='123456') mock_conn.assume_role.assert_called_with(arn, session_name, mfa_serial_number='arn:11111', mfa_token='123456')
def test_exec_setups_environment_variables(self, mock_popen): token = Struct({'credentials': Struct({'access_key': 'TEST_ACCESS_KEY', 'secret_key': 'TEST_SECRET_KEY', 'session_token': 'TEST_TOKEN', 'expiration': 'TEST_EXPIRATION'})}) with mock.patch('os.environ') as mock_env: mock_env.copy.return_value = {} Actions.exec_with_credentials('un-south-1', 'echo hello', token) mock_popen.assert_called_with(['echo', 'hello'], env={'AWS_ACCESS_KEY_ID': 'TEST_ACCESS_KEY', 'AWS_DEFAULT_REGION': 'un-south-1', 'AWS_SECRET_ACCESS_KEY': 'TEST_SECRET_KEY', 'AWS_SESSION_TOKEN': 'TEST_TOKEN'}, shell=False)
def test_credentials_are_generated_from_saml(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP']) token = Actions.saml_token('un-south-1', assertion) self.assertEqual(token, stub_token)
def test_credentials_are_generated_from_token(self): token = Struct({'credentials': Struct({'access_key': 'SAML_ACCESS_KEY', 'secret_key': 'SAML_SECRET_KEY', 'session_token': 'SAML_TOKEN', 'expiration': 'TEST_EXPIRATION'})}) Actions.persist_credentials(self.TEST_FILE, 'test-profile', 'un-south-1', token, True) self.assertItemsEqual(read_config_file(self.TEST_FILE), ['[test-profile]', 'output = json', 'region = un-south-1', 'aws_access_key_id = SAML_ACCESS_KEY', 'aws_secret_access_key = SAML_SECRET_KEY', 'aws_security_token = SAML_TOKEN', 'aws_session_token = SAML_TOKEN', ''])
def test_credentials_are_generated_from_token(self): token = Struct({ 'credentials': Struct({ 'access_key': 'SAML_ACCESS_KEY', 'secret_key': 'SAML_SECRET_KEY', 'session_token': 'SAML_TOKEN', 'expiration': 'TEST_EXPIRATION' }) }) Actions.persist_credentials(self.TEST_FILE, 'test-profile', 'un-south-1', token, True) six.assertCountEqual(self, read_config_file(self.TEST_FILE), [ '[test-profile]', 'output = json', 'region = un-south-1', 'aws_access_key_id = SAML_ACCESS_KEY', 'aws_secret_access_key = SAML_SECRET_KEY', 'aws_security_token = SAML_TOKEN', 'aws_session_token = SAML_TOKEN', '' ])
def test_credentials_are_generated_from_saml(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP' ]) token = Actions.saml_token('un-south-1', assertion) self.assertEqual(token, stub_token)
def test_credentials_are_generated_from_user(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn arn = 'arn:role/developer' session_name = 'dev-session' token = Actions.user_token('un-south-1', arn, session_name) mock_conn.assume_role.assert_called_with(arn, session_name, mfa_serial_number=None, mfa_token=None) self.assertEqual(token, stub_token)
def user_action(args): token_action(args)(Actions.user_token(**args))
def saml_action(args): args['assertion'] = read_stdin() token_action(args)(Actions.saml_token(**args))
def token_action(args): if args['exec_command']: return Actions.exec_handler(**args) return Actions.credentials_handler(**args)