def test_exec_setups_environment_variables(self, mock_popen):
token = Struct({
'credentials':
Struct({
'access_key': 'TEST_ACCESS_KEY',
'secret_key': 'TEST_SECRET_KEY',
'session_token': 'TEST_TOKEN',
'expiration': 'TEST_EXPIRATION'
})
})
with mock.patch('os.environ') as mock_env:
mock_env.copy.return_value = {}
Actions.exec_with_credentials('un-south-1', 'echo hello', token)
mock_popen.assert_called_with(
['echo', 'hello'],
env={
'AWS_ACCESS_KEY_ID': 'TEST_ACCESS_KEY',
'AWS_DEFAULT_REGION': 'un-south-1',
'AWS_SECRET_ACCESS_KEY': 'TEST_SECRET_KEY',
'AWS_SESSION_TOKEN': 'TEST_TOKEN'
},
shell=False)
def test_mfa_is_passed_to_sts(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
Actions.user_token('un-south-1',
arn, session_name,
mfa_serial_number='arn:11111',
mfa_token='123456')
mock_conn.assume_role.assert_called_with(arn, session_name,
mfa_serial_number='arn:11111',
mfa_token='123456')
def test_exec_setups_environment_variables(self, mock_popen):
token = Struct({'credentials':
Struct({'access_key': 'TEST_ACCESS_KEY',
'secret_key': 'TEST_SECRET_KEY',
'session_token': 'TEST_TOKEN',
'expiration': 'TEST_EXPIRATION'})})
with mock.patch('os.environ') as mock_env:
mock_env.copy.return_value = {}
Actions.exec_with_credentials('un-south-1',
'echo hello', token)
mock_popen.assert_called_with(['echo', 'hello'],
env={'AWS_ACCESS_KEY_ID': 'TEST_ACCESS_KEY',
'AWS_DEFAULT_REGION': 'un-south-1',
'AWS_SECRET_ACCESS_KEY': 'TEST_SECRET_KEY',
'AWS_SESSION_TOKEN': 'TEST_TOKEN'},
shell=False)
def test_mfa_is_passed_to_sts(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
Actions.user_token('un-south-1',
arn,
session_name,
mfa_serial_number='arn:11111',
mfa_token='123456')
mock_conn.assume_role.assert_called_with(arn,
session_name,
mfa_serial_number='arn:11111',
mfa_token='123456')
def test_credentials_are_generated_from_saml(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'])
token = Actions.saml_token('un-south-1', assertion)
self.assertEqual(token, stub_token)
def test_credentials_are_generated_from_token(self):
token = Struct({'credentials':
Struct({'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN',
'expiration': 'TEST_EXPIRATION'})})
Actions.persist_credentials(self.TEST_FILE,
'test-profile',
'un-south-1', token, True)
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[test-profile]',
'output = json',
'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN',
''])
def test_credentials_are_generated_from_token(self):
token = Struct({
'credentials':
Struct({
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN',
'expiration': 'TEST_EXPIRATION'
})
})
Actions.persist_credentials(self.TEST_FILE, 'test-profile',
'un-south-1', token, True)
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test-profile]', 'output = json', 'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN', ''
])
def test_credentials_are_generated_from_saml(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
])
token = Actions.saml_token('un-south-1', assertion)
self.assertEqual(token, stub_token)
def test_credentials_are_generated_from_user(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
token = Actions.user_token('un-south-1', arn, session_name)
mock_conn.assume_role.assert_called_with(arn,
session_name,
mfa_serial_number=None,
mfa_token=None)
self.assertEqual(token, stub_token)
def test_credentials_are_generated_from_user(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
arn = 'arn:role/developer'
session_name = 'dev-session'
token = Actions.user_token('un-south-1',
arn, session_name)
mock_conn.assume_role.assert_called_with(arn, session_name,
mfa_serial_number=None,
mfa_token=None)
self.assertEqual(token, stub_token)
def user_action(args):
token_action(args)(Actions.user_token(**args))
def saml_action(args):
args['assertion'] = read_stdin()
token_action(args)(Actions.saml_token(**args))
def token_action(args):
if args['exec_command']:
return Actions.exec_handler(**args)
return Actions.credentials_handler(**args)
def user_action(args):
token_action(args)(Actions.user_token(**args))
def saml_action(args):
args['assertion'] = read_stdin()
token_action(args)(Actions.saml_token(**args))
def token_action(args):
if args['exec_command']:
return Actions.exec_handler(**args)
return Actions.credentials_handler(**args)
