def test_url_with_role(self, mock_create_client):
mock_create_client.return_value = self.mock_sts_client
generator = TokenGenerator(self._session)
url = generator._get_presigned_url(
CLUSTER_NAME, "arn:aws:iam::012345678910:role/RoleArn", REGION)
print("URL: " + url)
self.assert_url_correct(url, True)
def test_token_sess(self):
generator = TokenGenerator(REGION, self._assuming_handler)
token = generator.get_token(CLUSTER_NAME, "RoleArn")
prefix = token[:len(TOKEN_PREFIX)]
self.assertEqual(prefix, TOKEN_PREFIX)
token_no_prefix = token[len(TOKEN_PREFIX):]
decrypted_token = base64.urlsafe_b64decode(
token_no_prefix.encode()).decode()
self.assert_url_correct(decrypted_token, True)
def test_token_no_role(self):
generator = TokenGenerator(self._session)
token = generator.get_token(CLUSTER_NAME, None, REGION)
prefix = token[:len(TOKEN_PREFIX)]
self.assertEqual(prefix, TOKEN_PREFIX)
token_no_prefix = token[len(TOKEN_PREFIX):]
decrypted_token = base64.urlsafe_b64decode(
token_no_prefix.encode()).decode()
self.assert_url_correct(decrypted_token, False)
def test_token_sess(self):
generator = TokenGenerator(REGION, self._assuming_handler)
token = generator.get_token(CLUSTER_NAME, "RoleArn")
prefix = token[:len(TOKEN_PREFIX)]
self.assertEqual(prefix, TOKEN_PREFIX)
token_no_prefix = token[len(TOKEN_PREFIX):]
decrypted_token = base64.urlsafe_b64decode(
token_no_prefix.encode()
).decode()
self.assert_url_correct(decrypted_token, True)
def test_token_sess(self, mock_create_client):
mock_create_client.return_value = self.mock_sts_client
generator = TokenGenerator(self._session)
token = generator.get_token(CLUSTER_NAME,
"arn:aws:iam::012345678910:role/RoleArn",
REGION)
prefix = token[:len(TOKEN_PREFIX)]
self.assertEqual(prefix, TOKEN_PREFIX)
token_no_prefix = token[len(TOKEN_PREFIX):]
decrypted_token = base64.urlsafe_b64decode(
token_no_prefix.encode()).decode()
self.assert_url_correct(decrypted_token, True)
def run(self):
super().run()
region_name = self.get_variable('AWS_REGION')
role_arn = self.get_variable('ROLE_ARN')
session_name = self.get_variable('SESSION_NAME')
cluster_name = self.get_variable('CLUSTER_NAME')
chart = self.get_variable('CHART')
release_name = self.get_variable('RELEASE_NAME')
namespace = self.get_variable('NAMESPACE')
set = self.get_variable('SET')
values = self.get_variable('VALUES')
session = botocore.session.get_session()
eks_client_factory = EKSClientFactory(session)
eks_client = eks_client_factory.get_eks_client(
region_name=region_name,
role_arn=role_arn,
role_session_name=session_name)
# Role Session Name is hardcoded to EKSGetTokenAuth
# I do not patch this method for compatibility reasons
sts_client_factory = STSClientFactory(session)
sts_client = sts_client_factory.get_sts_client(region_name=region_name,
role_arn=role_arn)
cluster = eks_client.describe_cluster(name=cluster_name)
token = TokenGenerator(sts_client).get_token(cluster_name)
self._create_kubeconfig(cluster, token)
# Add Bitbucket Pipeline environment
for bitbucket_env in ('bitbucket_build_number', 'bitbucket_repo_slug',
'bitbucket_commit', 'bitbucket_tag',
'bitbucket_step_triggerer_uuid'):
if bitbucket_env.upper() in self.env:
env_value = os.environ[bitbucket_env.upper()]
if bitbucket_env == 'bitbucket_step_triggerer_uuid':
env_value = env_value.replace('{', '').replace('}', '')
set.append(f'"bitbucket.{bitbucket_env}={env_value}"')
try:
helm_client = HelmClient(chart)
helm_client.namespace = namespace
helm_client.release = release_name
helm_client.set = set
helm_client.values = values
helm_client_result = helm_client.install()
except HelmChartNotFoundError as error:
self.fail(message=f'No valid helm chart found at path {error}')
except HelmError as error:
self.fail(message=error)
self.success(message=helm_client_result)
def get_token(cluster_name: str, role_arn: str = None) -> dict:
sts_client = client_factory.get_sts_client(role_arn=role_arn)
token = TokenGenerator(sts_client).get_token(cluster_name)
return {
"kind": "ExecCredential",
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"spec": {},
"status": {
"expirationTimestamp": get_expiration_time(),
"token": token
}
}
def test_url_sess(self):
generator = TokenGenerator(REGION, self._assuming_handler)
url = generator._get_presigned_url(CLUSTER_NAME, "RoleArn")
print("URL: " + url)
self.assert_url_correct(url, True)
def test_url(self):
generator = TokenGenerator(REGION, self._session_handler)
url = generator._get_presigned_url(CLUSTER_NAME, None)
self.assert_url_correct(url, False)
def test_token_no_padding(self, mock_presigned_url):
generator = TokenGenerator(self._sts_client)
tok = generator.get_token(self._cluster_name)
self.assertTrue('=' not in tok)
def test_token_no_padding(self, mock_presigned_url):
generator = TokenGenerator(self._session)
tok = generator.get_token(CLUSTER_NAME, None, REGION)
self.assertTrue('=' not in tok)
def test_url_no_region(self):
self._session.set_config_variable('region', 'us-east-1')
generator = TokenGenerator(self._session)
url = generator._get_presigned_url(CLUSTER_NAME, None, None)
self.assert_url_correct(url, False)
def test_token_no_padding(self, mock_presigned_url):
generator = TokenGenerator(REGION, self._session_handler)
tok = generator.get_token(CLUSTER_NAME, None)
self.assertTrue('=' not in tok)
def test_url_sess(self):
generator = TokenGenerator(REGION, self._assuming_handler)
url = generator._get_presigned_url(CLUSTER_NAME, "RoleArn")
print("URL: " + url)
self.assert_url_correct(url, True)
def test_url(self):
generator = TokenGenerator(REGION, self._session_handler)
url = generator._get_presigned_url(CLUSTER_NAME, None)
self.assert_url_correct(url, False)