def test_get_bad_type_selection(self, *args): """ Invalid string selection of two roles """ roles = [ ('idp1', 'arn:aws:iam::123577191723:role/KalturaAdmin'), ('idp2', 'arn:aws:iam::271867855970:role/BoxAdmin'), ] with self.assertRaises(InvalidSelection): get_selection(roles)
def test_get_2of2_selections(self, *args): """ Select the second of two roles """ roles = [ ('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'), ('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'), ] self.assertEqual(get_selection(roles), roles[1])
def test_selections_bad_profile_role(self, *args): """ If a bad Profile role is set, then get_selection prompts the user. """ profile_role = 'arn:aws:iam::617683844790:role/BadRole' roles = [ ('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'), ('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'), ] with patch('sys.stdout', new=StringIO()): with self.assertLogs('awscli_login.util', 'ERROR') as cm: get_selection(roles, profile_role) error = ERROR_INVALID_PROFILE_ROLE % profile_role self.assertEqual( cm.output, ["ERROR:awscli_login.util:%s" % error], )
def test_get_single_selection(self, mock_input): """ When a single role is returned by the IdP do not ask for input """ roles = [('idp', 'arn:aws:iam::224588347132:role/KalturaAdmin')] with patch('sys.stdout', new=StringIO()) as mock_stdout: self.assertEqual(get_selection(roles), roles[0]) mock_input.assert_not_called() output = mock_stdout.getvalue() self.assertEqual(output, "", "get_selection printed output:" "\n%s\n----\n" % output)
def test_selections_profile_role(self, *args): """ Profile role is selected when valid and present """ roles = [ ('idp1', 'arn:aws:iam::224588347132:role/KalturaAdmin'), ('idp2', 'arn:aws:iam::617683844790:role/BoxAdmin'), ] profile_role = roles[1][1] with patch('sys.stdout', new=StringIO()) as stdout: role = get_selection(roles, profile_role) self.assertEqual( stdout.getvalue(), '', 'User was prompted for a selection ' 'even though the Profile role was set!') self.assertEqual(role, roles[1], 'Profile role was not selected!')
def main(profile: Profile, session: Session): is_parent = True try: client = boto3.client('sts') # TODO force-refresh should kill refresh! if not profile.force_refresh: profile.raise_if_logged_in() # Must know username to lookup cookies profile.get_username() try: saml, roles = refresh( profile.ecp_endpoint_url, profile.cookies, ) except Exception: creds = profile.get_credentials() saml, roles = authenticate( profile.ecp_endpoint_url, profile.cookies, *creds, ) role = get_selection(roles) expires = save_sts_token(session, client, saml, role) if not profile.force_refresh: is_parent = daemonize(profile, session, client, role, expires) except Exception as e: raise finally: if not is_parent: logger.info('Exiting refresh process')
def test_get_empty_selection(self, *args): """ Attempt to select from an empty role set """ with self.assertRaises(SAML): get_selection([])