def saml_token(region, assertion, **kwargs): assertion = SamlAssertion(assertion) roles = assertion.roles() if kwargs.get('role_arn', False): for i, role in enumerate(roles): if role['role'] == kwargs['role_arn']: role = roles[i] break elif len(roles) > 1: print('Please select the role you would like to assume:') for i, role in enumerate(roles): print('[{}] - {}'.format(i, role['role'])) while True: # We use getpass() instead of input() here because we are already listening for stdin as part of # read_stdin() selectedroleindex = getpass('Selection: ') try: role = roles[int(selectedroleindex)] break except (IndexError, ValueError): print('Invalid selection, please try again...') else: role = roles[0] conn = boto.sts.connect_to_region(region, anon=True) return conn.assume_role_with_saml(role['role'], role['principle'], assertion.encode())
def saml_token(region, assertion, **kwargs): assertion = SamlAssertion(assertion) role = assertion.roles()[0] conn = boto.sts.connect_to_region(region, anon=True) return conn.assume_role_with_saml(role['role'], role['principle'], assertion.encode())
def test_white_space_is_removed(self): assertion = saml_assertion([ ' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole ' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def test_principle_can_be_first(self): assertion = saml_assertion([ 'arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def test_roles_are_extracted(self): assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def saml_token(region, assertion, **kwargs): assertion = SamlAssertion(assertion) roles = assertion.roles() if len(roles) > 1: print('Please select the role you would like to assume:') for i, role in enumerate(roles): print('[{}] - {}'.format(i, role['role'])) while True: # We use getpass() instead of input() here because we are already listening for stdin as part of # read_stdin() selectedroleindex = getpass('Selection: ') try: role = roles[int(selectedroleindex)] break except (IndexError, ValueError): print('Invalid selection, please try again...') else: role = roles[0] conn = boto.sts.connect_to_region(region, anon=True) return conn.assume_role_with_saml(role['role'], role['principle'], assertion.encode())
def test_multiple_roles_are_returned(self): assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP', 'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }, { 'role': 'arn:aws:iam::2222:role/QARole', 'principle': 'arn:aws:iam::2222:saml-provider/IDP' }]
def test_assertion_is_encoded(self): assert SamlAssertion( "test encoding").encode() == b'dGVzdCBlbmNvZGluZw=='