def test_authenticated_and_second_factor_failure_returns_no_roles(self): # given an user with valid password valid_user = '******' valid_password = '******' authenticated_response = self._http_response() authenticated_response.status_code = 200 html_roles_fetcher.fetch_html_encoded_roles = lambda **kwargs: \ (authenticated_response, self.http_session) # and there was second factor authentication failure authenticator._strategy = ( lambda *args: ( lambda: (self.empty_principal_roles, self.empty_assertion, self.irrelevant_session_duration) ) ) # when calls authenticator principal_roles, _, _ = authenticator.authenticate(self.irrelevant_config, valid_user, valid_password) # then there are no principal roles assert principal_roles is None
def test_not_authenticated_returns_no_assertion(self): # given an user with invalid password or just invalid user invalid_user = '******' invalid_password = '******' not_authenticated_response = self._http_response() not_authenticated_response.status_code = 403 html_roles_fetcher.fetch_html_encoded_roles = lambda **kwargs: \ (not_authenticated_response, self.http_session) authenticator._strategy = ( lambda *args: ( lambda: (self.empty_principal_roles, self.empty_assertion, self.irrelevant_session_duration) ) ) forbidden_response = self._http_response() forbidden_response.status_code = 403 self.http_session.post = lambda *args, **kwargs: forbidden_response # when calls authenticator _, assertion, _ = authenticator.authenticate(self.irrelevant_config, invalid_user, invalid_password) # then assert assertion is None
def test_returns_aws_roles_allowed_for_an_user_along_with_account_alias( self): # given a valid user valid_user = '******' valid_password = '******' authenticated_response = self._http_response() authenticated_response.status_code = 200 self.http_session.post = lambda *args, **kwargs: authenticated_response html_roles_fetcher.fetch_html_encoded_roles = lambda **kwargs: \ (authenticated_response, self.http_session) authenticator._strategy = ( lambda *args: (lambda: (self.valid_principal_roles, self.valid_assertion, self.irrelevant_session_duration))) # and its accounts expected_roles_cases = [ { 'account1': { 'iam_arn1': 'role_name1' }, }, { 'account1': { 'iam_arn1': 'role_name1' }, 'account2': { 'iam_arn2': 'role_name2' }, }, { 'account1': { 'iam_arn1': 'role_name1', 'iam_arn2': 'role_name2' }, 'account2': { 'iam_arn2': 'role_name2' }, }, ] for expected_roles in expected_roles_cases: authenticator._aggregate_roles_by_account_alias = lambda *args: expected_roles # when calls authenticator principal_roles, _, _ = authenticator.authenticate( self.irrelevant_config, valid_user, valid_password) # then there are aim roles assert principal_roles is not None # and they equals expected ones assert principal_roles == expected_roles