def test_authenticate(self, mock_saml_fetcher, mock_json_file_cache):
mock_saml_fetcher().fetch_credentials.return_value = CREDENTIALS
auth = Authenticate(self.OPTIONS)
credentials = auth.authenticate()
mock_json_file_cache.assert_called_once_with()
assert credentials == CREDENTIALS
def test_fetcher(self, mock_okta, mock_print_tty, mock_client):
self.OPTIONS["--role"] = "arn:aws:iam::2:role/Role-One"
mock_okta().get_saml_response.return_value = SAML_RESPONSE
mock_cache = MagicMock()
authenticate = Authenticate(self.OPTIONS)
fetcher = SAMLFetcher(authenticate, cache=mock_cache)
fetcher.fetch_credentials()
def test_extends_by_file(self, mock_userfile, mock_cwdfile):
authenticate = Authenticate(self.OPTIONS)
config = authenticate.get_configuration(options={})
self.assertEqual('okta-env1', config['AWS_OKTA_ENVIRONMENT'])
self.assertEqual('okta-user1', config['AWS_OKTA_USER'])
self.assertEqual('okta-pass1', config['AWS_OKTA_PASS'])
self.assertEqual('org1-from-home', config['AWS_OKTA_ORGANIZATION'])
def test_get_key_dict(self):
authenticate = Authenticate(self.OPTIONS)
key_dict = authenticate.get_key_dict()
self.assertEqual(
key_dict, {
"Organization": self.OPTIONS["--organization"],
"User": self.OPTIONS["--user"],
"Key": self.OPTIONS["--key"],
})
def test_run(self, mock_print):
auth = Authenticate(self.OPTIONS)
auth.authenticate = (lambda: CREDENTIALS)
auth.run()
mock_print.assert_called_once_with(
'{"AccessKeyId": "access_key_id", '
'"SecretAccessKey": "secret_access_key", '
'"SessionToken": "session_token", '
'"Version": 1}')
def test_output_export_command_for_windows(self):
""" Tests the export command for windows operating system """
auth = Authenticate(self.OPTIONS)
credentials = {
"AccessKeyId": "XXXXX",
"SecretAccessKey": "YYYYY",
"SessionToken": "ZZZZZ"
}
self.assertNotIsInstance(
auth.nt_output(credentials).index("$env:"), ValueError)
def test_run_linux(self, mock_print, mock_os):
mock_os.name = "linux"
self.OPTIONS["--environment"] = True
auth = Authenticate(self.OPTIONS)
auth.authenticate = (lambda: CREDENTIALS)
auth.run()
mock_print.assert_called_once_with(
"export AWS_ACCESS_KEY_ID='access_key_id' && "
"export AWS_SECRET_ACCESS_KEY='secret_access_key' && "
"export AWS_SESSION_TOKEN='session_token'")
def test_output_export_command_with_fish_as_target_shell(self):
""" Tests the export command for fish shell """
self.OPTIONS["--target-shell"] = "fish"
auth = Authenticate(self.OPTIONS)
credentials = {
"AccessKeyId": "XXXXX",
"SecretAccessKey": "YYYYY",
"SessionToken": "ZZZZZ"
}
self.assertNotIsInstance(
auth.unix_output(credentials).index("set --export"), ValueError)
def test_get_app_roles(self, mock_get_app_roles):
mock_get_app_roles.return_value = ("accounts", None, "app-url", "jdoe", 'test-org')
authenticate = Authenticate(self.OPTIONS)
fetcher = SAMLFetcher(authenticate, cache={})
actual = fetcher.get_app_roles()
self.assertEqual({
'Accounts': 'accounts',
'Application': 'app-url',
'Organization': 'test-org',
'User': '******'
}, actual)
def test_output_export_command_with_default_target_shell(self):
""" Tests the export command for bash (default target shell) """
auth = Authenticate(self.OPTIONS)
credentials = {
"AccessKeyId": "XXXXX",
"SecretAccessKey": "YYYYY",
"SessionToken": "ZZZZZ"
}
self.assertNotIsInstance(
auth.unix_output(credentials).index("export "), ValueError)
self.assertNotIsInstance(
auth.unix_output(credentials).index(" && "), ValueError)
def test_fetcher_should_prompt_all_accounts(
self,
mock_okta,
mock_prompt,
mock_prompt_print_tty,
mock_print_tty,
mock_client
):
def assume_role_side_effect(*args, **kwargs):
if kwargs['RoleArn'] == 'arn:aws:iam::1:role/Role-One':
return {
'Credentials': {
'AccessKeyId': 'test-key1',
'SecretAccessKey': 'test-secret1',
'SessionToken': 'test-token1',
'Expiration': datetime(2020, 4, 17, 12, 0, 0, 0)
}
}
raise RuntimeError('invalid RoleArn')
self.OPTIONS["--pass"] = '******'
mock_c = mock.Mock()
mock_c.assume_role_with_saml.side_effect = assume_role_side_effect
mock_okta().get_saml_response.return_value = SAML_RESPONSE
mock_client.return_value = mock_c
authenticate = Authenticate(self.OPTIONS)
fetcher = SAMLFetcher(authenticate, cache={})
creds = fetcher.fetch_credentials()
self.assertDictEqual({
'AccessKeyId': 'test-key1',
'Expiration': '2020-04-17T12:00:00',
'SecretAccessKey': 'test-secret1',
'SessionToken': 'test-token1'
}, creds)
self.assertEqual(7, mock_prompt_print_tty.call_count)
MagicMock.assert_has_calls(mock_prompt_print_tty, [
call('Select AWS Role:'),
call('Account: 1', indents=0),
call('[ 1 ] Role-One', indents=1),
call('[ 2 ] Role-Two', indents=1),
call('Account: 2', indents=0),
call('[ 3 ] Role-One', indents=1),
call('Selection: ', newline=False)
])
def test_get_pass_config(self):
self.OPTIONS["--pass"] = "******"
authenticate = Authenticate(self.OPTIONS)
assert authenticate.get_pass() == "user_pass_two"
def test_get_configuration_env(self):
os.environ["AWS_OKTA_ENVIRONMENT"] = "1"
auth = Authenticate(self.OPTIONS)
del os.environ["AWS_OKTA_ENVIRONMENT"]
assert auth.configuration["AWS_OKTA_ENVIRONMENT"] == "1"