def test_mfacredentialfetcher__durationseconds_can_be_provided( future_time, source_credentials): response = { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': future_time.isoformat(), }, } client_creator = create_client_creator(with_response=response) refresher = awscli_plugin.MfaCredentialFetcher( client_creator, source_credentials, extra_args={ 'SerialNumber': 'arn:aws:iam::123456789012:mfa/[email protected]', 'DurationSeconds': 1234, }, mfa_prompter=prompter, ) refresher.fetch_credentials() client = client_creator.return_value assert client.get_session_token.call_args_list == [ mock.call( SerialNumber='arn:aws:iam::123456789012:mfa/[email protected]', DurationSeconds=1234, TokenCode='123456', ), ]
def test_mfacredentialfetcher__retrieves_from_cache(source_credentials): date_in_future = datetime.utcnow() + timedelta(seconds=1000) utc_timestamp = date_in_future.isoformat() + 'Z' cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414' cache = { cache_key: { 'Credentials': { 'AccessKeyId': 'foo-cached', 'SecretAccessKey': 'bar-cached', 'SessionToken': 'baz-cached', 'Expiration': utc_timestamp, }, }, } client_creator = mock.Mock() refresher = awscli_plugin.MfaCredentialFetcher( client_creator, source_credentials, extra_args={ 'SerialNumber': 'arn:aws:iam::123456789012:mfa/[email protected]' }, mfa_prompter=prompter, cache=cache, ) expected_response = get_expected_creds_from_response(cache[cache_key]) response = refresher.fetch_credentials() assert response == expected_response assert client_creator.call_args_list == []
def test_mfacredentialfetcher__cache_key_is_windows_safe( future_time, source_credentials): response = { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': future_time.isoformat(), }, } cache = {} client_creator = create_client_creator(with_response=response) refresher = awscli_plugin.MfaCredentialFetcher( client_creator, source_credentials, extra_args={ 'SerialNumber': 'arn:aws:iam::123456789012:mfa/[email protected]' }, mfa_prompter=prompter, cache=cache, ) refresher.fetch_credentials() # On windows, you cannot use a a ':' in the filename, so # we need to make sure that it doesn't make it into the cache key. cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414' assert cache_key in cache assert cache[cache_key] == response
def test_mfacredentialfetcher__in_cache_but_expired(future_time, source_credentials): response = { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': future_time.isoformat(), }, } client_creator = create_client_creator(with_response=response) cache_key = 'fd031790cd3ad1181b0ebf9d7dfafdba7e760414' cache = { cache_key: { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': datetime.now(tzlocal()), }, }, } refresher = awscli_plugin.MfaCredentialFetcher( client_creator, source_credentials, extra_args={ 'SerialNumber': 'arn:aws:iam::123456789012:mfa/[email protected]' }, mfa_prompter=prompter, cache=cache, ) expected_response = get_expected_creds_from_response(response) response = refresher.fetch_credentials() assert response == expected_response
def test_mfacredentialfetcher__datetime(future_time, source_credentials): response = { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': future_time, # NOTE: no isoformat() }, } client_creator = create_client_creator(with_response=response) refresher = awscli_plugin.MfaCredentialFetcher( client_creator, source_credentials, extra_args={ 'SerialNumber': 'arn:aws:iam::123456789012:mfa/[email protected]' }, mfa_prompter=prompter, ) expected_response = get_expected_creds_from_response(response) response = refresher.fetch_credentials() assert response == expected_response