예제 #1
0
    def test_role_arn_invalid_values(self):
        # role_arn must be a string
        c = configuration.Configuration()
        c.region = "sample_region"
        c.idp_id = "sample_idp_id"
        c.sp_id = "sample_sp_id"
        c.password = "******"
        c.username = "******"
        c.role_arn = 1234
        with self.assertRaises(AssertionError) as e:
            c.raise_if_invalid()
        self.assertIn("Expected role_arn to be None or a string.",
                      str(e.exception))

        # role_arn be a arn-looking string
        c = configuration.Configuration()
        c.region = "sample_region"
        c.idp_id = "sample_idp_id"
        c.sp_id = "sample_sp_id"
        c.password = "******"
        c.username = "******"
        c.role_arn = "bad_string"
        with self.assertRaises(AssertionError) as e:
            c.raise_if_invalid()
        self.assertIn("Expected role_arn to contain 'arn:aws:iam::'",
                      str(e.exception))
예제 #2
0
 def test_unicode_password(self):
     c = configuration.Configuration()
     c.password = u"hunter2"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.raise_if_invalid()
예제 #3
0
    def setUp(self):
        self.c = configuration.Configuration()

        # Pick a profile name that is clear it's for testing. We'll delete it
        # after, but in case something goes wrong we don't want to use
        # something that could clobber user input.
        self.c.profile = "aws_google_auth_test_{}".format(randint(100, 999))

        # Pick a string to do password leakage tests.
        self.c.password = "******".format(
            randint(100, 999))

        self.c.region = "us-east-1"
        self.c.ask_role = False
        self.c.keyring = False
        self.c.duration = 1234
        self.c.idp_id = "sample_idp_id"
        self.c.role_arn = "arn:aws:iam::sample_arn"
        self.c.sp_id = "sample_sp_id"
        self.c.u2f_disabled = False
        self.c.username = "******"
        self.c.raise_if_invalid()
        self.c.write(None)

        self.config_parser = configparser.RawConfigParser()
        self.config_parser.read(self.c.config_file)
예제 #4
0
def resolve_config(args):

    # Shortening Convenience functions
    coalesce = util.Util.coalesce

    # Create a blank configuration object (has the defaults pre-filled)
    config = configuration.Configuration()

    # Have the configuration update itself via the ~/.aws/config on disk.
    # Profile (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.profile = coalesce(args.profile, os.getenv('AWS_PROFILE'),
                              config.profile)

    # Now that we've established the profile, we can read the configuration and
    # fill in all the other variables.
    config.read(config.profile)

    # Ask Role (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.ask_role = bool(
        coalesce(args.ask_role, os.getenv('AWS_ASK_ROLE'), config.ask_role))

    # Duration (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.duration = int(
        coalesce(args.duration, os.getenv('DURATION'), config.duration))

    # IDP ID (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.idp_id = coalesce(args.idp_id, os.getenv('GOOGLE_IDP_ID'),
                             config.idp_id)

    # Region (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.region = coalesce(args.region, os.getenv('AWS_DEFAULT_REGION'),
                             config.region)

    # ROLE ARN (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.role_arn = coalesce(args.role_arn, os.getenv('AWS_ROLE_ARN'),
                               config.role_arn)

    # SP ID (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.sp_id = coalesce(args.sp_id, os.getenv('GOOGLE_SP_ID'),
                            config.sp_id)

    # U2F Disabled (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.u2f_disabled = coalesce(args.disable_u2f, os.getenv('U2F_DISABLED'),
                                   config.u2f_disabled)

    # Resolve AWS aliases enabled (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.resolve_aliases = coalesce(args.resolve_aliases,
                                      os.getenv('RESOLVE_AWS_ALIASES'),
                                      config.resolve_aliases)

    # Username (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.username = coalesce(args.username, os.getenv('GOOGLE_USERNAME'),
                               config.username)

    config.keyring = coalesce(args.keyring, config.keyring)

    config.print_creds = coalesce(args.print_creds, config.print_creds)

    return config
예제 #5
0
 def test_u2f_disabled_is_optional(self):
     c = configuration.Configuration()
     c.password = "******"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     self.assertFalse(c.u2f_disabled)
     c.raise_if_invalid()
예제 #6
0
 def test_region_defaults_to_ap_southeast_2(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.password = "******"
     self.assertEqual(c.region, "ap-southeast-2")
     c.raise_if_invalid()
예제 #7
0
 def test_profile_defaults(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.password = "******"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     self.assertEqual(c.profile, 'sts')
     c.raise_if_invalid()
예제 #8
0
 def test_ask_role_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     c.ask_role = True
     self.assertTrue(c.ask_role)
     c.raise_if_invalid()
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.password = "******"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.ask_role = False
     self.assertFalse(c.ask_role)
     c.raise_if_invalid()
예제 #9
0
    def test_duration_invalid_values(self):
        # Duration must be an integer
        c = configuration.Configuration()
        c.region = "sample_region"
        c.idp_id = "sample_idp_id"
        c.password = "******"
        c.sp_id = "sample_sp_id"
        c.username = "******"
        c.duration = "bad_type"
        c.region = "sample_region"
        with self.assertRaises(AssertionError) as e:
            c.raise_if_invalid()
        self.assertIn("Expected duration to be an integer.", str(e.exception))

        # Duration can not be negative
        c = configuration.Configuration()
        c.region = "sample_region"
        c.idp_id = "sample_idp_id"
        c.sp_id = "sample_sp_id"
        c.password = "******"
        c.username = "******"
        c.duration = -1
        with self.assertRaises(AssertionError) as e:
            c.raise_if_invalid()
        self.assertIn("Expected duration to be greater than or equal to 900.",
                      str(e.exception))

        # Duration can not be greater than MAX_DURATION
        valid = configuration.Configuration()
        valid.idp_id = "sample_idp_id"
        c.password = "******"
        valid.sp_id = "sample_sp_id"
        valid.username = "******"
        valid.duration = 900
        c = configuration.Configuration()
        c.region = "sample_region"
        c.idp_id = "sample_idp_id"
        c.sp_id = "sample_sp_id"
        c.password = "******"
        c.username = "******"
        c.duration = (valid.max_duration + 1)
        with self.assertRaises(AssertionError) as e:
            c.raise_if_invalid()
        self.assertIn(
            "Expected duration to be less than or equal to max_duration",
            str(e.exception))
예제 #10
0
 def test_role_arn_is_optional(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     self.assertIsNone(c.role_arn)
     c.raise_if_invalid()
예제 #11
0
 def test_duration_defaults_to_max_duration(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     self.assertEqual(c.duration, c.max_duration)
     c.raise_if_invalid()
예제 #12
0
 def test_sp_id_invalid_values(self):
     # sp_id must not be None
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.password = "******"
     c.username = "******"
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected sp_id to be set to non-None value.", str(e.exception))
예제 #13
0
 def test_password_invalid_values(self):
     # password must be set
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.username = "******"
     c.sp_id = "sample_sp_id"
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected password to be a string.", str(e.exception))
     # password must be be string
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = 123456
     c.username = "******"
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected password to be a string.", str(e.exception))
예제 #14
0
 def test_ask_role_optional(self):
     c = configuration.Configuration()
     c.region = "sample_region"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     self.assertFalse(c.ask_role)
     c.raise_if_invalid()
예제 #15
0
 def test_u2f_disabled_valid_values(self):
     c = configuration.Configuration()
     c.region = "sample_region"
     c.password = "******"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.u2f_disabled = True
     self.assertTrue(c.u2f_disabled)
     c.raise_if_invalid()
     c = configuration.Configuration()
     c.region = "sample_region"
     c.password = "******"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.u2f_disabled = False
     self.assertFalse(c.u2f_disabled)
     c.raise_if_invalid()
예제 #16
0
 def test_region_defaults_to_none(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.password = "******"
     self.assertEqual(c.region, None)
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected region to be a string.", str(e.exception))
예제 #17
0
 def test_region_invalid_values(self):
     # region must be a string
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     c.region = 1234
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected region to be a string.", str(e.exception))
예제 #18
0
 def test_sp_id_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.password = "******"
     self.assertEqual(c.sp_id, "sample_sp_id")
     c.raise_if_invalid()
     c.sp_id = 123456
     self.assertEqual(c.sp_id, 123456)
     c.raise_if_invalid()
예제 #19
0
 def test_ask_role_invalid_values(self):
     # ask_role must be a boolean
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     c.ask_role = "bad_value"
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected ask_role to be a boolean.", str(e.exception))
예제 #20
0
 def test_u2f_disabled_invalid_values(self):
     # u2f_disabled must be a boolean
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.password = "******"
     c.u2f_disabled = 1234
     with self.assertRaises(AssertionError) as e:
         c.raise_if_invalid()
     self.assertIn("Expected u2f_disabled to be a boolean.", str(e.exception))
예제 #21
0
 def test_region_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     c.region = "us-east-1"
     self.assertEqual(c.region, "us-east-1")
     c.raise_if_invalid()
     c.region = "us-west-2"
     self.assertEqual(c.region, "us-west-2")
     c.raise_if_invalid()
예제 #22
0
 def test_password_valid_values(self):
     c = configuration.Configuration()
     c.region = "sample_region"
     c.password = "******"
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     self.assertEqual(c.password, "hunter2")
     c.raise_if_invalid()
     c.password = "******"
     self.assertEqual(c.password, "123456")
     c.raise_if_invalid()
예제 #23
0
 def test_profile_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.password = "******"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.profile = "default"
     self.assertEqual(c.profile, "default")
     c.raise_if_invalid()
     c.profile = "sts"
     self.assertEqual(c.profile, "sts")
     c.raise_if_invalid()
예제 #24
0
 def test_role_arn_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.username = "******"
     c.password = "******"
     c.role_arn = "arn:aws:iam::some_arn_1"
     self.assertEqual(c.role_arn, "arn:aws:iam::some_arn_1")
     c.raise_if_invalid()
     c.role_arn = "arn:aws:iam::some_other_arn_2"
     self.assertEqual(c.role_arn, "arn:aws:iam::some_other_arn_2")
     c.raise_if_invalid()
예제 #25
0
 def test_duration_valid_values(self):
     c = configuration.Configuration()
     c.idp_id = "sample_idp_id"
     c.sp_id = "sample_sp_id"
     c.password = "******"
     c.username = "******"
     c.duration = 100
     self.assertEqual(c.duration, 100)
     c.raise_if_invalid()
     c.duration = c.max_duration
     self.assertEqual(c.duration, c.max_duration)
     c.raise_if_invalid()
     c.duration = (c.max_duration - 1)
     self.assertEqual(c.duration, c.max_duration - 1)
     c.raise_if_invalid()
예제 #26
0
    def test_can_read_all_values(self):
        test_configuration = configuration.Configuration()
        test_configuration.read(self.c.profile)

        # Reading won't get password, so we need to set for the configuration
        # to be considered valid
        test_configuration.password = "******"

        test_configuration.raise_if_invalid()

        self.assertEqual(test_configuration.profile, self.c.profile)
        self.assertEqual(test_configuration.idp_id, self.c.idp_id)
        self.assertEqual(test_configuration.role_arn, self.c.role_arn)
        self.assertEqual(test_configuration.sp_id, self.c.sp_id)
        self.assertEqual(test_configuration.username, self.c.username)
        self.assertEqual(test_configuration.region, self.c.region)
        self.assertEqual(test_configuration.ask_role, self.c.ask_role)
        self.assertEqual(test_configuration.u2f_disabled, self.c.u2f_disabled)
        self.assertEqual(test_configuration.duration, self.c.duration)
예제 #27
0
def resolve_config(args):

    # Shortening Convenience functions
    coalesce = util.Util.coalesce

    # Create a blank configuration object (has the defaults pre-filled)
    config = configuration.Configuration()

    # Have the configuration update itself via the ~/.aws/config on disk.
    # Profile (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.profile = coalesce(args.profile, os.getenv('AWS_PROFILE'),
                              config.profile)

    # Now that we've established the profile, we can read the configuration and
    # fill in all the other variables.
    config.read(config.profile)

    # Ask Role (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.ask_role = bool(
        coalesce(args.ask_role, os.getenv('AWS_ASK_ROLE'), config.ask_role))

    # Duration (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.duration = int(
        coalesce(args.duration, os.getenv('DURATION'), config.duration))

    # Automatic duration (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.auto_duration = coalesce(args.auto_duration,
                                    os.getenv('AUTO_DURATION'),
                                    config.auto_duration)

    # IDP ID (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.idp_id = coalesce(args.idp_id, os.getenv('GOOGLE_IDP_ID'),
                             config.idp_id)

    # Region (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.region = coalesce(args.region, os.getenv('AWS_DEFAULT_REGION'),
                             config.region)

    # ROLE ARN (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.role_arn = coalesce(args.role_arn, os.getenv('AWS_ROLE_ARN'),
                               config.role_arn)

    # SP ID (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.sp_id = coalesce(args.sp_id, os.getenv('GOOGLE_SP_ID'),
                            config.sp_id)

    # U2F Disabled (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.u2f_disabled = coalesce(args.disable_u2f, os.getenv('U2F_DISABLED'),
                                   config.u2f_disabled)

    # Resolve AWS aliases enabled (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.resolve_aliases = coalesce(args.resolve_aliases,
                                      os.getenv('RESOLVE_AWS_ALIASES'),
                                      config.resolve_aliases)

    # Username (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.username = coalesce(args.username, os.getenv('GOOGLE_USERNAME'),
                               config.username)

    # Shell cmd to get password (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.password_cmd = coalesce(args.password_cmd,
                                   os.getenv('PASSWORD_CMD'),
                                   config.password_cmd)

    # Shell cmd to get password (Option priority = ARGS, ENV_VAR, DEFAULT)
    # e.g. "ssh user@host oathtool --totp -b $(cat authenticator-code)"
    config.token_cmd = coalesce(args.token_cmd, os.getenv('TOKEN_CMD'),
                                config.token_cmd)

    # Account (Option priority = ARGS, ENV_VAR, DEFAULT)
    config.account = coalesce(args.account, os.getenv('AWS_ACCOUNT'),
                              config.account)

    config.keyring = coalesce(args.keyring, config.keyring)

    config.print_creds = coalesce(args.print_creds, config.print_creds)

    # Quiet
    config.quiet = coalesce(args.quiet, config.quiet)

    config.bg_response = coalesce(args.bg_response,
                                  os.getenv('GOOGLE_BG_RESPONSE'),
                                  config.bg_response)

    return config
예제 #28
0
 def valid_config(self):
     return configuration.Configuration(idp_id="IDPID",
                                        sp_id="SPID",
                                        username="******",
                                        password="******")