def saml_token(region, assertion, **kwargs):
assertion = SamlAssertion(assertion)
roles = assertion.roles()
if kwargs.get('role_arn', False):
for i, role in enumerate(roles):
if role['role'] == kwargs['role_arn']:
role = roles[i]
break
elif len(roles) > 1:
print('Please select the role you would like to assume:')
for i, role in enumerate(roles):
print('[{}] - {}'.format(i, role['role']))
while True:
# We use getpass() instead of input() here because we are already listening for stdin as part of
# read_stdin()
selectedroleindex = getpass('Selection: ')
try:
role = roles[int(selectedroleindex)]
break
except (IndexError, ValueError):
print('Invalid selection, please try again...')
else:
role = roles[0]
conn = boto.sts.connect_to_region(region, anon=True)
return conn.assume_role_with_saml(role['role'], role['principle'],
assertion.encode())
def saml_token(region, assertion, **kwargs):
assertion = SamlAssertion(assertion)
role = assertion.roles()[0]
conn = boto.sts.connect_to_region(region, anon=True)
return conn.assume_role_with_saml(role['role'], role['principle'],
assertion.encode())
def test_white_space_is_removed(self):
assertion = saml_assertion([
' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole '
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def test_principle_can_be_first(self):
assertion = saml_assertion([
'arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def test_roles_are_extracted(self):
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def saml_token(region, assertion, **kwargs):
assertion = SamlAssertion(assertion)
roles = assertion.roles()
if len(roles) > 1:
print('Please select the role you would like to assume:')
for i, role in enumerate(roles):
print('[{}] - {}'.format(i, role['role']))
while True:
# We use getpass() instead of input() here because we are already listening for stdin as part of
# read_stdin()
selectedroleindex = getpass('Selection: ')
try:
role = roles[int(selectedroleindex)]
break
except (IndexError, ValueError):
print('Invalid selection, please try again...')
else:
role = roles[0]
conn = boto.sts.connect_to_region(region, anon=True)
return conn.assume_role_with_saml(role['role'], role['principle'],
assertion.encode())
def test_multiple_roles_are_returned(self):
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP',
'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}, {
'role':
'arn:aws:iam::2222:role/QARole',
'principle':
'arn:aws:iam::2222:saml-provider/IDP'
}]
def test_assertion_is_encoded(self):
assert SamlAssertion(
"test encoding").encode() == b'dGVzdCBlbmNvZGluZw=='
