def test_get_credentials_role_duration_auto_refresh_exit( aws_lib: MagicMock, create_autoawsume_profile: MagicMock, safe_print: MagicMock): config = {} arguments = argparse.Namespace( target_profile_name='role', external_id='myexternalid', role_duration='43200', role_arn=None, session_name='mysessionname', mfa_token='123123', force_refresh=True, auto_refresh=True, region=None, ) profiles = { 'role': { 'role_arn': 'myrolearn', 'source_profile': 'user', }, 'user': { 'aws_access_key_id': 'AKIA...', 'aws_secret_access_key': 'SECRET', 'mfa_serial': 'mymfaserial', }, } with pytest.raises(SystemExit): default_plugins.get_credentials(config, arguments, profiles) safe_print.assert_called()
def test_get_credentials_role_from_cli(aws_lib: MagicMock, create_autoawsume_profile: MagicMock, assume_role_from_cli: MagicMock): config = {} arguments = argparse.Namespace( target_profile_name='user', external_id='myexternalid', role_duration=None, role_arn='myrolearn', source_profile=None, session_name='mysessionname', mfa_token='123123', force_refresh=True, auto_refresh=False, region=None, ) profiles = { 'role': { 'role_arn': 'myrolearn', 'source_profile': 'user', }, 'user': { 'aws_access_key_id': 'AKIA...', 'aws_secret_access_key': 'SECRET', }, } result = default_plugins.get_credentials(config, arguments, profiles) assert result == assume_role_from_cli.return_value
def test_get_credentials_no_mfa_user(aws_lib: MagicMock, create_autoawsume_profile: MagicMock): config = {} arguments = argparse.Namespace( target_profile_name='user', external_id='myexternalid', role_duration=None, role_arn=None, session_name='mysessionname', mfa_token='123123', force_refresh=True, auto_refresh=False, region=None, ) profiles = { 'role': { 'role_arn': 'myrolearn', 'source_profile': 'user', }, 'user': { 'aws_access_key_id': 'AKIA...', 'aws_secret_access_key': 'SECRET', }, } result = default_plugins.get_credentials(config, arguments, profiles) aws_lib.get_session_token.assert_not_called() aws_lib.assume_role.assert_not_called() assert result == { 'AccessKeyId': 'AKIA...', 'SecretAccessKey': 'SECRET', 'SessionToken': None, 'Region': None, }
def test_get_credentials_auto_refresh(aws_lib: MagicMock, create_autoawsume_profile: MagicMock): config = {} arguments = argparse.Namespace( target_profile_name='role', external_id='myexternalid', role_duration=None, role_arn=None, session_name='mysessionname', mfa_token='123123', force_refresh=True, auto_refresh=True, region=None, output_profile=None, ) profiles = { 'role': { 'role_arn': 'myrolearn', 'source_profile': 'user', }, 'user': { 'aws_access_key_id': 'AKIA...', 'aws_secret_access_key': 'SECRET', 'mfa_serial': 'mymfaserial', }, } aws_lib.assume_role.return_value = { 'SourceExpiration': '2077-10-24', } result = default_plugins.get_credentials(config, arguments, profiles) aws_lib.get_session_token.assert_called_with( { 'AccessKeyId': 'AKIA...', 'SecretAccessKey': 'SECRET', 'SessionToken': None, 'Region': None }, region=None, mfa_serial='mymfaserial', mfa_token='123123', ignore_cache=True, duration_seconds=None, ) aws_lib.assume_role.assert_called_with( aws_lib.get_session_token.return_value, 'myrolearn', 'mysessionname', region=None, external_id='myexternalid', role_duration=0, ) assert result == aws_lib.assume_role.return_value