def test_sts_client(self):
sts = boto.sts.connect_to_region("us-west-2")
sts.get_federation_token(12, duration=10)
spans = self.memory_exporter.get_finished_spans()
assert spans
span = spans[0]
self.assertEqual(span.resource, "sts.getfederationtoken")
self.assertEqual(span.attributes["aws.region"], "us-west-2")
self.assertEqual(span.attributes["aws.operation"],
"GetFederationToken")
# checking for protection on sts against security leak
self.assertTrue("args.path" not in span.attributes.keys())
def test_sts_client(self):
sts = boto.sts.connect_to_region("us-west-2")
Pin(service=self.TEST_SERVICE, tracer=self.tracer).onto(sts)
sts.get_federation_token(12, duration=10)
spans = self.pop_spans()
assert spans
span = spans[0]
assert_is_measured(span)
self.assertEqual(span.get_tag("aws.region"), "us-west-2")
self.assertEqual(span.get_tag("aws.operation"), "GetFederationToken")
self.assertEqual(span.service, "test-boto-tracing.sts")
self.assertEqual(span.resource, "sts.getfederationtoken")
# checking for protection on sts against security leak
self.assertIsNone(span.get_tag("args.path"))
def test_sts_client(self):
sts = boto.sts.connect_to_region('us-west-2')
tracer = get_dummy_tracer()
writer = tracer.writer
Pin(service=self.TEST_SERVICE, tracer=tracer).onto(sts)
sts.get_federation_token(12, duration=10)
spans = writer.pop()
assert spans
span = spans[0]
eq_(span.get_tag('aws.region'), 'us-west-2')
eq_(span.get_tag('aws.operation'), 'GetFederationToken')
eq_(span.service, "test-boto-tracing.sts")
eq_(span.resource, "sts.getfederationtoken")
# checking for protection on sts against security leak
eq_(span.get_tag('args.path'), None)
def test_sts_client(self):
sts = boto.sts.connect_to_region('us-west-2')
writer = self.tracer.writer
Pin(service=self.TEST_SERVICE, tracer=self.tracer).onto(sts)
sts.get_federation_token(12, duration=10)
spans = writer.pop()
assert spans
span = spans[0]
self.assertEqual(span.get_tag('aws.region'), 'us-west-2')
self.assertEqual(span.get_tag('aws.operation'), 'GetFederationToken')
self.assertEqual(span.service, 'test-boto-tracing.sts')
self.assertEqual(span.resource, 'sts.getfederationtoken')
# checking for protection on sts against security leak
self.assertIsNone(span.get_tag('args.path'))
def test_sts_client(self):
sts = boto.sts.connect_to_region('us-west-2')
tracer = get_dummy_tracer()
writer = tracer.writer
Pin(service=self.TEST_SERVICE, tracer=tracer).onto(sts)
sts.get_federation_token(12, duration=10)
spans = writer.pop()
assert spans
span = spans[0]
eq_(span.get_tag('aws.region'), 'us-west-2')
eq_(span.get_tag('aws.operation'), 'GetFederationToken')
eq_(span.service, "test-boto-tracing.sts")
eq_(span.resource, "sts.getfederationtoken")
# checking for protection on sts against security leak
eq_(span.get_tag('args.path'), None)
def get(self):
config = ConfigParser.ConfigParser()
config.read('settings.cfg')
user = users.get_current_user()
# TODO: get keys from config file
sts = boto.sts.connect_to_region(config.get('aws','region'),
aws_access_key_id=config.get('aws','key'),
aws_secret_access_key=config.get('aws','secret'),
validate_certs=False)
# assume the role via federation token ...
assumed_role_object = sts.get_federation_token(user.nickname(),duration=900)
# ... or assume the role via role account
# assumed_role_object = sts.assume_role( role_arn=config.get('aws','role_arn'), role_session_name=config.get('aws','alias') )
# Format resulting temporary credentials into JSON
json_string_with_temp_credentials = '{'
json_string_with_temp_credentials += '"sessionId":"' + assumed_role_object.credentials.access_key + '",'
json_string_with_temp_credentials += '"sessionKey":"' + assumed_role_object.credentials.secret_key + '",'
json_string_with_temp_credentials += '"sessionToken":"' + assumed_role_object.credentials.session_token + '"'
json_string_with_temp_credentials += '}'
# Make request to AWS federation endpoint to get sign-in token. Pass the action and JSON
# document with temporary credentials as parameters.
request_parameters = "?Action=getSigninToken"
request_parameters += "&Session=" + urllib.quote_plus(json_string_with_temp_credentials)
request_url = "https://signin.aws.amazon.com/federation" + request_parameters
r = urllib.urlopen(request_url)
# Returns a JSON document with a single element named SigninToken.
signin_token = json.loads(r.read())
# Create URL that will let users sign in to the console using the
# sign-in token. This URL must be used within 15 minutes of when the
# sign-in token was issued.
request_parameters = "?Action=login"
request_parameters += "&Issuer=Example.org"
request_parameters += "&Destination=" + urllib.quote_plus("https://console.aws.amazon.com/")
request_parameters += "&SigninToken=" + signin_token["SigninToken"]
request_url = "https://signin.aws.amazon.com/federation" + request_parameters
# TODO: parse settings.cfg for redirect url (alias)
# Send final URL to stdout
self.response.out.write('<html><body>%s</body></html>' % assumed_role_object)
self.redirect( str(request_url) )
