def test_insert_after(self): # Sanity check. self.assertEqual(self.small_resolver.available_methods, [ 'boto', 'config', ]) self.small_resolver.insert_after('boto', credentials.EnvProvider()) self.assertEqual(self.small_resolver.available_methods, [ 'boto', 'env', 'config', ]) self.small_resolver.insert_after('config', credentials.OriginalEC2Provider()) self.assertEqual(self.small_resolver.available_methods, [ 'boto', 'env', 'config', 'credentials-file', ]) # Test a failed insert. with self.assertRaises(botocore.exceptions.UnknownCredentialError): self.small_resolver.insert_after( 'foobar', credentials.InstanceMetadataProvider())
def test_retry_errors(self, get): # First attempt we get a connection error. first = mock.Mock() first.side_effect = ConnectionError # Next attempt we get a response with the foobar key. second = mock.Mock() second.status_code = 200 second.content = 'foobar'.encode('utf-8') # Next attempt we get a response with the foobar creds. third = mock.Mock() third.status_code = 200 third.content = json.dumps(raw_metadata['foobar']).encode('utf-8') get.side_effect = [first, second, third] self.session.set_config_variable('metadata_service_num_attempts', 2) iam_creds = credentials.InstanceMetadataProvider(session=self.session) retrieved = iam_creds.load() # Using the property would see an expired set of credentials (old # hardcoded expiry in the response) & try to refresh again, which isn't # what we're testing here. # So we're going to check the private variable here instead of the # public property. self.assertEqual(retrieved._access_key, 'foo')
def test_no_role_creds_exist(self): fetcher = mock.Mock() fetcher.retrieve_iam_role_credentials.return_value = {} provider = credentials.InstanceMetadataProvider( iam_role_fetcher=fetcher) creds = provider.load() self.assertIsNone(creds) fetcher.retrieve_iam_role_credentials.assert_called_with()
def test_request_timeout_occurs(self, get): first = mock.Mock() first.side_effect = ConnectionError self.session.set_config_variable('metadata_service_timeout', 10) iam_creds = credentials.InstanceMetadataProvider(session=self.session) d = iam_creds.load() self.assertEqual(d, None)
def test_timeout_argument_forwarded_to_requests(self, get): first = mock.Mock() first.status_code = 200 first.content = 'foobar'.encode('utf-8') second = mock.Mock() second.status_code = 200 second.content = json.dumps(raw_metadata['foobar']).encode('utf-8') get.side_effect = [first, second] self.session.set_config_variable('metadata_service_timeout', 10) iam_creds = credentials.InstanceMetadataProvider(session=self.session) iam_creds.load() self.assertEqual(get.call_args[1]['timeout'], 10)
def test_load_from_instance_metadata(self): fetcher = mock.Mock() fetcher.retrieve_iam_role_credentials.return_value = { 'access_key': 'a', 'secret_key': 'b', 'token': 'c', 'expiry_time': '2014-04-23T15:24:46Z', 'role_name': 'myrole', } provider = credentials.InstanceMetadataProvider( iam_role_fetcher=fetcher) creds = provider.load() self.assertIsNotNone(creds) self.assertEqual(creds.access_key, 'a') self.assertEqual(creds.secret_key, 'b') self.assertEqual(creds.token, 'c') self.assertEqual(creds.method, 'iam-role')
def test_load_from_instance_metadata(self): timeobj = datetime.now(tzlocal()) timestamp = (timeobj + timedelta(hours=24)).isoformat() fetcher = mock.Mock() fetcher.retrieve_iam_role_credentials.return_value = { 'access_key': 'a', 'secret_key': 'b', 'token': 'c', 'expiry_time': timestamp, 'role_name': 'myrole', } provider = credentials.InstanceMetadataProvider( iam_role_fetcher=fetcher) creds = provider.load() self.assertIsNotNone(creds) self.assertEqual(creds.access_key, 'a') self.assertEqual(creds.secret_key, 'b') self.assertEqual(creds.token, 'c') self.assertEqual(creds.method, 'iam-role')