def test_log_handler_parses_assertion(mock_requests_session, argv, prompter, client_creator, cache_dir, caplog): session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)]) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % saml_assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--verbose') saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) decoded_assertion = base64.b64decode(saml_assertion).decode('utf-8') expected_assertion = xml.dom.minidom.parseString(decoded_assertion) expected_assertion = expected_assertion.toprettyxml() expected_log = ('awsprocesscreds.saml', logging.INFO, 'Received the following SAML assertion: \n%s' % expected_assertion) assert expected_log in caplog.record_tuples
def test_datetime_cache_is_always_serialized(self, fetcher, cache, mock_botocore_client, mock_authenticator): expiration = datetime.now(tzlocal()) + timedelta(days=1) mock_botocore_client.assume_role_with_saml.return_value = { 'Credentials': { 'AccessKeyId': 'foo', 'SecretAccessKey': 'bar', 'SessionToken': 'baz', 'Expiration': expiration }, } provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion( ['%s, %s' % (provider_arn, role_arn)]) retrieve = mock_authenticator.retrieve_saml_assertion retrieve.return_value = saml_assertion fetcher.fetch_credentials() cache_key = '0cebd512540a4f5fe2edce26319cf1cf3138684f' cache_expiration = cache[cache_key]['Credentials']['Expiration'] assert not isinstance(cache_expiration, datetime) assert cache_expiration == expiration.isoformat()
def test_cache_key_is_windows_safe(self, fetcher, cache, mock_authenticator): provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion( ['%s, %s' % (provider_arn, role_arn)]) retrieve = mock_authenticator.retrieve_saml_assertion retrieve.return_value = saml_assertion fetcher.fetch_credentials() cache_key = '0cebd512540a4f5fe2edce26319cf1cf3138684f' assert cache_key in cache
def test_arns_stripped(self, fetcher, mock_authenticator): provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion( ['%s, %s' % (provider_arn, role_arn)]) retrieve = mock_authenticator.retrieve_saml_assertion retrieve.return_value = saml_assertion creds = fetcher.fetch_credentials() assert creds['AccessKeyId'] == 'foo' assert creds['SecretAccessKey'] == 'bar' assert creds['SessionToken'] == 'baz'
def test_cache_key_is_windows_safe(self, fetcher, cache, mock_authenticator): provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion( ['%s, %s' % (provider_arn, role_arn)]) retrieve = mock_authenticator.retrieve_saml_assertion retrieve.return_value = saml_assertion fetcher.fetch_credentials() cache_key = 'af7a32316c966f76d660f9610c0ec56d91bb2f03' assert cache_key in cache
def test_log_handler_parses_dict(mock_requests_session, argv, prompter, client_creator, cache_dir, caplog, mock_pkg_resources): session_token = {'sessionToken': 'spam'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)]) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % saml_assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--verbose') saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) expected_params = { 'PrincipalArn': provider_arn, 'RoleArn': role_arn, 'SAMLAssertion': saml_assertion.decode('utf-8') } expected_log_message = ( 'Retrieving credentials with STS.AssumeRoleWithSaml() using the ' 'following parameters: %s' % json.dumps(expected_params, indent=4, sort_keys=True)) expected_log = ('awsprocesscreds.saml', logging.INFO, expected_log_message) assert expected_log in caplog.record_tuples