def test_parse_arn_with_region_and_account(self):
"""Assert successful account ID parsing from a well-formed ARN."""
mock_account_id = helper.generate_dummy_aws_account_id()
mock_arn = helper.generate_dummy_arn(account_id=mock_account_id,
region="test-region-1")
arn_object = AwsArn(mock_arn)
partition = arn_object.partition
self.assertIsNotNone(partition)
service = arn_object.service
self.assertIsNotNone(service)
region = arn_object.region
self.assertIsNotNone(region)
account_id = arn_object.account_id
self.assertIsNotNone(account_id)
resource_type = arn_object.resource_type
self.assertIsNotNone(resource_type)
resource_separator = arn_object.resource_separator
self.assertIsNotNone(resource_separator)
resource = arn_object.resource
self.assertIsNotNone(resource)
reconstructed_arn = ("arn:" + partition + ":" + service + ":" +
region + ":" + str(account_id) + ":" +
resource_type + resource_separator + resource)
self.assertEqual(mock_account_id, account_id)
self.assertEqual(mock_arn, reconstructed_arn)
def get_session(arn, region_name='us-east-1'):
"""
Return a session using the customer AWS account role ARN.
Args:
arn (str): Amazon Resource Name to use for assuming a role.
region_name (str): Default AWS Region to associate newly
created clients with.
Returns:
boto3.Session: A temporary session tied to a customer account
"""
sts = boto3.client('sts')
awsarn = AwsArn(arn)
response = sts.assume_role(
Policy=json.dumps(cloudigrade_policy),
RoleArn='{0}'.format(awsarn),
RoleSessionName='cloudigrade-{0}'.format(awsarn.account_id)
)
response = response['Credentials']
return boto3.Session(
aws_access_key_id=response['AccessKeyId'],
aws_secret_access_key=response['SecretAccessKey'],
aws_session_token=response['SessionToken'],
region_name=region_name
)
def test_parse_arn_with_custom_resource_type(self):
"""Assert valid ARN when resource type contains extra characters."""
mock_arn = "arn:aws:fakeserv:test-reg-1:012345678901:test.res type:foo"
arn_object = AwsArn(mock_arn)
resource_type = arn_object.resource_type
self.assertIsNotNone(resource_type)
resource = arn_object.resource
self.assertIsNotNone(resource)
def test_parse_arn_without_region_or_account(self):
"""Assert successful ARN parsing without a region or an account id."""
mock_arn = helper.generate_dummy_arn(account_id='')
arn_object = AwsArn(mock_arn)
region = arn_object.region
self.assertEqual(region, None)
account_id = arn_object.account_id
self.assertEqual(account_id, None)
def test_parse_arn_with_slash_separator(self):
"""Assert successful ARN parsing with a slash separator."""
mock_arn = helper.generate_dummy_arn(resource_separator="/")
arn_object = AwsArn(mock_arn)
resource_type = arn_object.resource_type
self.assertIsNotNone(resource_type)
resource_separator = arn_object.resource_separator
self.assertEqual(resource_separator, "/")
resource = arn_object.resource
self.assertIsNotNone(resource)
def test_error_from_invalid_arn(self):
"""Assert error in account ID parsing from a badly-formed ARN."""
mock_arn = faker.Faker().text()
with self.assertRaises(InvalidArn):
AwsArn(mock_arn)
def test_arn_requires_non_empty_account_id(self):
"""Assert ARN parsing with empty account id raises InvalidArn."""
mock_arn = helper.generate_dummy_arn(account_id="")
with self.assertRaises(InvalidArn):
AwsArn(mock_arn)