def test_source_profile_region_mismatch(self):
with ArgvContext(program, '-t', '-p', 'dev'):
# clean up as going to mutate this
self.config.close()
# now start new test case
self.config = tempfile.NamedTemporaryFile()
conf_ini = b"""
[default]
sso_start_url = https://petshop.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789
sso_role_name = Engineering
region = us-east-1
output = json
[profile dev]
role_arn = arn:aws:iam::456789123:role/FullAdmin
source_profile = default
region = ap-southeast-2
output = json
"""
self.config.write(conf_ini)
self.config.seek(0)
self.config.read()
cli.aws_config_file = self.config.name
cli.main()
cred = cli.read_config(self.credentials.name)
tok_now = cred['dev']['aws_session_token']
self.assertEqual(tok_now, 'tok') # assert no update
verify(cli, times=1).invoke(...)
def test_main(self):
with ArgvContext(program, '-p', 'dev', '--debug'):
output = {
'roleCredentials': {
'accessKeyId': 'AAAA4IGTCPYNIZGVJCVW',
'secretAccessKey':
'00GGc0cDG6WzbJIcDlw/gh0BaMOCKK0M/qDtDxR1',
'sessionToken': 'VeryLongBase664String==',
'expiration': datetime.utcnow().timestamp()
}
}
success = True
cli_v2 = 'aws-cli/2.0.9 Python/3.8.2 Darwin/19.4.0 botocore/2.0.0dev13 (MOCK)'
when(cli).invoke(contains('aws --version')).thenReturn(
(success, cli_v2))
when(cli).invoke(
contains('aws sts get-caller-identity')).thenReturn(
(success, 'does-not-matter'))
when(cli).invoke(
contains('aws sso get-role-credentials')).thenReturn(
(success, json.dumps(output)))
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['dev']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=3).invoke(...)
def test_append_cli_global_options(self):
ca_bundle_profile = cli.load_profile_from_config(
"ca_bundle", cli.read_config(self.config.name))
cmd = cli.append_cli_global_options("aws sso get-role-credentials",
ca_bundle_profile)
logger.info(cmd)
self.assertIn('--ca-bundle', cmd)
def test_source_profile_not_sso(self):
with ArgvContext(program, '-t'):
# clean up as going to mutate this
self.config.close()
# now start new test case
self.config = tempfile.NamedTemporaryFile()
conf_ini = b"""
[default]
region = ap-southeast-2
output = json
[profile dev]
role_arn = arn:aws:iam::456789123:role/FullAdmin
source_profile = default
region = ap-southeast-2
output = json
"""
self.config.write(conf_ini)
self.config.seek(0)
self.config.read()
cli.aws_config_file = self.config.name
cli.main()
cred = cli.read_config(self.credentials.name)
tok_now = cred['dev']['aws_session_token']
self.assertEqual(tok_now, 'tok') # assert no update
verify(cli, times=1).invoke(...)
def test_print_export_vars_fail(self):
when(cli).update_profile(...).thenReturn(None)
with ArgvContext(program, '-e', '-t', '-p', 'dev'):
cli.main()
cred = cli.read_config(self.credentials.name)
tok_now = cred['dev']['aws_session_token']
self.assertEqual(tok_now, 'tok') # assert no update
verify(cli, times=1).invoke(...)
def test_print_export_vars(self):
with ArgvContext(program, '-e', '-p', 'dev'):
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['dev']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=3).invoke(...)
def test_ca_bundle(self):
with ArgvContext(program, '-p', 'ca_bundle', '-t'):
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['ca_bundle']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=2).invoke(...)
def test_login_command_default(self):
when(cli).poll(contains('aws sso login'), ...).thenReturn(True)
with ArgvContext(program, '-t', 'login'):
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['default']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=1).poll(...)
def test_profile_prefix(self):
with ArgvContext(program, '-p', 'lab*', 'lab', 'zzz', '--trace'):
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['lab']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
self.assertEqual(4, len(cli.profiles))
verify(cli, times=7).invoke(...)
def test_clipboard_export_vars_2(self):
when(cli.importlib_util).find_spec("pyperclip").thenReturn(None)
with ArgvContext(program, '-t', '-e', '-p', 'dev'):
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['dev']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=2).invoke(...)
def test_credential_not_found(self):
tmp_file = tempfile.NamedTemporaryFile()
tmp_name = tmp_file.name
tmp_file.close()
with ArgvContext(program, '-d', '-p', 'dev'):
cli.aws_shared_credentials_file = tmp_name
cli.main()
cred = cli.read_config(cli.aws_shared_credentials_file)
tok_now = cred['dev']['aws_session_token']
self.assertEqual(tok_now, 'VeryLongBase664String==')
def test_login_command_fail(self):
when(cli).poll(contains('aws sso login'), ...).thenReturn(False)
with ArgvContext(program, '-t', 'login', '--profile', 'dev',
'--this'), self.assertRaises(SystemExit) as x:
cli.main()
self.assertEqual(x.exception.code, 1)
cred = cli.read_config(self.credentials.name)
tok_now = cred['dev']['aws_session_token']
self.assertEqual(tok_now, 'tok') # assert no update
verify(cli, times=1).invoke(...)
def test_login_command_export_vars_2(self):
when(cli).poll(contains('aws sso login'), ...).thenReturn(True)
with ArgvContext(program, '-t', '-e',
'login'), self.assertRaises(SystemExit) as x:
cli.main()
self.assertEqual(x.exception.code, 0)
cred = cli.read_config(self.credentials.name)
new_tok = cred['default']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=1).poll(...)
def test_source_profile_eager_sync(self):
with ArgvContext(program, '-t', '-p', 'dev'):
self.credentials.close()
self.credentials = tempfile.NamedTemporaryFile()
cred_ini = b"""
[default]
region = ap-southeast-2
aws_access_key_id = MOCK
aws_secret_access_key = MOCK
aws_session_token = tok
aws_session_expiration = 2020-05-27T18:21:43+0000
"""
self.credentials.write(cred_ini)
self.credentials.seek(0)
self.credentials.read()
cli.aws_shared_credentials_file = self.credentials.name
self.config.close()
# now start new test case
self.config = tempfile.NamedTemporaryFile()
conf_ini = b"""
[default]
sso_start_url = https://petshop.awsapps.com/start
sso_region = ap-southeast-2
sso_account_id = 123456789
sso_role_name = Engineering
region = ap-southeast-2
output = json
[profile dev]
role_arn = arn:aws:iam::456789123:role/FullAdmin
source_profile = default
region = ap-southeast-2
output = json
"""
self.config.write(conf_ini)
self.config.seek(0)
self.config.read()
cli.aws_config_file = self.config.name
cli.main()
cred = cli.read_config(self.credentials.name)
new_tok = cred['dev']['aws_session_token']
self.assertNotEqual(new_tok, 'tok')
self.assertEqual(new_tok, 'VeryLongBase664String==')
verify(cli, times=6).invoke(...)
def test_sso_get_role_credentials_fail(self):
when(cli).invoke(contains('aws sso get-role-credentials')).thenReturn(
(False, 'does-not-matter'))
cred = cli.update_profile("dev", cli.read_config(self.config.name))
self.assertIsNone(cred)
def test_sso_get_role_credentials_fail(self):
when(cli).invoke(contains('aws sso get-role-credentials')).thenReturn(
(False, 'does-not-matter'))
with self.assertRaises(SystemExit) as x:
cli.update_profile("dev", cli.read_config(self.config.name))
self.assertEqual(x.exception.code, 1)
def test_sts_get_caller_identity_fail(self):
when(cli).invoke(contains('aws sts get-caller-identity')).thenReturn(
(False, 'does-not-matter'))
with self.assertRaises(SystemExit) as x:
cli.update_profile("dev", cli.read_config(self.config.name))
self.assertEqual(x.exception.code, 1)
