def test_log_handler_parses_assertion(mock_requests_session, argv, prompter, client_creator, cache_dir, caplog): session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)]) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % saml_assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--verbose') saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) decoded_assertion = base64.b64decode(saml_assertion).decode('utf-8') expected_assertion = xml.dom.minidom.parseString(decoded_assertion) expected_assertion = expected_assertion.toprettyxml() expected_log = ('awsprocesscreds.saml', logging.INFO, 'Received the following SAML assertion: \n%s' % expected_assertion) assert expected_log in caplog.record_tuples
def test_cli(mock_requests_session, argv, prompter, assertion, client_creator, capsys, cache_dir): session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) stdout, _ = capsys.readouterr() assert stdout.endswith('\n') response = json.loads(stdout) expected_response = { "AccessKeyId": "foo", "SecretAccessKey": "bar", "SessionToken": "baz", "Expiration": mock.ANY, "Version": 1 } assert response == expected_response
def test_verbose(mock_requests_session, argv, prompter, assertion, client_creator, cache_dir): session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--verbose') saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) logger = logging.getLogger('awsprocesscreds') assert logger.level == logging.INFO pretty_handlers = [ h for h in logger.handlers if isinstance(h, PrettyPrinterLogHandler) ] assert len(pretty_handlers) == 1 handler = pretty_handlers[0] assert handler.level == logging.INFO
def test_retrieve_saml_assertion_3(mock_requests_session, argv, prompter, assertion, client_creator, cache_dir): session_token = { 'sessionToken': 'spam', 'status': 'PASSWORD_EXPIRED', '_links': { 'href': 'href' } } token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response with pytest.raises(SAMLError): saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir)
def test_log_handler_parses_dict(mock_requests_session, argv, prompter, client_creator, cache_dir, caplog, mock_pkg_resources): session_token = {'sessionToken': 'spam'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) provider_arn = 'arn:aws:iam::123456789012:saml-provider/Example' role_arn = 'arn:aws:iam::123456789012:role/monty' saml_assertion = create_assertion(['%s, %s' % (provider_arn, role_arn)]) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % saml_assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--verbose') saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) expected_params = { 'PrincipalArn': provider_arn, 'RoleArn': role_arn, 'SAMLAssertion': saml_assertion.decode('utf-8') } expected_log_message = ( 'Retrieving credentials with STS.AssumeRoleWithSaml() using the ' 'following parameters: %s' % json.dumps(expected_params, indent=4, sort_keys=True)) expected_log = ('awsprocesscreds.saml', logging.INFO, expected_log_message) assert expected_log in caplog.record_tuples
def test_retrieve_saml_assertion_1(mock_requests_session, argv, prompter, assertion, client_creator, cache_dir): session_token = { 'sessionToken': 'spam', 'status': 'FAILED', 'errorSummary': 'Testing failure' } token_response = mock.Mock(spec=requests.Response, status_code=401, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response with pytest.raises(SAMLError): saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir)
def test_no_cache(mock_requests_session, argv, prompter, assertion, client_creator, capsys, cache_dir): session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response argv.append('--no-cache') expected_response = { "AccessKeyId": "foo", "SecretAccessKey": "bar", "SessionToken": "baz", "Expiration": mock.ANY, "Version": 1 } call_count = 5 for _ in range(call_count): saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) stdout, _ = capsys.readouterr() assert json.loads(stdout) == expected_response assert mock_requests_session.post.call_count == call_count assert mock_requests_session.get.call_count == call_count assert prompter.call_count == call_count
def test_retrieve_saml_assertion_5(mock_requests_session, argv, prompter, assertion, client_creator, capsys, cache_dir): session_token = {'sessionToken': 'spam', 'status': 'MFA_REQUIRED'} token_response = mock.Mock(spec=requests.Response, status_code=200, text=json.dumps(session_token)) assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>' assertion_form = assertion_form % assertion.decode('ascii') assertion_response = mock.Mock(spec=requests.Response, status_code=200, text=assertion_form) mock_requests_session.post.return_value = token_response mock_requests_session.get.return_value = assertion_response with mock.patch( "awsprocesscreds.saml.OktaAuthenticator.process_mfa_verification", return_value=assertion): saml(argv=argv, prompter=prompter, client_creator=client_creator, cache_dir=cache_dir) stdout, _ = capsys.readouterr() assert stdout.endswith('\n') response = json.loads(stdout) expected_response = { "AccessKeyId": "foo", "SecretAccessKey": "bar", "SessionToken": "baz", "Expiration": mock.ANY, "Version": 1 } assert response == expected_response