def test_insert_after(self):
# Sanity check.
self.assertEqual(self.small_resolver.available_methods, [
'boto',
'config',
])
self.small_resolver.insert_after('boto', credentials.EnvProvider())
self.assertEqual(self.small_resolver.available_methods, [
'boto',
'env',
'config',
])
self.small_resolver.insert_after('config',
credentials.OriginalEC2Provider())
self.assertEqual(self.small_resolver.available_methods, [
'boto',
'env',
'config',
'credentials-file',
])
# Test a failed insert.
with self.assertRaises(botocore.exceptions.UnknownCredentialError):
self.small_resolver.insert_after(
'foobar', credentials.InstanceMetadataProvider())
def test_retry_errors(self, get):
# First attempt we get a connection error.
first = mock.Mock()
first.side_effect = ConnectionError
# Next attempt we get a response with the foobar key.
second = mock.Mock()
second.status_code = 200
second.content = 'foobar'.encode('utf-8')
# Next attempt we get a response with the foobar creds.
third = mock.Mock()
third.status_code = 200
third.content = json.dumps(raw_metadata['foobar']).encode('utf-8')
get.side_effect = [first, second, third]
self.session.set_config_variable('metadata_service_num_attempts', 2)
iam_creds = credentials.InstanceMetadataProvider(session=self.session)
retrieved = iam_creds.load()
# Using the property would see an expired set of credentials (old
# hardcoded expiry in the response) & try to refresh again, which isn't
# what we're testing here.
# So we're going to check the private variable here instead of the
# public property.
self.assertEqual(retrieved._access_key, 'foo')
def test_no_role_creds_exist(self):
fetcher = mock.Mock()
fetcher.retrieve_iam_role_credentials.return_value = {}
provider = credentials.InstanceMetadataProvider(
iam_role_fetcher=fetcher)
creds = provider.load()
self.assertIsNone(creds)
fetcher.retrieve_iam_role_credentials.assert_called_with()
def test_request_timeout_occurs(self, get):
first = mock.Mock()
first.side_effect = ConnectionError
self.session.set_config_variable('metadata_service_timeout', 10)
iam_creds = credentials.InstanceMetadataProvider(session=self.session)
d = iam_creds.load()
self.assertEqual(d, None)
def test_timeout_argument_forwarded_to_requests(self, get):
first = mock.Mock()
first.status_code = 200
first.content = 'foobar'.encode('utf-8')
second = mock.Mock()
second.status_code = 200
second.content = json.dumps(raw_metadata['foobar']).encode('utf-8')
get.side_effect = [first, second]
self.session.set_config_variable('metadata_service_timeout', 10)
iam_creds = credentials.InstanceMetadataProvider(session=self.session)
iam_creds.load()
self.assertEqual(get.call_args[1]['timeout'], 10)
def test_load_from_instance_metadata(self):
fetcher = mock.Mock()
fetcher.retrieve_iam_role_credentials.return_value = {
'access_key': 'a',
'secret_key': 'b',
'token': 'c',
'expiry_time': '2014-04-23T15:24:46Z',
'role_name': 'myrole',
}
provider = credentials.InstanceMetadataProvider(
iam_role_fetcher=fetcher)
creds = provider.load()
self.assertIsNotNone(creds)
self.assertEqual(creds.access_key, 'a')
self.assertEqual(creds.secret_key, 'b')
self.assertEqual(creds.token, 'c')
self.assertEqual(creds.method, 'iam-role')
def test_load_from_instance_metadata(self):
timeobj = datetime.now(tzlocal())
timestamp = (timeobj + timedelta(hours=24)).isoformat()
fetcher = mock.Mock()
fetcher.retrieve_iam_role_credentials.return_value = {
'access_key': 'a',
'secret_key': 'b',
'token': 'c',
'expiry_time': timestamp,
'role_name': 'myrole',
}
provider = credentials.InstanceMetadataProvider(
iam_role_fetcher=fetcher)
creds = provider.load()
self.assertIsNotNone(creds)
self.assertEqual(creds.access_key, 'a')
self.assertEqual(creds.secret_key, 'b')
self.assertEqual(creds.token, 'c')
self.assertEqual(creds.method, 'iam-role')
