def test_get_credentials_cache_key_no_db_groups():
rp: RedshiftProperty = RedshiftProperty()
rp.db_user = "******"
rp.db_name = "1"
rp.cluster_identifier = "6"
rp.auto_create = False
res_cache_key: str = IamHelper.get_credentials_cache_key(rp, None)
assert res_cache_key is not None
assert res_cache_key == "2;1;6;False;900"
def test_get_credentials_cache_key():
rp: RedshiftProperty = RedshiftProperty()
rp.db_user = "******"
rp.db_name = "1"
rp.db_groups = ["4", "3", "5"]
rp.cluster_identifier = "6"
rp.auto_create = False
res_cache_key: str = IamHelper.get_credentials_cache_key(rp)
assert res_cache_key is not None
assert res_cache_key == "2;1;3,4,5;6;False"
def test_set_cluster_credentials_refreshes_stale_credentials(
mock_boto_client, mock_describe_clusters,
mock_get_cluster_credentials):
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
rp: RedshiftProperty = make_redshift_property()
# mock out the boto3 response temporary credentials stored from prior auth (now stale)
mock_cred_obj: typing.Dict[str, typing.Union[str, datetime.datetime]] = {
"DbUser": "******",
"DbPassword": "******",
"Expiration": datetime.datetime(1, 1, 1, tzinfo=tzutc()),
}
# populate the cache
IamHelper.credentials_cache.clear()
IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] = mock_cred_obj
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
assert len(IamHelper.credentials_cache) == 1
# ensure new temporary credentials have been replaced in cache
assert IamHelper.get_credentials_cache_key(
rp, mock_cred_provider) in IamHelper.credentials_cache
assert IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] is not mock_cred_obj
assert mock_boto_client.called is True
mock_boto_client.assert_has_calls([
call().get_cluster_credentials(
AutoCreate=rp.auto_create,
ClusterIdentifier=rp.cluster_identifier,
DbGroups=rp.db_groups,
DbName=rp.db_name,
DbUser=rp.db_user,
)
])
def test_set_cluster_credentials_ignores_cache_when_disabled(
mock_boto_client, mock_describe_clusters,
mock_get_cluster_credentials):
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
rp: RedshiftProperty = make_redshift_property()
rp.iam_disable_cache = True
# mock out the boto3 response temporary credentials stored from prior auth
mock_cred_obj: typing.Dict[str, typing.Union[str, datetime.datetime]] = {
"DbUser": "******",
"DbPassword": "******",
"Expiration": datetime.datetime(9999, 1, 1, tzinfo=tzutc()),
}
# populate the cache
IamHelper.credentials_cache.clear()
IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] = mock_cred_obj
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
assert len(IamHelper.credentials_cache) == 1
assert IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] is mock_cred_obj
assert mock_boto_client.called is True
# we should not have retrieved user/password from the cache
assert rp.user_name != mock_cred_obj["DbUser"]
assert rp.password != mock_cred_obj["DbPassword"]
assert (call().get_cluster_credentials(
AutoCreate=rp.auto_create,
ClusterIdentifier=rp.cluster_identifier,
DbGroups=rp.db_groups,
DbName=rp.db_name,
DbUser=rp.db_user,
) in mock_boto_client.mock_calls)