def test_credentials_are_generated_from_saml(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = Struct({
'credentials':
Struct({
'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'
})
})
mock_sts.connect_to_region.return_value = mock_conn
sys.stdin = StringIO(
saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
]))
cli.main([
'test.py', 'saml', '--profile', 'test-profile', '--region',
'un-south-1'
])
six.assertCountEqual(self, read_config_file(self.TEST_FILE), [
'[test-profile]', 'output = json', 'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN', ''
])
def test_multiple_roles_are_returned(self):
assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP',
'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP'])
assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole',
'principle': 'arn:aws:iam::1111:saml-provider/IDP'},
{'role': 'arn:aws:iam::2222:role/QARole',
'principle': 'arn:aws:iam::2222:saml-provider/IDP'}]
def test_credentials_are_generated_from_saml(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'])
token = Actions.saml_token('un-south-1', assertion)
self.assertEqual(token, stub_token)
def test_white_space_is_removed(self):
assertion = saml_assertion([
' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole '
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def test_principle_can_be_first(self):
assertion = saml_assertion([
'arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def test_roles_are_extracted(self):
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}]
def test_credentials_are_generated_from_saml(self, mock_sts):
stub_token = Struct({'credentials': None})
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = stub_token
mock_sts.connect_to_region.return_value = mock_conn
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'
])
token = Actions.saml_token('un-south-1', assertion)
self.assertEqual(token, stub_token)
def test_multiple_roles_are_returned(self):
assertion = saml_assertion([
'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP',
'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP'
])
assert SamlAssertion(assertion).roles() == [{
'role':
'arn:aws:iam::1111:role/DevRole',
'principle':
'arn:aws:iam::1111:saml-provider/IDP'
}, {
'role':
'arn:aws:iam::2222:role/QARole',
'principle':
'arn:aws:iam::2222:saml-provider/IDP'
}]
def test_credentials_are_generated_from_saml(self, mock_sts):
mock_conn = MagicMock()
mock_conn.assume_role_with_saml.return_value = Struct({'credentials':
Struct({'expiration': 'SAML_TOKEN_EXPIRATION',
'access_key': 'SAML_ACCESS_KEY',
'secret_key': 'SAML_SECRET_KEY',
'session_token': 'SAML_TOKEN'})})
mock_sts.connect_to_region.return_value = mock_conn
sys.stdin = StringIO(saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP']))
cli.main(['test.py', 'saml',
'--profile', 'test-profile',
'--region', 'un-south-1'])
self.assertItemsEqual(read_config_file(self.TEST_FILE),
['[test-profile]',
'output = json',
'region = un-south-1',
'aws_access_key_id = SAML_ACCESS_KEY',
'aws_secret_access_key = SAML_SECRET_KEY',
'aws_security_token = SAML_TOKEN',
'aws_session_token = SAML_TOKEN',
''])
def test_white_space_is_removed(self):
assertion = saml_assertion([' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole '])
assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole',
'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]
def test_principle_can_be_first(self):
assertion = saml_assertion(['arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole'])
assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole',
'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]
def test_roles_are_extracted(self):
assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'])
assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole',
'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]
