def test_init_okta_with_empty_input(self, okta_mock, _config_mock):
okta_mock.EmptyInput = BaseException
okta_mock.OktaSaml = mock.MagicMock()
okta_mock.OktaSaml.side_effect = okta.EmptyInput
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
with self.assertRaises(SystemExit):
keyman.init_okta('troz')
def test_auth_okta_unknown_error(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.UnknownError
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_handle_multiple_roles_single_role_match(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.selector_menu = mock.MagicMock()
keyman.selector_menu.return_value = 0
roles = [
{"account": "acct1", "role_name": "role1", "roleIdx": 0},
{"account": "acct1", "role_name": "role2", "roleIdx": 1},
{"account": "acct2", "role_name": "role1", "roleIdx": 2},
{"account": "acct2", "role_name": "role2", "roleIdx": 3},
]
mock_session = mock.MagicMock()
mock_session.available_roles.return_value = roles
keyman.config.account = "acct1"
keyman.config.role = "role2"
assert keyman.handle_multiple_roles(mock_session)
assert keyman.role == 1
keyman.selector_menu.assert_not_called()
mock_session.assert_has_calls(
[
mock.call.available_roles(),
],
)
def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_handle_multiple_roles_no_match_role(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.selector_menu = mock.MagicMock()
keyman.selector_menu.return_value = 0
roles = ([{
'account': 'acct1',
'role_name': 'role1',
'roleIdx': 0
}, {
'account': 'acct1',
'role_name': 'role2',
'roleIdx': 1
}, {
'account': 'acct2',
'role_name': 'role1',
'roleIdx': 2
}])
mock_session = mock.MagicMock()
mock_session.available_roles.return_value = roles
keyman.config.account = 'role3'
keyman.config.role = None
assert not keyman.handle_multiple_roles(mock_session)
keyman.selector_menu.assert_not_called()
mock_session.assert_has_calls([mock.call.available_roles()])
def test_auth_okta_bad_password(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.InvalidPassword
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_handle_appid_selection(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar"])
keyman.config.accounts = [
{"name": "myAccount", "appid": "myID"},
{"name": "myAccount", "appid": "myID"},
]
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name="selector_menu")
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.handle_appid_selection()
keyman.selector_menu.assert_has_calls(
[
mock.call(
[
{"name": "myAccount", "appid": "myID"},
{"name": "myAccount", "appid": "myID"},
],
[{"name": "Account"}],
),
],
)
keyman.config.set_appid_from_account_id.assert_has_calls(
[
mock.call(0),
],
)
def test_init_okta(self, okta_mock, _config_mock):
okta_mock.OktaSaml = mock.MagicMock()
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.init_okta('troz')
okta_mock.OktaSaml.assert_has_calls(
[mock.call(mock.ANY, mock.ANY, 'troz', duo_factor=mock.ANY)])
def test_auth_okta(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.return_value = None
ret = keyman.auth_okta()
self.assertEqual(ret, None)
def test_auth_okta(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.return_value = None
ret = keyman.auth_okta()
self.assertEqual(ret, None)
def test_handle_duo_factor_selection(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar'])
keyman.config.accounts = [{'name': 'myAccount', 'appid': 'myID'}]
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name='selector_menu')
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
ret = keyman.handle_duo_factor_selection()
keyman.selector_menu.assert_has_calls([
mock.call([{
'name': '📲 Duo Push',
'factor': 'push'
}, {
'name': '📟 OTP Passcode',
'factor': 'passcode'
}, {
'name': '📞 Phone call',
'factor': 'call'
}], [{
'name': 'Duo Factor'
}])
])
self.assertEqual(ret, 'push')
def test_selector_menu(self, _config_mock):
keyman = Keyman(['foo'])
Keyman.generate_template = mock.MagicMock()
Keyman.print_selector_table = mock.MagicMock()
keyman.user_input = mock.MagicMock()
keyman.user_input.side_effect = ['invalid', '', 0]
stuff = [{'artist': 'Metallica'}, {'artist': 'Soundgarden'}]
header = [{'artist': 'Artist'}]
ret = keyman.selector_menu(stuff, header)
self.assertEqual(ret, 0)
keyman.user_input.assert_has_calls([
mock.call('Selection: '),
mock.call('Selection: '),
mock.call('Selection: ')
])
Keyman.generate_template.assert_has_calls([
mock.call([{
'artist': 'Metallica'
}, {
'artist': 'Soundgarden'
}], [{
'artist': 'Artist'
}]),
])
Keyman.print_selector_table.assert_has_calls([
mock.call(mock.ANY, [{
'artist': 'Artist'
}], [{
'artist': 'Metallica'
}, {
'artist': 'Soundgarden'
}]),
])
def test_handle_appid_selection(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar'])
keyman.config.accounts = [{
'name': 'myAccount',
'appid': 'myID'
}, {
'name': 'myAccount',
'appid': 'myID'
}]
keyman.config.appid = None
keyman.selector_menu = mock.MagicMock(name='selector_menu')
keyman.selector_menu.return_value = 0
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.handle_appid_selection()
keyman.selector_menu.assert_has_calls([
mock.call([{
'name': 'myAccount',
'appid': 'myID'
}, {
'name': 'myAccount',
'appid': 'myID'
}], [{
'name': 'Account'
}])
])
keyman.config.set_appid_from_account_id.assert_has_calls(
[mock.call(0)])
def test_auth_okta_bad_password(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.InvalidPassword
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_auth_okta_unknown_error(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.UnknownError
with self.assertRaises(SystemExit):
keyman.auth_okta()
def test_handle_multiple_roles(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.selector_menu = mock.MagicMock()
keyman.selector_menu.return_value = 0
roles = [
{"account": "acct1", "role_name": "role1", "roleIdx": 0},
{"account": "acct1", "role_name": "role2", "roleIdx": 1},
]
mock_session = mock.MagicMock()
mock_session.available_roles.return_value = roles
keyman.config.account = None
keyman.config.role = None
keyman.handle_multiple_roles(mock_session)
keyman.selector_menu.assert_has_calls(
[
mock.call(
roles,
[{"account": "Account"}, {"role_name": "Role"}],
),
],
)
mock_session.assert_has_calls(
[
mock.call.available_roles(),
],
)
def test_start_session_okta_failure(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.get_assertion.side_effect = okta.UnknownError
with self.assertRaises(okta.UnknownError):
keyman.start_session()
def test_handle_multiple_roles(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.selector_menu = mock.MagicMock()
keyman.selector_menu.return_value = 0
roles = ([{
'account': 'acct1',
'role_name': 'role1',
'roleIdx': 0
}, {
'account': 'acct1',
'role_name': 'role2',
'roleIdx': 1
}])
mock_session = mock.MagicMock()
mock_session.available_roles.return_value = roles
keyman.config.account = None
keyman.config.role = None
keyman.handle_multiple_roles(mock_session)
keyman.selector_menu.assert_has_calls([
mock.call(roles, [{
'account': 'Account'
}, {
'role_name': 'Role'
}])
])
mock_session.assert_has_calls([mock.call.available_roles()])
def test_init_okta_with_oktapreview(self, okta_mock, _config_mock):
okta_mock.OktaSaml = mock.MagicMock()
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.config.oktapreview = True
keyman.init_okta('troz')
okta_mock.OktaSaml.assert_has_calls(
[mock.call(mock.ANY, mock.ANY, 'troz', oktapreview=True)])
def test_start_session_xml_failure(self, session_mock, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
xml_error = xml.etree.ElementTree.ParseError()
session_mock.side_effect = xml_error
with self.assertRaises(aws.InvalidSaml):
keyman.start_session()
def test_user_password_cache_get_success(self, pass_mock, _config_mock,
keyring_kr_mock, keyring_pw_mock):
keyman = Keyman('')
keyman.config.password_cache = True
keyman.config.password_reset = False
keyring_pw_mock.return_value = 'test'
self.assertEqual('test', keyman.user_password())
assert not pass_mock.called
def test_handle_appid_selection_one_account(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar'])
keyman.config.accounts = [{'name': 'myAccount', 'appid': 'myID'}]
keyman.config.appid = None
keyman.config.set_appid_from_account_id = mock.MagicMock()
keyman.handle_appid_selection()
keyman.config.set_appid_from_account_id.assert_has_calls(
[mock.call(0)])
def test_init_okta_with_empty_input(self, okta_mock, _config_mock):
okta_mock.EmptyInput = BaseException
okta_mock.OktaSaml = mock.MagicMock()
okta_mock.OktaSaml.side_effect = okta.EmptyInput
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
with self.assertRaises(SystemExit):
keyman.init_okta("troz")
def test_aws_auth_loop(self, config_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.aws_auth_loop()
keyman.start_session.assert_has_calls(
[mock.call(), mock.call().assume_role()])
def test_wrap_up_noop(self, config_mock):
config_mock().command = None
config_mock().console = None
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.log = mock.MagicMock()
keyman.wrap_up(None)
keyman.log.assert_has_calls([mock.call.info('All done! 👍')])
def test_aws_auth_loop_exception(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = Exception()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
assert keyman.start_session.called
def test_wrap_up_with_command(self, config_mock, os_mock):
config_mock().command = 'echo w00t'
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
fake_session = mock.MagicMock()
fake_session.export_creds_to_var_string.return_value = 'foo'
keyman.wrap_up(fake_session)
fake_session.assert_has_calls([mock.call.export_creds_to_var_string()])
os_mock.assert_has_calls([mock.call.system('foo echo w00t')])
def test_user_password_cache_unavailable(self, pass_mock, _config_mock,
keyring_kr_mock, keyring_pw_mock):
keyman = Keyman('')
keyman.config.password_cache = True
keyman.config.password_reset = False
keyring_kr_mock.side_effect = keyring.errors.InitError
pass_mock.getpass.return_value = 'test'
self.assertEqual('test', keyman.user_password())
assert not keyring_pw_mock.called
def test_init_okta(self, okta_mock, _config_mock):
okta_mock.OktaSaml = mock.MagicMock()
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.init_okta("troz")
okta_mock.OktaSaml.assert_has_calls(
[
mock.call(mock.ANY, mock.ANY, "troz", duo_factor=mock.ANY),
],
)
def test_aws_auth_loop_exception(self, config_mock, _sleep_mock):
config_mock().reup = False
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.start_session = mock.MagicMock()
keyman.start_session.side_effect = Exception()
with self.assertRaises(Exception):
keyman.aws_auth_loop()
assert keyman.start_session.called
