def test_read_awsume_session_from_file(self, mock_parse_session_string,
mock_os_path_isfile, mock_open):
mock_file = mock.Mock()
mock_file.read = mock.Mock()
mock_open.return_value = mock_file
mock_parse_session_string.return_value = 'awsume-session'
path = './path'
name = 'name'
mock_os_path_isfile.return_value = False
self.assertEqual(awsumepy.read_awsume_session_from_file(path, name),
collections.OrderedDict())
mock_os_path_isfile.return_value = True
self.assertEqual(awsumepy.read_awsume_session_from_file(path, name),
'awsume-session')
def scan_through_auto_refresh_profiles(credentialsProfiles):
"""
credentialsProfiles - the dict of profiles to scan through;
loop through the `credentialsProfiles`, find any that are 'auto-refresh-' profiles,
refresh/remove any expired ones, and return when the earliest session-expiration will happen
"""
for profile in credentialsProfiles:
expirationList = []
#if we're looking at an auto-refreshed profile
if 'auto-refresh-' in profile:
#get the cache filename (the file that contains source_profile credentials)
cacheFileName = credentialsProfiles[profile]['awsume_cache_file']
#get the source profile's credentials
sourceProfileCredentials = awsumepy.read_awsume_session_from_file(
AWS_CACHE_DIRECTORY, cacheFileName)
#if credentials are not expired
if sourceProfileCredentials['Expiration'] > datetime.datetime.now(
):
try:
#refresh the session
refreshedCredentials = refresh_session(
sourceProfileCredentials,
credentialsProfiles[profile]['aws_role_arn'],
cacheFileName + '-auto-awsume-session')
except Exception as e:
#if refreshing the session failed, remove that profile
print(
"autoAwsume: Refreshing profile [" +
profile.replace('auto-refresh-', '') +
"] failed. That profile will no longer be auto-refreshed."
)
print(str(e))
awsumepy.remove_auto_awsume_profile_by_name(
profile.replace('auto-refresh-', ''),
AWS_CREDENTIALS_FILE)
else:
#write the session
awsumepy.write_auto_awsume_session(
profile, refreshedCredentials, cacheFileName,
credentialsProfiles[profile]['aws_role_arn'],
AWS_CREDENTIALS_FILE)
expirationList.append(
min(sourceProfileCredentials['Expiration'],
refreshedCredentials['Expiration']))
#if credentials are expired
else:
awsumepy.remove_auto_awsume_profile_by_name(
profile.replace('auto-refresh-', ''), AWS_CREDENTIALS_FILE)
if expirationList:
return min(expirationList)
else:
return datetime.datetime.now()