def test_generate_credentials(custom_args):
"""Run the tool and generate credentials."""
from tokendito import helpers, settings
# Emulate helpers.process_options() bypassing interactive portions.
tool_args = helpers.setup(custom_args)
helpers.process_ini_file(tool_args.config_file, 'default')
helpers.process_arguments(tool_args)
helpers.process_environment()
if settings.role_arn is None or \
settings.okta_aws_app_url is None or \
settings.mfa_method is None or \
not settings.okta_username or \
not settings.okta_password:
pytest.skip(
'Not enough arguments collected to execute non-interactively.')
# Rebuild argument list
args = [
'--role-arn', '{}'.format(settings.role_arn), '--okta-aws-app-url',
'{}'.format(settings.okta_aws_app_url), '--mfa-method',
'{}'.format(settings.mfa_method), '--mfa-response',
'{}'.format(settings.mfa_response), '--username',
'{}'.format(settings.okta_username), '--password',
'{}'.format(settings.okta_password)
]
executable = ['tokendito'
] # Can use sys.executable -m tokendito, or parametrize
runnable = executable + args
proc = run_process(runnable)
assert not proc['stderr']
assert proc['exit_status'] == 0
def test_generate_credentials(custom_args):
"""Run the tool and generate credentials."""
from tokendito import helpers, settings
import pyotp
# Emulate helpers.process_options() bypassing interactive portions.
tool_args = helpers.setup(custom_args)
helpers.process_ini_file(tool_args.config_file, "default")
helpers.process_arguments(tool_args)
helpers.process_environment()
if (settings.role_arn is None or settings.okta_aws_app_url is None
or settings.mfa_method is None or not settings.okta_username
or not settings.okta_password):
pytest.skip(
"Not enough arguments collected to execute non-interactively.")
# If a token response is present and is not in the usual 6-digit format,
# assume it is a MFA seed and create a valid response from it.
if (settings.mfa_response is not None
and re.match("[0-9]{6}", settings.mfa_response) is None):
totp = pyotp.TOTP(settings.mfa_response, interval=30)
# If there are a few seconds left on the TOTP timer, wait until the next round.
time_remaining = (totp.interval -
datetime.datetime.now().timestamp() % totp.interval)
if time_remaining < 5:
time.sleep(1 + time_remaining)
settings.mfa_response = totp.now()
# Update the environment variable that has been modified, if it exists
# as this may be passed down to a subprocess.
if "MFA_RESPONSE" in environ:
environ["MFA_RESPONSE"] = settings.mfa_response
# Rebuild argument list
args = [
"--role-arn",
"{}".format(settings.role_arn),
"--okta-aws-app-url",
"{}".format(settings.okta_aws_app_url),
"--mfa-method",
"{}".format(settings.mfa_method),
"--mfa-response",
"{}".format(settings.mfa_response),
"--username",
"{}".format(settings.okta_username),
"--password",
"{}".format(settings.okta_password),
]
# run as a local module, as we can't guarantee that the binary is installed.
executable = [sys.executable, "-m", "tokendito"]
runnable = executable + args
proc = run_process(runnable)
assert not proc["stderr"]
assert proc["exit_status"] == 0
def test_process_arguments(valid_settings, invalid_settings):
"""Test whether arguments are correctly set in settings.*."""
from tokendito import helpers, settings
from argparse import Namespace
# Python 2.7 does not support {**dict1, **dict2} for concatenation
args = valid_settings.copy()
args.update(invalid_settings)
helpers.process_arguments(Namespace(**args))
for key_name in valid_settings:
assert getattr(settings, key_name) == valid_settings[key_name]
for key_name in invalid_settings:
assert getattr(settings, key_name, "not_found") == "not_found"
def test_aws_credentials(custom_args):
"""Run the AWS cli to verify whether credentials work."""
from tokendito import helpers, settings
# Emulate helpers.process_options() bypassing interactive portions.
tool_args = helpers.setup(custom_args)
helpers.process_ini_file(tool_args.config_file, 'default')
helpers.process_arguments(tool_args)
helpers.process_environment()
if settings.role_arn is None:
pytest.skip('No AWS profile defined, test will be skipped.')
profile = settings.role_arn.split('/')[-1]
runnable = ['aws', '--profile', profile, 'sts', 'get-caller-identity']
proc = run_process(runnable)
assert not proc['stderr']
assert proc['exit_status'] == 0
def test_aws_credentials(custom_args):
"""Run the AWS cli to verify whether credentials work."""
from tokendito import helpers, settings
# Emulate helpers.process_options() bypassing interactive portions.
tool_args = helpers.setup(custom_args)
helpers.process_ini_file(tool_args.config_file, "default")
helpers.process_arguments(tool_args)
helpers.process_environment()
if not settings.role_arn:
pytest.skip("No AWS profile defined, test will be skipped.")
profile = settings.role_arn.split("/")[-1]
runnable = ["aws", "--profile", profile, "sts", "get-caller-identity"]
proc = run_process(runnable)
assert not proc["stderr"]
assert proc["exit_status"] == 0
def test_generate_credentials(custom_args):
"""Run the tool and generate credentials."""
from tokendito import helpers, settings
# Emulate helpers.process_options() bypassing interactive portions.
tool_args = helpers.setup(custom_args)
helpers.process_ini_file(tool_args.config_file, "default")
helpers.process_arguments(tool_args)
helpers.process_environment()
if (settings.role_arn is None or settings.okta_aws_app_url is None
or settings.mfa_method is None or not settings.okta_username
or not settings.okta_password):
pytest.skip(
"Not enough arguments collected to execute non-interactively.")
# Rebuild argument list
args = [
"--role-arn",
"{}".format(settings.role_arn),
"--okta-aws-app-url",
"{}".format(settings.okta_aws_app_url),
"--mfa-method",
"{}".format(settings.mfa_method),
"--mfa-response",
"{}".format(settings.mfa_response),
"--username",
"{}".format(settings.okta_username),
"--password",
"{}".format(settings.okta_password),
]
executable = ["tokendito"
] # Can use sys.executable -m tokendito, or parametrize
runnable = executable + args
proc = run_process(runnable)
assert not proc["stderr"]
assert proc["exit_status"] == 0