def test_source_profile_region_mismatch(self): with ArgvContext(program, '-t', '-p', 'dev'): # clean up as going to mutate this self.config.close() # now start new test case self.config = tempfile.NamedTemporaryFile() conf_ini = b""" [default] sso_start_url = https://petshop.awsapps.com/start sso_region = us-east-1 sso_account_id = 123456789 sso_role_name = Engineering region = us-east-1 output = json [profile dev] role_arn = arn:aws:iam::456789123:role/FullAdmin source_profile = default region = ap-southeast-2 output = json """ self.config.write(conf_ini) self.config.seek(0) self.config.read() cli.aws_config_file = self.config.name cli.main() cred = cli.read_config(self.credentials.name) tok_now = cred['dev']['aws_session_token'] self.assertEqual(tok_now, 'tok') # assert no update verify(cli, times=1).invoke(...)
def test_main(self): with ArgvContext(program, '-p', 'dev', '--debug'): output = { 'roleCredentials': { 'accessKeyId': 'AAAA4IGTCPYNIZGVJCVW', 'secretAccessKey': '00GGc0cDG6WzbJIcDlw/gh0BaMOCKK0M/qDtDxR1', 'sessionToken': 'VeryLongBase664String==', 'expiration': datetime.utcnow().timestamp() } } success = True cli_v2 = 'aws-cli/2.0.9 Python/3.8.2 Darwin/19.4.0 botocore/2.0.0dev13 (MOCK)' when(cli).invoke(contains('aws --version')).thenReturn( (success, cli_v2)) when(cli).invoke( contains('aws sts get-caller-identity')).thenReturn( (success, 'does-not-matter')) when(cli).invoke( contains('aws sso get-role-credentials')).thenReturn( (success, json.dumps(output))) cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['dev']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=3).invoke(...)
def test_append_cli_global_options(self): ca_bundle_profile = cli.load_profile_from_config( "ca_bundle", cli.read_config(self.config.name)) cmd = cli.append_cli_global_options("aws sso get-role-credentials", ca_bundle_profile) logger.info(cmd) self.assertIn('--ca-bundle', cmd)
def test_source_profile_not_sso(self): with ArgvContext(program, '-t'): # clean up as going to mutate this self.config.close() # now start new test case self.config = tempfile.NamedTemporaryFile() conf_ini = b""" [default] region = ap-southeast-2 output = json [profile dev] role_arn = arn:aws:iam::456789123:role/FullAdmin source_profile = default region = ap-southeast-2 output = json """ self.config.write(conf_ini) self.config.seek(0) self.config.read() cli.aws_config_file = self.config.name cli.main() cred = cli.read_config(self.credentials.name) tok_now = cred['dev']['aws_session_token'] self.assertEqual(tok_now, 'tok') # assert no update verify(cli, times=1).invoke(...)
def test_print_export_vars_fail(self): when(cli).update_profile(...).thenReturn(None) with ArgvContext(program, '-e', '-t', '-p', 'dev'): cli.main() cred = cli.read_config(self.credentials.name) tok_now = cred['dev']['aws_session_token'] self.assertEqual(tok_now, 'tok') # assert no update verify(cli, times=1).invoke(...)
def test_print_export_vars(self): with ArgvContext(program, '-e', '-p', 'dev'): cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['dev']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=3).invoke(...)
def test_ca_bundle(self): with ArgvContext(program, '-p', 'ca_bundle', '-t'): cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['ca_bundle']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=2).invoke(...)
def test_login_command_default(self): when(cli).poll(contains('aws sso login'), ...).thenReturn(True) with ArgvContext(program, '-t', 'login'): cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['default']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=1).poll(...)
def test_profile_prefix(self): with ArgvContext(program, '-p', 'lab*', 'lab', 'zzz', '--trace'): cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['lab']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') self.assertEqual(4, len(cli.profiles)) verify(cli, times=7).invoke(...)
def test_clipboard_export_vars_2(self): when(cli.importlib_util).find_spec("pyperclip").thenReturn(None) with ArgvContext(program, '-t', '-e', '-p', 'dev'): cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['dev']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=2).invoke(...)
def test_credential_not_found(self): tmp_file = tempfile.NamedTemporaryFile() tmp_name = tmp_file.name tmp_file.close() with ArgvContext(program, '-d', '-p', 'dev'): cli.aws_shared_credentials_file = tmp_name cli.main() cred = cli.read_config(cli.aws_shared_credentials_file) tok_now = cred['dev']['aws_session_token'] self.assertEqual(tok_now, 'VeryLongBase664String==')
def test_login_command_fail(self): when(cli).poll(contains('aws sso login'), ...).thenReturn(False) with ArgvContext(program, '-t', 'login', '--profile', 'dev', '--this'), self.assertRaises(SystemExit) as x: cli.main() self.assertEqual(x.exception.code, 1) cred = cli.read_config(self.credentials.name) tok_now = cred['dev']['aws_session_token'] self.assertEqual(tok_now, 'tok') # assert no update verify(cli, times=1).invoke(...)
def test_login_command_export_vars_2(self): when(cli).poll(contains('aws sso login'), ...).thenReturn(True) with ArgvContext(program, '-t', '-e', 'login'), self.assertRaises(SystemExit) as x: cli.main() self.assertEqual(x.exception.code, 0) cred = cli.read_config(self.credentials.name) new_tok = cred['default']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=1).poll(...)
def test_source_profile_eager_sync(self): with ArgvContext(program, '-t', '-p', 'dev'): self.credentials.close() self.credentials = tempfile.NamedTemporaryFile() cred_ini = b""" [default] region = ap-southeast-2 aws_access_key_id = MOCK aws_secret_access_key = MOCK aws_session_token = tok aws_session_expiration = 2020-05-27T18:21:43+0000 """ self.credentials.write(cred_ini) self.credentials.seek(0) self.credentials.read() cli.aws_shared_credentials_file = self.credentials.name self.config.close() # now start new test case self.config = tempfile.NamedTemporaryFile() conf_ini = b""" [default] sso_start_url = https://petshop.awsapps.com/start sso_region = ap-southeast-2 sso_account_id = 123456789 sso_role_name = Engineering region = ap-southeast-2 output = json [profile dev] role_arn = arn:aws:iam::456789123:role/FullAdmin source_profile = default region = ap-southeast-2 output = json """ self.config.write(conf_ini) self.config.seek(0) self.config.read() cli.aws_config_file = self.config.name cli.main() cred = cli.read_config(self.credentials.name) new_tok = cred['dev']['aws_session_token'] self.assertNotEqual(new_tok, 'tok') self.assertEqual(new_tok, 'VeryLongBase664String==') verify(cli, times=6).invoke(...)
def test_sso_get_role_credentials_fail(self): when(cli).invoke(contains('aws sso get-role-credentials')).thenReturn( (False, 'does-not-matter')) cred = cli.update_profile("dev", cli.read_config(self.config.name)) self.assertIsNone(cred)
def test_sso_get_role_credentials_fail(self): when(cli).invoke(contains('aws sso get-role-credentials')).thenReturn( (False, 'does-not-matter')) with self.assertRaises(SystemExit) as x: cli.update_profile("dev", cli.read_config(self.config.name)) self.assertEqual(x.exception.code, 1)
def test_sts_get_caller_identity_fail(self): when(cli).invoke(contains('aws sts get-caller-identity')).thenReturn( (False, 'does-not-matter')) with self.assertRaises(SystemExit) as x: cli.update_profile("dev", cli.read_config(self.config.name)) self.assertEqual(x.exception.code, 1)