class IMSCredentialsProviderTestGetCredentialsForAllRoles(unittest.TestCase):
def setUp(self):
self.imsi = IMSCredentialsProvider("no-such-host.invalid", ims_protocol="http")
self.json_response = json_response
@requests_mock.mock()
def test_should_get_valid_roles_and_credentials_when_called_with_single_role(self, mock_object):
mock_object.get(requests_mock.ANY, [{'text': 'test_role'}, {'text': self.json_response}])
received_credentials = self.imsi.get_credentials_for_all_roles()
self.assertEqual({'test_role': self.json_response}, received_credentials)
@requests_mock.mock()
def test_get_roles_and_credentials_when_called_with_multiple_roles(self, mock_object):
mock_object.get(requests_mock.ANY, [{'text': 'test_role1\ntest_role2'},
{'text': self.json_response},
{'text': self.json_response}
])
received_credentials = self.imsi.get_credentials_for_all_roles()
expected = {'test_role1': self.json_response,
'test_role2': self.json_response,
}
self.assertEqual(expected, received_credentials)
@requests_mock.mock()
def test_should_get_roles_and_valid_credentials_when_called_with_empty_role(self, mock_object):
mock_object.get(requests_mock.ANY, [{'text': ''}])
self.assertEquals({}, self.imsi.get_credentials_for_all_roles())
@requests_mock.mock()
def test_should_get_roles_and_valid_credentials_when_called_with_empty_credentials(self, mock_object):
mock_object.get(requests_mock.ANY, [{'text': 'test_role1\n test_role2'},
{'text': self.json_response},
{'text': ''}])
received_credentials = self.imsi.get_credentials_for_all_roles()
self.assertEqual({'test_role1': self.json_response}, received_credentials)
class IMSCredentialsProviderTestGetRoles(unittest.TestCase):
def setUp(self):
self.imsi = IMSCredentialsProvider("no-such-host.invalid", ims_protocol="http")
@requests_mock.mock()
def test_should_get_valid_role_when_single_role_is_given(self, mock_object):
mock_object.get(requests_mock.ANY, text="test_role")
received_roles = self.imsi.get_roles()
expected_roles = ["test_role"]
self.assertEqual(expected_roles, received_roles)
@requests_mock.mock()
def test_should_get_valid_roles_when_multiple_roles_are_given(self, mock_object):
mock_object.get(requests_mock.ANY, text="test_role1\ntest_role2\n test_role3")
received_roles = self.imsi.get_roles()
expected_roles = ["test_role1", "test_role2", "test_role3"]
self.assertEqual(expected_roles, received_roles)
@requests_mock.mock()
def test_should_raise_no_roles_found_exception_when_empty_response_is_received(self, mock_object):
mock_object.get(requests_mock.ANY, text="")
self.assertRaises(NoRolesFoundException, self.imsi.get_roles)
@mock.patch("requests.get")
def test_should_raise_no_roles_found_exception_when_bad_host_is_given(self, mock_object):
mock_object.side_effect = [requests.ConnectionError("Could not resolve host")]
self.assertRaises(NoRolesFoundException, self.imsi.get_roles)
@requests_mock.mock()
def test_should_get_role_url(self, mock_object):
mock_object.get("http://no-such-host.invalid/latest/meta-data/iam/security-credentials/", text="test_role")
self.imsi.get_roles()
@requests_mock.mock()
def test_should_raise_no_roles_found_exception_when_http_status_error_is_received(self, mock_object):
mock_object.get(requests_mock.ANY, status_code=400)
self.assertRaises(NoRolesFoundException, self.imsi.get_roles)
class IMSCredentialsProviderTestGetCredentials(unittest.TestCase):
def setUp(self):
self.imsi = IMSCredentialsProvider("no-such-host.invalid", ims_protocol="http")
self.json_response = json_response
@requests_mock.mock()
def test_should_get_valid_credentials_when_called_with_single_role(self, mock_object):
mock_object.get(requests_mock.ANY, text=self.json_response)
received_credentials = self.imsi.get_credentials("test_role")
self.assertEqual(self.json_response, received_credentials)
@requests_mock.mock()
def test_should_raise_no_credentials_found_exception_when_empty_response_is_received(self, mock_object):
mock_object.get(requests_mock.ANY, text="")
self.assertRaises(NoCredentialsFoundException, self.imsi.get_credentials, "test_role")
@requests_mock.mock()
def test_should_raise_no_credentials_found_exception_when_http_status_error_is_received(self, mock_object):
mock_object.get(requests_mock.ANY, status_code=400)
self.assertRaises(NoCredentialsFoundException, self.imsi.get_credentials, "test_role")
@requests_mock.mock()
def test_should_raise_no_credentials_found_exception_when_role_can_not_be_assumed(self, mock_object):
response = textwrap.dedent("""
{"timestamp":1436349287404,
"status":500,
"error":"Internal Server Error",
"exception":"com.amazonaws.AmazonServiceException",
"message":"User: arn:aws:iam::XXXXXXXXXXXX:user/federation-user-proxy
is not authorized to perform: sts:AssumeRole
on resource: arn:aws:iam::XXXXXXXXXXXX:role/rz_devesc
(Service: AWSSecurityTokenService; Status Code: 403;
Error Code: AccessDenied; Request ID:
5df35a2d-2557-11e5-8899-b7abe26301a6)",
"path":"/latest/meta-data/iam/security-credentials/rz_devesc"}
""")
mock_object.get(requests_mock.ANY, status_code=500, text=response)
self.assertRaises(NoCredentialsFoundException, self.imsi.get_credentials, "test_role")
def setUp(self):
self.imsi = IMSCredentialsProvider("no-such-host.invalid", ims_protocol="http")
self.json_response = json_response
