def test_resolvealiases(self):
parser = parse_args(['--resolve-aliases'])
self.assertTrue(parser.saml_cache)
self.assertFalse(parser.ask_role)
self.assertFalse(parser.keyring)
self.assertTrue(parser.resolve_aliases)
self.assertEqual(parser.duration, None)
self.assertEqual(parser.duration, None)
self.assertEqual(parser.idp_id, None)
self.assertEqual(parser.profile, None)
self.assertEqual(parser.region, None)
self.assertEqual(parser.role_arn, None)
self.assertEqual(parser.username, None)
def test_username(self):
parser = parse_args(['-u', '*****@*****.**'])
self.assertTrue(parser.saml_cache)
self.assertFalse(parser.ask_role)
self.assertFalse(parser.keyring)
self.assertFalse(parser.resolve_aliases)
self.assertEqual(parser.duration, None)
self.assertEqual(parser.duration, None)
self.assertEqual(parser.idp_id, None)
self.assertEqual(parser.profile, None)
self.assertEqual(parser.region, None)
self.assertEqual(parser.role_arn, None)
self.assertEqual(parser.username, '*****@*****.**')
def test_nocache(self):
parser = parse_args(['--no-cache'])
self.assertFalse(parser.saml_cache)
self.assertFalse(parser.ask_role)
self.assertFalse(parser.keyring)
self.assertFalse(parser.resolve_aliases)
self.assertEqual(parser.duration, None)
self.assertEqual(parser.auto_duration, False)
self.assertEqual(parser.idp_id, None)
self.assertEqual(parser.profile, None)
self.assertEqual(parser.region, None)
self.assertEqual(parser.role_arn, None)
self.assertEqual(parser.username, None)
self.assertEqual(parser.account, None)
def test_cli_param_supplied(self):
args = parse_args(['--account', "123456789012"])
config = resolve_config(args)
self.assertEqual("123456789012", config.account)
def test_cli_param_supplied(self):
args = parse_args(['--region', "ap-southeast-4"])
config = resolve_config(args)
self.assertEqual("ap-southeast-4", config.region)
def test_process_auth_with_saml_cache(self, mock_google, mock_amazon, mock_util, mock_getpass):
mock_config = Mock()
mock_config.saml_cache = True
mock_config.username = None
mock_config.idp_id = None
mock_config.sp_id = None
mock_config.password = None
mock_config.return_value = None
mock_config.role_arn = 'arn:aws:iam::123456789012:role/admin'
mock_amazon_client = Mock()
mock_google_client = Mock()
mock_getpass.return_value = "pass"
mock_amazon_client.roles = {
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
}
mock_util_obj = MagicMock()
mock_util_obj.pick_a_role = MagicMock(return_value=("da_role", "da_provider"))
mock_util_obj.get_input = MagicMock(side_effect=["input", "input2", "input3"])
mock_util.Util = mock_util_obj
mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[])
mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client)
mock_google.Google = MagicMock(return_value=mock_google_client)
args = aws_google_auth.parse_args([])
# Method Under Test
aws_google_auth.process_auth(args, mock_config)
# Assert values collected
self.assertEqual(mock_config.username, None)
self.assertEqual(mock_config.idp_id, None)
self.assertEqual(mock_config.sp_id, None)
self.assertEqual(mock_config.password, None)
self.assertEqual(mock_config.provider, "da_provider")
self.assertEqual(mock_config.role_arn, "da_role")
# Assert calls occur
self.assertEqual([call.Util.pick_a_role({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])],
mock_util.mock_calls)
# Cache means no password request
self.assertEqual([],
mock_getpass.mock_calls)
# Cache means no google calls
self.assertEqual([],
mock_google_client.mock_calls)
self.assertEqual([call.write(mock_amazon_client)],
mock_config.mock_calls)
self.assertEqual([call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
})],
mock_amazon_client.resolve_aws_aliases.mock_calls)
self.assertEqual([call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])
], mock_util_obj.pick_a_role.mock_calls)
def test_default(self):
args = parse_args([])
config = resolve_config(args)
self.assertEqual(None, config.idp_id)
def test_cli_param_supplied(self):
args = parse_args(['-d', "500"])
config = resolve_config(args)
self.assertEqual(500, config.duration)
def test_cli_param_supplied(self):
args = parse_args(['-D'])
config = resolve_config(args)
self.assertTrue(config.u2f_disabled)
def test_default(self):
args = parse_args([])
config = resolve_config(args)
self.assertFalse(config.u2f_disabled)
def test_cli_param_supplied(self):
args = parse_args(['-a'])
config = resolve_config(args)
self.assertTrue(config.ask_role)
def test_with_environment(self):
args = parse_args([])
config = resolve_config(args)
self.assertEqual("4567-role", config.role_arn)
def test_cli_param_supplied(self):
args = parse_args(['-r', "role1234"])
config = resolve_config(args)
self.assertEqual("role1234", config.role_arn)
def test_cli_param_supplied(self):
args = parse_args(['-p', 'profile'])
config = resolve_config(args)
self.assertEqual('profile', config.profile)
def test_cli_param_supplied(self):
args = parse_args(['-u', '*****@*****.**'])
config = resolve_config(args)
self.assertEqual('*****@*****.**', config.username)
def test_default(self):
args = parse_args([])
config = resolve_config(args)
self.assertEqual(43200, config.duration)
def test_with_environment(self):
args = parse_args([])
config = resolve_config(args)
self.assertTrue(config.u2f_disabled)
def test_invalid_cli_param_supplied(self):
with self.assertRaises(SystemExit):
args = parse_args(['-d', "blart"])
resolve_config(args)
def test_cli_param_supplied(self):
args = parse_args(['--resolve-aliases'])
config = resolve_config(args)
self.assertTrue(config.resolve_aliases)
def test_cli_param_supplied(self):
args = parse_args(['-I', "kjl2342"])
config = resolve_config(args)
self.assertEqual("kjl2342", config.idp_id)
def test_with_environment(self):
args = parse_args([])
config = resolve_config(args)
self.assertTrue(config.resolve_aliases)
def test_default(self):
args = parse_args([])
config = resolve_config(args)
self.assertFalse(config.resolve_aliases)
def test_cli_param_supplied(self):
args = parse_args(['--bg-response=foo'])
config = resolve_config(args)
self.assertEqual(config.bg_response, 'foo')
def test_ask_and_supply_role(self):
with self.assertRaises(SystemExit):
parse_args(['-a', '-r', 'da-role'])
def test_with_environment(self):
args = parse_args([])
config = resolve_config(args)
self.assertEqual(config.bg_response, 'foo')
def test_process_auth_standard(self, mock_google, mock_amazon, mock_util, mock_getpass):
mock_config = Mock()
mock_config.profile = False
mock_config.saml_cache = False
mock_config.keyring = False
mock_config.username = None
mock_config.idp_id = None
mock_config.sp_id = None
mock_config.return_value = None
mock_amazon_client = Mock()
mock_google_client = Mock()
mock_getpass.return_value = "pass"
mock_amazon_client.roles = {
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
}
mock_util_obj = MagicMock()
mock_util_obj.pick_a_role = MagicMock(return_value=("da_role", "da_provider"))
mock_util_obj.get_input = MagicMock(side_effect=["input", "input2", "input3"])
mock_util.Util = mock_util_obj
mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[])
mock_amazon_client.print_export_line = Mock()
mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client)
mock_google.Google = MagicMock(return_value=mock_google_client)
args = aws_google_auth.parse_args([])
# Method Under Test
aws_google_auth.process_auth(args, mock_config)
# Assert values collected
self.assertEqual(mock_config.username, "input")
self.assertEqual(mock_config.idp_id, "input2")
self.assertEqual(mock_config.sp_id, "input3")
self.assertEqual(mock_config.password, "pass")
self.assertEqual(mock_config.provider, "da_provider")
self.assertEqual(mock_config.role_arn, "da_role")
# Assert calls occur
self.assertEqual([call.Util.get_input('Google username: '******'Google IDP ID: '),
call.Util.get_input('Google SP ID: '),
call.Util.pick_a_role({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])],
mock_util.mock_calls)
self.assertEqual([call()],
mock_amazon_client.print_export_line.mock_calls)
self.assertEqual([call('Google Password: '******'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
})],
mock_amazon_client.resolve_aws_aliases.mock_calls)
self.assertEqual([call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])
], mock_util_obj.pick_a_role.mock_calls)
def test_default(self):
args = parse_args([])
config = resolve_config(args)
self.assertEqual("sts", config.profile)