def test_get_sts_access(self, mock_boto3_client):
"""Test _get_sts_access success."""
expected_access_key = FAKE.md5()
expected_secret_access_key = FAKE.md5()
expected_session_token = FAKE.md5()
assume_role = {
"Credentials": {
"AccessKeyId": expected_access_key,
"SecretAccessKey": expected_secret_access_key,
"SessionToken": expected_session_token,
}
}
sts_client = Mock()
sts_client.assume_role.return_value = assume_role
mock_boto3_client.return_value = sts_client
iam_arn = "arn:aws:s3:::my_s3_bucket"
credentials = _get_sts_access(iam_arn)
sts_client.assume_role.assert_called()
self.assertEqual(credentials.get("aws_access_key_id"),
expected_access_key)
self.assertEqual(credentials.get("aws_secret_access_key"),
expected_secret_access_key)
self.assertEqual(credentials.get("aws_session_token"),
expected_session_token)
def test_get_sts_access(self, mock_boto3_client):
"""Test _get_sts_access success."""
expected_access_key = FAKE.md5()
expected_secret_access_key = FAKE.md5()
expected_session_token = FAKE.md5()
assume_role = {
'Credentials': {
'AccessKeyId': expected_access_key,
'SecretAccessKey': expected_secret_access_key,
'SessionToken': expected_session_token
}
}
sts_client = Mock()
sts_client.assume_role.return_value = assume_role
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
credentials = _get_sts_access(iam_arn)
sts_client.assume_role.assert_called()
self.assertEquals(credentials.get('aws_access_key_id'),
expected_access_key)
self.assertEquals(credentials.get('aws_secret_access_key'),
expected_secret_access_key)
self.assertEquals(credentials.get('aws_session_token'),
expected_session_token)
def test_get_sts_access_fail(self, mock_boto3_client):
"""Test _get_sts_access fail."""
logging.disable(logging.NOTSET)
sts_client = Mock()
sts_client.assume_role.side_effect = _mock_boto3_kwargs_exception
mock_boto3_client.return_value = sts_client
iam_arn = 'arn:aws:s3:::my_s3_bucket'
with self.assertLogs(level=logging.CRITICAL):
credentials = _get_sts_access(iam_arn)
self.assertIn('aws_access_key_id', credentials)
self.assertIn('aws_secret_access_key', credentials)
self.assertIn('aws_session_token', credentials)
self.assertIsNone(credentials.get('aws_access_key_id'))
self.assertIsNone(credentials.get('aws_secret_access_key'))
self.assertIsNone(credentials.get('aws_session_token'))
def test_parm_val_exception(self, mock_boto3_client):
"""Test _get_sts_access fail."""
logging.disable(logging.NOTSET)
sts_client = Mock()
sts_client.assume_role.side_effect = ParamValidationError(report="test")
mock_boto3_client.return_value = sts_client
iam_arn = "BAD"
with self.assertLogs(level=logging.CRITICAL):
credentials = _get_sts_access(iam_arn)
self.assertIn("aws_access_key_id", credentials)
self.assertIn("aws_secret_access_key", credentials)
self.assertIn("aws_session_token", credentials)
self.assertIsNone(credentials.get("aws_access_key_id"))
self.assertIsNone(credentials.get("aws_secret_access_key"))
self.assertIsNone(credentials.get("aws_session_token"))
