def test_set_iam_credentials_for_serverless_calls_get_credentials(
mock_boto_client, mocker, serverless_iam_db_kwargs):
rp: RedshiftProperty = RedshiftProperty()
for k, v in serverless_iam_db_kwargs.items():
rp.put(k, v)
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
spy = mocker.spy(rp, "put")
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
# ensure describe_configuration is called
mock_boto_client.assert_has_calls(
[call().get_credentials(dbName=rp.db_name)])
# ensure host, port values were set
assert spy.called
# ensure RedshiftProperty.put method was called
assert "user_name" in [c[0][0] for c in spy.call_args_list]
assert "password" in [c[0][0] for c in spy.call_args_list]
def test_set_cluster_credentials_honors_iam_disable_cache(
mock_boto_client, mock_describe_clusters,
mock_get_cluster_credentials):
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
rp: RedshiftProperty = make_redshift_property()
rp.iam_disable_cache = True
IamHelper.credentials_cache.clear()
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
assert len(IamHelper.credentials_cache) == 0
assert mock_boto_client.called is True
mock_boto_client.assert_has_calls([
call().get_cluster_credentials(
AutoCreate=rp.auto_create,
ClusterIdentifier=rp.cluster_identifier,
DbGroups=rp.db_groups,
DbName=rp.db_name,
DbUser=rp.db_user,
)
])
def test_set_iam_credentials_for_serverless_uses_redshift_serverless_client(
mock_boto_client, serverless_iam_db_kwargs):
rp: RedshiftProperty = RedshiftProperty()
for k, v in serverless_iam_db_kwargs.items():
rp.put(k, v)
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
# ensure client creation
assert mock_boto_client.called is True
assert mock_boto_client.call_count == 1
assert mock_boto_client.call_args[1][
"service_name"] == "redshift-serverless"
def test_set_cluster_credentials_refreshes_stale_credentials(
mock_boto_client, mock_describe_clusters,
mock_get_cluster_credentials):
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
rp: RedshiftProperty = make_redshift_property()
# mock out the boto3 response temporary credentials stored from prior auth (now stale)
mock_cred_obj: typing.Dict[str, typing.Union[str, datetime.datetime]] = {
"DbUser": "******",
"DbPassword": "******",
"Expiration": datetime.datetime(1, 1, 1, tzinfo=tzutc()),
}
# populate the cache
IamHelper.credentials_cache.clear()
IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] = mock_cred_obj
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
assert len(IamHelper.credentials_cache) == 1
# ensure new temporary credentials have been replaced in cache
assert IamHelper.get_credentials_cache_key(
rp, mock_cred_provider) in IamHelper.credentials_cache
assert IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] is not mock_cred_obj
assert mock_boto_client.called is True
mock_boto_client.assert_has_calls([
call().get_cluster_credentials(
AutoCreate=rp.auto_create,
ClusterIdentifier=rp.cluster_identifier,
DbGroups=rp.db_groups,
DbName=rp.db_name,
DbUser=rp.db_user,
)
])
def test_set_cluster_credentials_ignores_cache_when_disabled(
mock_boto_client, mock_describe_clusters,
mock_get_cluster_credentials):
mock_cred_provider = MagicMock()
mock_cred_holder = MagicMock()
mock_cred_provider.get_credentials.return_value = mock_cred_holder
mock_cred_holder.has_associated_session = False
rp: RedshiftProperty = make_redshift_property()
rp.iam_disable_cache = True
# mock out the boto3 response temporary credentials stored from prior auth
mock_cred_obj: typing.Dict[str, typing.Union[str, datetime.datetime]] = {
"DbUser": "******",
"DbPassword": "******",
"Expiration": datetime.datetime(9999, 1, 1, tzinfo=tzutc()),
}
# populate the cache
IamHelper.credentials_cache.clear()
IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] = mock_cred_obj
IamHelper.set_cluster_credentials(mock_cred_provider, rp)
assert len(IamHelper.credentials_cache) == 1
assert IamHelper.credentials_cache[IamHelper.get_credentials_cache_key(
rp, mock_cred_provider)] is mock_cred_obj
assert mock_boto_client.called is True
# we should not have retrieved user/password from the cache
assert rp.user_name != mock_cred_obj["DbUser"]
assert rp.password != mock_cred_obj["DbPassword"]
assert (call().get_cluster_credentials(
AutoCreate=rp.auto_create,
ClusterIdentifier=rp.cluster_identifier,
DbGroups=rp.db_groups,
DbName=rp.db_name,
DbUser=rp.db_user,
) in mock_boto_client.mock_calls)