def test_credentials_are_generated_from_saml(self, mock_sts): mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = Struct({ 'credentials': Struct({ 'expiration': 'SAML_TOKEN_EXPIRATION', 'access_key': 'SAML_ACCESS_KEY', 'secret_key': 'SAML_SECRET_KEY', 'session_token': 'SAML_TOKEN' }) }) mock_sts.connect_to_region.return_value = mock_conn sys.stdin = StringIO( saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP' ])) cli.main([ 'test.py', 'saml', '--profile', 'test-profile', '--region', 'un-south-1' ]) six.assertCountEqual(self, read_config_file(self.TEST_FILE), [ '[test-profile]', 'output = json', 'region = un-south-1', 'aws_access_key_id = SAML_ACCESS_KEY', 'aws_secret_access_key = SAML_SECRET_KEY', 'aws_security_token = SAML_TOKEN', 'aws_session_token = SAML_TOKEN', '' ])
def test_multiple_roles_are_returned(self): assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP', 'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP']) assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP'}, {'role': 'arn:aws:iam::2222:role/QARole', 'principle': 'arn:aws:iam::2222:saml-provider/IDP'}]
def test_credentials_are_generated_from_saml(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP']) token = Actions.saml_token('un-south-1', assertion) self.assertEqual(token, stub_token)
def test_white_space_is_removed(self): assertion = saml_assertion([ ' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole ' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def test_principle_can_be_first(self): assertion = saml_assertion([ 'arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def test_roles_are_extracted(self): assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }]
def test_credentials_are_generated_from_saml(self, mock_sts): stub_token = Struct({'credentials': None}) mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = stub_token mock_sts.connect_to_region.return_value = mock_conn assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP' ]) token = Actions.saml_token('un-south-1', assertion) self.assertEqual(token, stub_token)
def test_multiple_roles_are_returned(self): assertion = saml_assertion([ 'arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP', 'arn:aws:iam::2222:role/QARole,arn:aws:iam::2222:saml-provider/IDP' ]) assert SamlAssertion(assertion).roles() == [{ 'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP' }, { 'role': 'arn:aws:iam::2222:role/QARole', 'principle': 'arn:aws:iam::2222:saml-provider/IDP' }]
def test_credentials_are_generated_from_saml(self, mock_sts): mock_conn = MagicMock() mock_conn.assume_role_with_saml.return_value = Struct({'credentials': Struct({'expiration': 'SAML_TOKEN_EXPIRATION', 'access_key': 'SAML_ACCESS_KEY', 'secret_key': 'SAML_SECRET_KEY', 'session_token': 'SAML_TOKEN'})}) mock_sts.connect_to_region.return_value = mock_conn sys.stdin = StringIO(saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP'])) cli.main(['test.py', 'saml', '--profile', 'test-profile', '--region', 'un-south-1']) self.assertItemsEqual(read_config_file(self.TEST_FILE), ['[test-profile]', 'output = json', 'region = un-south-1', 'aws_access_key_id = SAML_ACCESS_KEY', 'aws_secret_access_key = SAML_SECRET_KEY', 'aws_security_token = SAML_TOKEN', 'aws_session_token = SAML_TOKEN', ''])
def test_white_space_is_removed(self): assertion = saml_assertion([' arn:aws:iam::1111:saml-provider/IDP , arn:aws:iam::1111:role/DevRole ']) assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]
def test_principle_can_be_first(self): assertion = saml_assertion(['arn:aws:iam::1111:saml-provider/IDP, arn:aws:iam::1111:role/DevRole']) assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]
def test_roles_are_extracted(self): assertion = saml_assertion(['arn:aws:iam::1111:role/DevRole,arn:aws:iam::1111:saml-provider/IDP']) assert SamlAssertion(assertion).roles() == [{'role': 'arn:aws:iam::1111:role/DevRole', 'principle': 'arn:aws:iam::1111:saml-provider/IDP'}]