Fixed AssumedRole ARN.

2019-08-21 19:47:12 +02:00 · 2019-08-21 19:47:12 +02:00 · 3012740699
commit 3012740699
parent 6bdbd0dbc8
2 changed files with 14 additions and 5 deletions
--- a/moto/sts/models.py
+++ b/moto/sts/models.py
@ -2,6 +2,7 @@ from __future__ import unicode_literals
 import datetime
 from moto.core import BaseBackend, BaseModel
 from moto.core.utils import iso_8601_datetime_with_milliseconds
+from moto.iam.models import ACCOUNT_ID
 from moto.sts.utils import random_access_key_id, random_secret_access_key, random_session_token, random_assumed_role_id


@ -42,7 +43,11 @@ class AssumedRole(BaseModel):

    @property
    def arn(self):
-        return self.role_arn + "/" + self.session_name
+        return "arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
+            account_id=ACCOUNT_ID,
+            role_name=self.role_arn.split("/")[-1],
+            session_name=self.session_name
+        )


 class STSBackend(BaseBackend):
--- a/tests/test_sts/test_sts.py
+++ b/tests/test_sts/test_sts.py
@ -66,7 +66,8 @@ def test_assume_role():
            },
        ]
    })
-    s3_role = "arn:aws:iam::{account_id}:role/test-role".format(account_id=ACCOUNT_ID)
+    role_name = "test-role"
+    s3_role = "arn:aws:iam::{account_id}:role/{role_name}".format(account_id=ACCOUNT_ID, role_name=role_name)
    assume_role_response = client.assume_role(RoleArn=s3_role, RoleSessionName=session_name,
                                              Policy=policy, DurationSeconds=900)

@ -78,7 +79,8 @@ def test_assume_role():
    assert credentials['AccessKeyId'].startswith("ASIA")
    credentials['SecretAccessKey'].should.have.length_of(40)

-    assume_role_response['AssumedRoleUser']['Arn'].should.equal(s3_role + "/" + session_name)
+    assume_role_response['AssumedRoleUser']['Arn'].should.equal("arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
+        account_id=ACCOUNT_ID, role_name=role_name, session_name=session_name))
    assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].startswith("AROA")
    assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].endswith(":" + session_name)
    assume_role_response['AssumedRoleUser']['AssumedRoleId'].should.have.length_of(21 + 1 + len(session_name))
@ -103,7 +105,8 @@ def test_assume_role_with_web_identity():
            },
        ]
    })
-    s3_role = "arn:aws:iam::{account_id}:role/test-role".format(account_id=ACCOUNT_ID)
+    role_name = "test-role"
+    s3_role = "arn:aws:iam::{account_id}:role/{role_name}".format(account_id=ACCOUNT_ID, role_name=role_name)
    session_name = "session-name"
    role = conn.assume_role_with_web_identity(
        s3_role, session_name, policy, duration_seconds=123)
@ -116,7 +119,8 @@ def test_assume_role_with_web_identity():
    assert credentials.access_key.startswith("ASIA")
    credentials.secret_key.should.have.length_of(40)

-    role.user.arn.should.equal(s3_role + "/" + session_name)
+    role.user.arn.should.equal("arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
+        account_id=ACCOUNT_ID, role_name=role_name, session_name=session_name))
    role.user.assume_role_id.should.contain("session-name")