Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added support for openid connect (#4656)

Browse Source
This commit is contained in:
Macwan Nevil 2021-12-06 02:29:31 +05:30 committed by GitHub
parent 55681bb5db
commit c4338b8aea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 145 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
moto/iam/models.py
View File

@ -156,7 +156,7 @@ class SAMLProvider(BaseModel):
class OpenIDConnectProvider(BaseModel): class OpenIDConnectProvider(BaseModel):
def __init__(self, url, thumbprint_list, client_id_list=None): def __init__(self, url, thumbprint_list, client_id_list=None, tags=None):
self._errors = [] self._errors = []
self._validate(url, thumbprint_list, client_id_list) self._validate(url, thumbprint_list, client_id_list)
@ -165,6 +165,7 @@ class OpenIDConnectProvider(BaseModel):
self.thumbprint_list = thumbprint_list self.thumbprint_list = thumbprint_list
self.client_id_list = client_id_list self.client_id_list = client_id_list
self.create_date = datetime.utcnow() self.create_date = datetime.utcnow()
self.tags = tags
@property @property
def arn(self): def arn(self):
@ -238,6 +239,9 @@ class OpenIDConnectProvider(BaseModel):
) )
) )
def get_tags(self):
return [self.tags[tag] for tag in self.tags]
class PolicyVersion(object): class PolicyVersion(object):
def __init__( def __init__(
@ -2618,8 +2622,13 @@ class IAMBackend(BaseBackend):
return user return user
return None return None
def create_open_id_connect_provider(self, url, thumbprint_list, client_id_list): def create_open_id_connect_provider(
open_id_provider = OpenIDConnectProvider(url, thumbprint_list, client_id_list) self, url, thumbprint_list, client_id_list, tags
):
clean_tags = self._tag_verification(tags)
open_id_provider = OpenIDConnectProvider(
url, thumbprint_list, client_id_list, clean_tags
)
if open_id_provider.arn in self.open_id_providers: if open_id_provider.arn in self.open_id_providers:
raise EntityAlreadyExists("Unknown") raise EntityAlreadyExists("Unknown")
@ -2627,6 +2636,40 @@ class IAMBackend(BaseBackend):
self.open_id_providers[open_id_provider.arn] = open_id_provider self.open_id_providers[open_id_provider.arn] = open_id_provider
return open_id_provider return open_id_provider
def update_open_id_connect_provider_thumbprint(self, arn, thumbprint_list):
open_id_provider = self.get_open_id_connect_provider(arn)
open_id_provider.thumbprint_list = thumbprint_list
def tag_open_id_connect_provider(self, arn, tags):
open_id_provider = self.get_open_id_connect_provider(arn)
clean_tags = self._tag_verification(tags)
open_id_provider.tags.update(clean_tags)
def untag_open_id_connect_provider(self, arn, tag_keys):
open_id_provider = self.get_open_id_connect_provider(arn)
for key in tag_keys:
ref_key = key.lower()
self._validate_tag_key(key, exception_param="tagKeys")
open_id_provider.tags.pop(ref_key, None)
def list_open_id_connect_provider_tags(self, arn, marker, max_items=100):
open_id_provider = self.get_open_id_connect_provider(arn)
max_items = int(max_items)
tag_index = sorted(open_id_provider.tags)
start_idx = int(marker) if marker else 0
tag_index = tag_index[start_idx : start_idx + max_items]
if len(open_id_provider.tags) <= (start_idx + max_items):
marker = None
else:
marker = str(start_idx + max_items)
tags = [open_id_provider.tags[tag] for tag in tag_index]
return tags, marker
def delete_open_id_connect_provider(self, arn): def delete_open_id_connect_provider(self, arn):
self.open_id_providers.pop(arn, None) self.open_id_providers.pop(arn, None)

93
moto/iam/responses.py
View File

@ -952,14 +952,54 @@ class IamResponse(BaseResponse):
open_id_provider_url = self._get_param("Url") open_id_provider_url = self._get_param("Url")
thumbprint_list = self._get_multi_param("ThumbprintList.member") thumbprint_list = self._get_multi_param("ThumbprintList.member")
client_id_list = self._get_multi_param("ClientIDList.member") client_id_list = self._get_multi_param("ClientIDList.member")
tags = self._get_multi_param("Tags.member")
open_id_provider = iam_backend.create_open_id_connect_provider( open_id_provider = iam_backend.create_open_id_connect_provider(
open_id_provider_url, thumbprint_list, client_id_list open_id_provider_url, thumbprint_list, client_id_list, tags
) )
template = self.response_template(CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE) template = self.response_template(CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE)
return template.render(open_id_provider=open_id_provider) return template.render(open_id_provider=open_id_provider)
def update_open_id_connect_provider_thumbprint(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
thumbprint_list = self._get_multi_param("ThumbprintList.member")
iam_backend.update_open_id_connect_provider_thumbprint(
open_id_provider_arn, thumbprint_list
)
template = self.response_template(UPDATE_OPEN_ID_CONNECT_PROVIDER_THUMBPRINT)
return template.render()
def tag_open_id_connect_provider(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
tags = self._get_multi_param("Tags.member")
iam_backend.tag_open_id_connect_provider(open_id_provider_arn, tags)
template = self.response_template(TAG_OPEN_ID_CONNECT_PROVIDER)
return template.render()
def untag_open_id_connect_provider(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
tag_keys = self._get_multi_param("TagKeys.member")
iam_backend.untag_open_id_connect_provider(open_id_provider_arn, tag_keys)
template = self.response_template(UNTAG_OPEN_ID_CONNECT_PROVIDER)
return template.render()
def list_open_id_connect_provider_tags(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
marker = self._get_param("Marker")
max_items = self._get_param("MaxItems", 100)
tags, marker = iam_backend.list_open_id_connect_provider_tags(
open_id_provider_arn, marker, max_items
)
template = self.response_template(LIST_OPEN_ID_CONNECT_PROVIDER_TAGS)
return template.render(tags=tags, marker=marker)
def delete_open_id_connect_provider(self): def delete_open_id_connect_provider(self):
open_id_provider_arn = self._get_param("OpenIDConnectProviderArn") open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
@ -2567,6 +2607,27 @@ UNTAG_POLICY_TEMPLATE = """<UntagPolicyResponse xmlns="https://iam.amazonaws.com
</ResponseMetadata> </ResponseMetadata>
</UntagPolicyResponse>""" </UntagPolicyResponse>"""
LIST_OPEN_ID_CONNECT_PROVIDER_TAGS = """<ListOpenIDConnectProviderTagsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ListOpenIDConnectProviderTagsResult>
<IsTruncated>{{ 'true' if marker else 'false' }}</IsTruncated>
{% if marker %}
<Marker>{{ marker }}</Marker>
{% endif %}
<Tags>
{% for tag in tags %}
<member>
<Key>{{ tag['Key'] }}</Key>
<Value>{{ tag['Value'] }}</Value>
</member>
{% endfor %}
</Tags>
</ListOpenIDConnectProviderTagsResult>
<ResponseMetadata>
<RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
</ResponseMetadata>
</ListOpenIDConnectProviderTagsResponse>
"""
CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<CreateOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<CreateOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<CreateOpenIDConnectProviderResult> <CreateOpenIDConnectProviderResult>
@ -2577,6 +2638,26 @@ CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<CreateOpenIDConnectProviderRespon
</ResponseMetadata> </ResponseMetadata>
</CreateOpenIDConnectProviderResponse>""" </CreateOpenIDConnectProviderResponse>"""
UPDATE_OPEN_ID_CONNECT_PROVIDER_THUMBPRINT = """<UpdateOpenIDConnectProviderThumbprintResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>29b6031c-4f66-11e4-aefa-bfd6aEXAMPLE</RequestId>
</ResponseMetadata>
</UpdateOpenIDConnectProviderThumbprintResponse>
"""
TAG_OPEN_ID_CONNECT_PROVIDER = """<TagOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
</ResponseMetadata>
</TagOpenIDConnectProviderResponse>
"""
UNTAG_OPEN_ID_CONNECT_PROVIDER = """<UntagOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
</ResponseMetadata>
</UntagOpenIDConnectProviderResponse>
"""
DELETE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<DeleteOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> DELETE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<DeleteOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata> <ResponseMetadata>
@ -2599,6 +2680,16 @@ GET_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<GetOpenIDConnectProviderResponse xml
{% endfor %} {% endfor %}
</ClientIDList> </ClientIDList>
<Url>{{ open_id_provider.url }}</Url> <Url>{{ open_id_provider.url }}</Url>
{% if open_id_provider.tags %}
<Tags>
{% for tag in open_id_provider.get_tags() %}
<member>
<Key>{{ tag['Key'] }}</Key>
<Value>{{ tag['Value'] }}</Value>
</member>
{% endfor %}
</Tags>
{% endif %}
</GetOpenIDConnectProviderResult> </GetOpenIDConnectProviderResult>
<ResponseMetadata> <ResponseMetadata>
<RequestId>2c91531b-4f65-11e4-aefa-bfd6aEXAMPLE</RequestId> <RequestId>2c91531b-4f65-11e4-aefa-bfd6aEXAMPLE</RequestId>

6
tests/terraform-tests.success.txt
View File

@ -121,3 +121,9 @@ TestAccAWSS3BucketObject_
TestAccAWSIAMPolicy_ TestAccAWSIAMPolicy_
TestAccAWSIAMGroup_ TestAccAWSIAMGroup_
TestAccAWSIAMRolePolicy TestAccAWSIAMRolePolicy
TestAccAWSIAMUserPolicy
TestAccAWSIAMGroupPolicy
TestAccAWSDataSourceIAMRole
TestAccAWSDataSourceIAMUser
TestAccAWSIAMAccountAlias
TestAccAWSIAMOpenIDConnectProvider