Implemented returning random assumed role ID.
This commit is contained in:
acsbendi
parent
9edab5b423
commit
d9cb1f2d35
@ -2,7 +2,7 @@ from __future__ import unicode_literals
|
|||||||
import datetime
|
import datetime
|
||||||
from moto.core import BaseBackend, BaseModel
|
from moto.core import BaseBackend, BaseModel
|
||||||
from moto.core.utils import iso_8601_datetime_with_milliseconds
|
from moto.core.utils import iso_8601_datetime_with_milliseconds
|
||||||
from moto.sts.utils import random_access_key_id, random_secret_access_key, random_session_token
|
from moto.sts.utils import random_access_key_id, random_secret_access_key, random_session_token, random_assumed_role_id
|
||||||
|
|
||||||
|
|
||||||
class Token(BaseModel):
|
class Token(BaseModel):
|
||||||
@ -30,6 +30,7 @@ class AssumedRole(BaseModel):
|
|||||||
self.access_key_id = "ASIA" + random_access_key_id()
|
self.access_key_id = "ASIA" + random_access_key_id()
|
||||||
self.secret_access_key = random_secret_access_key()
|
self.secret_access_key = random_secret_access_key()
|
||||||
self.session_token = random_session_token()
|
self.session_token = random_session_token()
|
||||||
|
self.assumed_role_id = "AROA" + random_assumed_role_id()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def expiration_ISO8601(self):
|
def expiration_ISO8601(self):
|
||||||
|
|||||||
@ -91,7 +91,7 @@ ASSUME_ROLE_RESPONSE = """<AssumeRoleResponse xmlns="https://sts.amazonaws.com/d
|
|||||||
</Credentials>
|
</Credentials>
|
||||||
<AssumedRoleUser>
|
<AssumedRoleUser>
|
||||||
<Arn>{{ role.arn }}</Arn>
|
<Arn>{{ role.arn }}</Arn>
|
||||||
<AssumedRoleId>ARO123EXAMPLE123:{{ role.session_name }}</AssumedRoleId>
|
<AssumedRoleId>{{ role.assumed_role_id }}:{{ role.session_name }}</AssumedRoleId>
|
||||||
</AssumedRoleUser>
|
</AssumedRoleUser>
|
||||||
<PackedPolicySize>6</PackedPolicySize>
|
<PackedPolicySize>6</PackedPolicySize>
|
||||||
</AssumeRoleResult>
|
</AssumeRoleResult>
|
||||||
|
|||||||
@ -6,15 +6,12 @@ import string
|
|||||||
import six
|
import six
|
||||||
|
|
||||||
ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX = "8NWMTLYQ"
|
ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX = "8NWMTLYQ"
|
||||||
|
ACCOUNT_SPECIFIC_ASSUMED_ROLE_ID_PREFIX = "3X42LBCD"
|
||||||
SESSION_TOKEN_PREFIX = "FQoGZXIvYXdzEBYaD"
|
SESSION_TOKEN_PREFIX = "FQoGZXIvYXdzEBYaD"
|
||||||
|
|
||||||
|
|
||||||
def random_access_key_id():
|
def random_access_key_id():
|
||||||
return ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX + ''.join(six.text_type(
|
return ACCOUNT_SPECIFIC_ACCESS_KEY_PREFIX + _random_uppercase_or_digit_sequence(8)
|
||||||
random.choice(
|
|
||||||
string.ascii_uppercase + string.digits
|
|
||||||
)) for _ in range(8)
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def random_secret_access_key():
|
def random_secret_access_key():
|
||||||
@ -23,3 +20,16 @@ def random_secret_access_key():
|
|||||||
|
|
||||||
def random_session_token():
|
def random_session_token():
|
||||||
return SESSION_TOKEN_PREFIX + base64.b64encode(os.urandom(266))[len(SESSION_TOKEN_PREFIX):].decode()
|
return SESSION_TOKEN_PREFIX + base64.b64encode(os.urandom(266))[len(SESSION_TOKEN_PREFIX):].decode()
|
||||||
|
|
||||||
|
|
||||||
|
def random_assumed_role_id():
|
||||||
|
return ACCOUNT_SPECIFIC_ASSUMED_ROLE_ID_PREFIX + _random_uppercase_or_digit_sequence(9)
|
||||||
|
|
||||||
|
|
||||||
|
def _random_uppercase_or_digit_sequence(length):
|
||||||
|
return ''.join(
|
||||||
|
six.text_type(
|
||||||
|
random.choice(
|
||||||
|
string.ascii_uppercase + string.digits
|
||||||
|
)) for _ in range(length)
|
||||||
|
)
|
||||||
|
|||||||
@ -40,10 +40,12 @@ def test_get_federation_token():
|
|||||||
|
|
||||||
|
|
||||||
@freeze_time("2012-01-01 12:00:00")
|
@freeze_time("2012-01-01 12:00:00")
|
||||||
@mock_sts_deprecated
|
@mock_sts
|
||||||
def test_assume_role():
|
def test_assume_role():
|
||||||
conn = boto.connect_sts()
|
client = boto3.client(
|
||||||
|
"sts", region_name='us-east-1')
|
||||||
|
|
||||||
|
session_name = "session-name"
|
||||||
policy = json.dumps({
|
policy = json.dumps({
|
||||||
"Statement": [
|
"Statement": [
|
||||||
{
|
{
|
||||||
@ -59,19 +61,21 @@ def test_assume_role():
|
|||||||
]
|
]
|
||||||
})
|
})
|
||||||
s3_role = "arn:aws:iam::123456789012:role/test-role"
|
s3_role = "arn:aws:iam::123456789012:role/test-role"
|
||||||
role = conn.assume_role(s3_role, "session-name",
|
assume_role_response = client.assume_role(RoleArn=s3_role, RoleSessionName=session_name,
|
||||||
policy, duration_seconds=123)
|
Policy=policy, DurationSeconds=900)
|
||||||
|
|
||||||
credentials = role.credentials
|
credentials = assume_role_response['Credentials']
|
||||||
credentials.expiration.should.equal('2012-01-01T12:02:03.000Z')
|
credentials['Expiration'].isoformat().should.equal('2012-01-01T12:15:00+00:00')
|
||||||
credentials.session_token.should.have.length_of(356)
|
credentials['SessionToken'].should.have.length_of(356)
|
||||||
assert credentials.session_token.startswith("FQoGZXIvYXdzE")
|
assert credentials['SessionToken'].startswith("FQoGZXIvYXdzE")
|
||||||
credentials.access_key.should.have.length_of(20)
|
credentials['AccessKeyId'].should.have.length_of(20)
|
||||||
assert credentials.access_key.startswith("ASIA")
|
assert credentials['AccessKeyId'].startswith("ASIA")
|
||||||
credentials.secret_key.should.have.length_of(40)
|
credentials['SecretAccessKey'].should.have.length_of(40)
|
||||||
|
|
||||||
role.user.arn.should.equal("arn:aws:iam::123456789012:role/test-role")
|
assume_role_response['AssumedRoleUser']['Arn'].should.equal("arn:aws:iam::123456789012:role/test-role")
|
||||||
role.user.assume_role_id.should.contain("session-name")
|
assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].startswith("AROA")
|
||||||
|
assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].endswith(":" + session_name)
|
||||||
|
assume_role_response['AssumedRoleUser']['AssumedRoleId'].should.have.length_of(21 + 1 + len(session_name))
|
||||||
|
|
||||||
|
|
||||||
@mock_sts
|
@mock_sts
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user