import boto3 import mock import sure # noqa # pylint: disable=unused-import from botocore.exceptions import ClientError from datetime import datetime import pytest import os from moto import mock_cognitoidentity, settings from moto.cognitoidentity.utils import get_random_identity_id from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID from unittest import SkipTest from uuid import UUID @mock_cognitoidentity @pytest.mark.parametrize("name", ["pool#name", "with!excl", "with?quest"]) def test_create_identity_pool_invalid_name(name): conn = boto3.client("cognito-identity", "us-west-2") with pytest.raises(ClientError) as exc: conn.create_identity_pool( IdentityPoolName=name, AllowUnauthenticatedIdentities=False ) err = exc.value.response["Error"] err["Code"].should.equal("ValidationException") err["Message"].should.equal( f"1 validation error detected: Value '{name}' at 'identityPoolName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w\\s+=,.@-]+" ) @mock_cognitoidentity @pytest.mark.parametrize("name", ["x", "pool-", "pool_name", "with space"]) def test_create_identity_pool_valid_name(name): conn = boto3.client("cognito-identity", "us-west-2") conn.create_identity_pool( IdentityPoolName=name, AllowUnauthenticatedIdentities=False ) @mock_cognitoidentity def test_create_identity_pool(): conn = boto3.client("cognito-identity", "us-west-2") result = conn.create_identity_pool( IdentityPoolName="TestPool", AllowUnauthenticatedIdentities=False, SupportedLoginProviders={"graph.facebook.com": "123456789012345"}, DeveloperProviderName="devname", OpenIdConnectProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"], CognitoIdentityProviders=[ { "ProviderName": "testprovider", "ClientId": "CLIENT12345", "ServerSideTokenCheck": True, } ], SamlProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"], ) assert result["IdentityPoolId"] != "" @mock_cognitoidentity def test_describe_identity_pool(): conn = boto3.client("cognito-identity", "us-west-2") res = conn.create_identity_pool( IdentityPoolName="TestPool", AllowUnauthenticatedIdentities=False, SupportedLoginProviders={"graph.facebook.com": "123456789012345"}, DeveloperProviderName="devname", OpenIdConnectProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"], CognitoIdentityProviders=[ { "ProviderName": "testprovider", "ClientId": "CLIENT12345", "ServerSideTokenCheck": True, } ], SamlProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"], ) result = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"]) assert result["IdentityPoolId"] == res["IdentityPoolId"] assert ( result["AllowUnauthenticatedIdentities"] == res["AllowUnauthenticatedIdentities"] ) assert result["SupportedLoginProviders"] == res["SupportedLoginProviders"] assert result["DeveloperProviderName"] == res["DeveloperProviderName"] assert result["OpenIdConnectProviderARNs"] == res["OpenIdConnectProviderARNs"] assert result["CognitoIdentityProviders"] == res["CognitoIdentityProviders"] assert result["SamlProviderARNs"] == res["SamlProviderARNs"] @pytest.mark.parametrize( "key,initial_value,updated_value", [ ( "SupportedLoginProviders", {"graph.facebook.com": "123456789012345"}, {"graph.facebook.com": "123456789012345", "graph.google.com": "00000000"}, ), ("SupportedLoginProviders", {"graph.facebook.com": "123456789012345"}, {}), ("DeveloperProviderName", "dev1", "dev2"), ], ) @mock_cognitoidentity def test_update_identity_pool(key, initial_value, updated_value): conn = boto3.client("cognito-identity", "us-west-2") res = conn.create_identity_pool( IdentityPoolName="TestPool", AllowUnauthenticatedIdentities=False, **dict({key: initial_value}), ) first = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"]) first[key].should.equal(initial_value) response = conn.update_identity_pool( IdentityPoolId=res["IdentityPoolId"], IdentityPoolName="TestPool", AllowUnauthenticatedIdentities=False, **dict({key: updated_value}), ) response[key].should.equal(updated_value) second = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"]) second[key].should.equal(response[key]) @mock_cognitoidentity def test_describe_identity_pool_with_invalid_id_raises_error(): conn = boto3.client("cognito-identity", "us-west-2") with pytest.raises(ClientError) as cm: conn.describe_identity_pool(IdentityPoolId="us-west-2_non-existent") cm.value.operation_name.should.equal("DescribeIdentityPool") cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException") cm.value.response["Error"]["Message"].should.equal("us-west-2_non-existent") cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400) # testing a helper function def test_get_random_identity_id(): identity_id = get_random_identity_id("us-west-2") region, identity_id = identity_id.split(":") region.should.equal("us-west-2") UUID(identity_id, version=4) # Will throw an error if it's not a valid UUID @mock_cognitoidentity def test_get_id(): conn = boto3.client("cognito-identity", "us-west-2") identity_pool_data = conn.create_identity_pool( IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True ) result = conn.get_id( AccountId="someaccount", IdentityPoolId=identity_pool_data["IdentityPoolId"], Logins={"someurl": "12345"}, ) assert result.get("IdentityId").startswith("us-west-2") @mock_cognitoidentity @mock.patch.dict(os.environ, {"AWS_DEFAULT_REGION": "any-region"}) @mock.patch.dict(os.environ, {"MOTO_ALLOW_NONEXISTENT_REGION": "trUe"}) def test_get_id__unknown_region(): if settings.TEST_SERVER_MODE: raise SkipTest("Cannot set environemnt variables in ServerMode") conn = boto3.client("cognito-identity") identity_pool_data = conn.create_identity_pool( IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True ) result = conn.get_id( AccountId="someaccount", IdentityPoolId=identity_pool_data["IdentityPoolId"], Logins={"someurl": "12345"}, ) assert result.get("IdentityId").startswith("any-region") @mock_cognitoidentity def test_get_credentials_for_identity(): conn = boto3.client("cognito-identity", "us-west-2") result = conn.get_credentials_for_identity(IdentityId="12345") result["Credentials"].get("Expiration").should.be.a(datetime) result.get("IdentityId").should.equal("12345") @mock_cognitoidentity def test_get_open_id_token_for_developer_identity(): conn = boto3.client("cognito-identity", "us-west-2") result = conn.get_open_id_token_for_developer_identity( IdentityPoolId="us-west-2:12345", IdentityId="12345", Logins={"someurl": "12345"}, TokenDuration=123, ) assert len(result["Token"]) > 0 assert result["IdentityId"] == "12345" @mock_cognitoidentity def test_get_open_id_token_for_developer_identity_when_no_explicit_identity_id(): conn = boto3.client("cognito-identity", "us-west-2") result = conn.get_open_id_token_for_developer_identity( IdentityPoolId="us-west-2:12345", Logins={"someurl": "12345"}, TokenDuration=123 ) assert len(result["Token"]) > 0 assert len(result["IdentityId"]) > 0 @mock_cognitoidentity def test_get_open_id_token(): conn = boto3.client("cognito-identity", "us-west-2") result = conn.get_open_id_token(IdentityId="12345", Logins={"someurl": "12345"}) assert len(result["Token"]) > 0 assert result["IdentityId"] == "12345" @mock_cognitoidentity def test_list_identities(): conn = boto3.client("cognito-identity", "us-west-2") identity_pool_data = conn.create_identity_pool( IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True ) identity_pool_id = identity_pool_data["IdentityPoolId"] identity_data = conn.get_id( AccountId="someaccount", IdentityPoolId=identity_pool_id, Logins={"someurl": "12345"}, ) identity_id = identity_data["IdentityId"] identities = conn.list_identities(IdentityPoolId=identity_pool_id, MaxResults=123) assert "IdentityPoolId" in identities and "Identities" in identities assert identity_id in [x["IdentityId"] for x in identities["Identities"]]