moto/tests/test_cognitoidentity/test_cognitoidentity.py

243 lines
8.7 KiB
Python

import boto3
import mock
import sure # noqa # pylint: disable=unused-import
from botocore.exceptions import ClientError
from datetime import datetime
import pytest
import os
from moto import mock_cognitoidentity, settings
from moto.cognitoidentity.utils import get_random_identity_id
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
from unittest import SkipTest
from uuid import UUID
@mock_cognitoidentity
@pytest.mark.parametrize("name", ["pool#name", "with!excl", "with?quest"])
def test_create_identity_pool_invalid_name(name):
conn = boto3.client("cognito-identity", "us-west-2")
with pytest.raises(ClientError) as exc:
conn.create_identity_pool(
IdentityPoolName=name, AllowUnauthenticatedIdentities=False
)
err = exc.value.response["Error"]
err["Code"].should.equal("ValidationException")
err["Message"].should.equal(
f"1 validation error detected: Value '{name}' at 'identityPoolName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w\\s+=,.@-]+"
)
@mock_cognitoidentity
@pytest.mark.parametrize("name", ["x", "pool-", "pool_name", "with space"])
def test_create_identity_pool_valid_name(name):
conn = boto3.client("cognito-identity", "us-west-2")
conn.create_identity_pool(
IdentityPoolName=name, AllowUnauthenticatedIdentities=False
)
@mock_cognitoidentity
def test_create_identity_pool():
conn = boto3.client("cognito-identity", "us-west-2")
result = conn.create_identity_pool(
IdentityPoolName="TestPool",
AllowUnauthenticatedIdentities=False,
SupportedLoginProviders={"graph.facebook.com": "123456789012345"},
DeveloperProviderName="devname",
OpenIdConnectProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"],
CognitoIdentityProviders=[
{
"ProviderName": "testprovider",
"ClientId": "CLIENT12345",
"ServerSideTokenCheck": True,
}
],
SamlProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"],
)
assert result["IdentityPoolId"] != ""
@mock_cognitoidentity
def test_describe_identity_pool():
conn = boto3.client("cognito-identity", "us-west-2")
res = conn.create_identity_pool(
IdentityPoolName="TestPool",
AllowUnauthenticatedIdentities=False,
SupportedLoginProviders={"graph.facebook.com": "123456789012345"},
DeveloperProviderName="devname",
OpenIdConnectProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"],
CognitoIdentityProviders=[
{
"ProviderName": "testprovider",
"ClientId": "CLIENT12345",
"ServerSideTokenCheck": True,
}
],
SamlProviderARNs=[f"arn:aws:rds:eu-west-2:{ACCOUNT_ID}:db:mysql-db"],
)
result = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"])
assert result["IdentityPoolId"] == res["IdentityPoolId"]
assert (
result["AllowUnauthenticatedIdentities"]
== res["AllowUnauthenticatedIdentities"]
)
assert result["SupportedLoginProviders"] == res["SupportedLoginProviders"]
assert result["DeveloperProviderName"] == res["DeveloperProviderName"]
assert result["OpenIdConnectProviderARNs"] == res["OpenIdConnectProviderARNs"]
assert result["CognitoIdentityProviders"] == res["CognitoIdentityProviders"]
assert result["SamlProviderARNs"] == res["SamlProviderARNs"]
@pytest.mark.parametrize(
"key,initial_value,updated_value",
[
(
"SupportedLoginProviders",
{"graph.facebook.com": "123456789012345"},
{"graph.facebook.com": "123456789012345", "graph.google.com": "00000000"},
),
("SupportedLoginProviders", {"graph.facebook.com": "123456789012345"}, {}),
("DeveloperProviderName", "dev1", "dev2"),
],
)
@mock_cognitoidentity
def test_update_identity_pool(key, initial_value, updated_value):
conn = boto3.client("cognito-identity", "us-west-2")
res = conn.create_identity_pool(
IdentityPoolName="TestPool",
AllowUnauthenticatedIdentities=False,
**dict({key: initial_value}),
)
first = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"])
first[key].should.equal(initial_value)
response = conn.update_identity_pool(
IdentityPoolId=res["IdentityPoolId"],
IdentityPoolName="TestPool",
AllowUnauthenticatedIdentities=False,
**dict({key: updated_value}),
)
response[key].should.equal(updated_value)
second = conn.describe_identity_pool(IdentityPoolId=res["IdentityPoolId"])
second[key].should.equal(response[key])
@mock_cognitoidentity
def test_describe_identity_pool_with_invalid_id_raises_error():
conn = boto3.client("cognito-identity", "us-west-2")
with pytest.raises(ClientError) as cm:
conn.describe_identity_pool(IdentityPoolId="us-west-2_non-existent")
cm.value.operation_name.should.equal("DescribeIdentityPool")
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
cm.value.response["Error"]["Message"].should.equal("us-west-2_non-existent")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
# testing a helper function
def test_get_random_identity_id():
identity_id = get_random_identity_id("us-west-2")
region, identity_id = identity_id.split(":")
region.should.equal("us-west-2")
UUID(identity_id, version=4) # Will throw an error if it's not a valid UUID
@mock_cognitoidentity
def test_get_id():
conn = boto3.client("cognito-identity", "us-west-2")
identity_pool_data = conn.create_identity_pool(
IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True
)
result = conn.get_id(
AccountId="someaccount",
IdentityPoolId=identity_pool_data["IdentityPoolId"],
Logins={"someurl": "12345"},
)
assert result.get("IdentityId").startswith("us-west-2")
@mock_cognitoidentity
@mock.patch.dict(os.environ, {"AWS_DEFAULT_REGION": "any-region"})
@mock.patch.dict(os.environ, {"MOTO_ALLOW_NONEXISTENT_REGION": "trUe"})
def test_get_id__unknown_region():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-identity")
identity_pool_data = conn.create_identity_pool(
IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True
)
result = conn.get_id(
AccountId="someaccount",
IdentityPoolId=identity_pool_data["IdentityPoolId"],
Logins={"someurl": "12345"},
)
assert result.get("IdentityId").startswith("any-region")
@mock_cognitoidentity
def test_get_credentials_for_identity():
conn = boto3.client("cognito-identity", "us-west-2")
result = conn.get_credentials_for_identity(IdentityId="12345")
result["Credentials"].get("Expiration").should.be.a(datetime)
result.get("IdentityId").should.equal("12345")
@mock_cognitoidentity
def test_get_open_id_token_for_developer_identity():
conn = boto3.client("cognito-identity", "us-west-2")
result = conn.get_open_id_token_for_developer_identity(
IdentityPoolId="us-west-2:12345",
IdentityId="12345",
Logins={"someurl": "12345"},
TokenDuration=123,
)
assert len(result["Token"]) > 0
assert result["IdentityId"] == "12345"
@mock_cognitoidentity
def test_get_open_id_token_for_developer_identity_when_no_explicit_identity_id():
conn = boto3.client("cognito-identity", "us-west-2")
result = conn.get_open_id_token_for_developer_identity(
IdentityPoolId="us-west-2:12345", Logins={"someurl": "12345"}, TokenDuration=123
)
assert len(result["Token"]) > 0
assert len(result["IdentityId"]) > 0
@mock_cognitoidentity
def test_get_open_id_token():
conn = boto3.client("cognito-identity", "us-west-2")
result = conn.get_open_id_token(IdentityId="12345", Logins={"someurl": "12345"})
assert len(result["Token"]) > 0
assert result["IdentityId"] == "12345"
@mock_cognitoidentity
def test_list_identities():
conn = boto3.client("cognito-identity", "us-west-2")
identity_pool_data = conn.create_identity_pool(
IdentityPoolName="test_identity_pool", AllowUnauthenticatedIdentities=True
)
identity_pool_id = identity_pool_data["IdentityPoolId"]
identity_data = conn.get_id(
AccountId="someaccount",
IdentityPoolId=identity_pool_id,
Logins={"someurl": "12345"},
)
identity_id = identity_data["IdentityId"]
identities = conn.list_identities(IdentityPoolId=identity_pool_id, MaxResults=123)
assert "IdentityPoolId" in identities and "Identities" in identities
assert identity_id in [x["IdentityId"] for x in identities["Identities"]]