37 lines
1.2 KiB
Python
37 lines
1.2 KiB
Python
import unittest
|
|
from uuid import uuid4
|
|
|
|
import boto3
|
|
|
|
from moto import mock_aws
|
|
|
|
|
|
class TestStsAssumeRole(unittest.TestCase):
|
|
@mock_aws
|
|
def test_list_queues_in_different_account(self):
|
|
sqs = boto3.client("sqs", region_name="us-east-1")
|
|
queue_url = sqs.create_queue(QueueName=str(uuid4()))["QueueUrl"]
|
|
|
|
# verify function exists
|
|
all_urls = sqs.list_queues()["QueueUrls"]
|
|
assert queue_url in all_urls
|
|
|
|
# assume role to another aws account
|
|
account_b = "111111111111"
|
|
sts = boto3.client("sts", region_name="us-east-1")
|
|
response = sts.assume_role(
|
|
RoleArn=f"arn:aws:iam::{account_b}:role/my-role",
|
|
RoleSessionName="test-session-name",
|
|
ExternalId="test-external-id",
|
|
)
|
|
client2 = boto3.client(
|
|
"sqs",
|
|
aws_access_key_id=response["Credentials"]["AccessKeyId"],
|
|
aws_secret_access_key=response["Credentials"]["SecretAccessKey"],
|
|
aws_session_token=response["Credentials"]["SessionToken"],
|
|
region_name="us-east-1",
|
|
)
|
|
|
|
# client2 belongs to another account, where there are no queues
|
|
assert "QueueUrls" not in client2.list_queues()
|