| #!/usr/bin/env python |
| # Copyright (c) 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved |
| # |
| # Permission is hereby granted, free of charge, to any person obtaining a |
| # copy of this software and associated documentation files (the |
| # "Software"), to deal in the Software without restriction, including |
| # without limitation the rights to use, copy, modify, merge, publish, dis- |
| # tribute, sublicense, and/or sell copies of the Software, and to permit |
| # persons to whom the Software is furnished to do so, subject to the fol- |
| # lowing conditions: |
| # |
| # The above copyright notice and this permission notice shall be included |
| # in all copies or substantial portions of the Software. |
| # |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- |
| # ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT |
| # SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |
| # IN THE SOFTWARE. |
| # |
| |
| from base64 import b64decode |
| from boto.compat import json |
| from boto.iam.connection import IAMConnection |
| from tests.unit import AWSMockServiceTestCase |
| |
| |
| class TestCreateSamlProvider(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <CreateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <CreateSAMLProviderResult> |
| <SAMLProviderArn>arn</SAMLProviderArn> |
| </CreateSAMLProviderResult> |
| <ResponseMetadata> |
| <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId> |
| </ResponseMetadata> |
| </CreateSAMLProviderResponse> |
| """ |
| |
| def test_create_saml_provider(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.create_saml_provider('document', 'name') |
| |
| self.assert_request_parameters( |
| {'Action': 'CreateSAMLProvider', |
| 'SAMLMetadataDocument': 'document', |
| 'Name': 'name'}, |
| ignore_params_values=['Version']) |
| |
| self.assertEqual(response['create_saml_provider_response'] |
| ['create_saml_provider_result'] |
| ['saml_provider_arn'], 'arn') |
| |
| |
| class TestListSamlProviders(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <ListSAMLProvidersResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <ListSAMLProvidersResult> |
| <SAMLProviderList> |
| <member> |
| <Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Database</Arn> |
| <ValidUntil>2032-05-09T16:27:11Z</ValidUntil> |
| <CreateDate>2012-05-09T16:27:03Z</CreateDate> |
| </member> |
| <member> |
| <Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Webserver</Arn> |
| <ValidUntil>2015-03-11T13:11:02Z</ValidUntil> |
| <CreateDate>2012-05-09T16:27:11Z</CreateDate> |
| </member> |
| </SAMLProviderList> |
| </ListSAMLProvidersResult> |
| <ResponseMetadata> |
| <RequestId>fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804</RequestId> |
| </ResponseMetadata> |
| </ListSAMLProvidersResponse> |
| """ |
| |
| def test_list_saml_providers(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.list_saml_providers() |
| |
| self.assert_request_parameters( |
| {'Action': 'ListSAMLProviders'}, |
| ignore_params_values=['Version']) |
| self.assertEqual(response.saml_provider_list, [ |
| {'arn': 'arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Database', |
| 'valid_until': '2032-05-09T16:27:11Z', |
| 'create_date': '2012-05-09T16:27:03Z'}, |
| {'arn': 'arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Webserver', |
| 'valid_until': '2015-03-11T13:11:02Z', |
| 'create_date': '2012-05-09T16:27:11Z'}]) |
| |
| |
| class TestGetSamlProvider(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <GetSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <GetSAMLProviderResult> |
| <CreateDate>2012-05-09T16:27:11Z</CreateDate> |
| <ValidUntil>2015-12-31T211:59:59Z</ValidUntil> |
| <SAMLMetadataDocument>Pd9fexDssTkRgGNqs...DxptfEs==</SAMLMetadataDocument> |
| </GetSAMLProviderResult> |
| <ResponseMetadata> |
| <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId> |
| </ResponseMetadata> |
| </GetSAMLProviderResponse> |
| """ |
| |
| def test_get_saml_provider(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.get_saml_provider('arn') |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'GetSAMLProvider', |
| 'SAMLProviderArn': 'arn' |
| }, |
| ignore_params_values=['Version']) |
| |
| |
| class TestUpdateSamlProvider(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <UpdateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <UpdateSAMLProviderResult> |
| <SAMLProviderArn>arn:aws:iam::123456789012:saml-metadata/MyUniversity</SAMLProviderArn> |
| </UpdateSAMLProviderResult> |
| <ResponseMetadata> |
| <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId> |
| </ResponseMetadata> |
| </UpdateSAMLProviderResponse> |
| """ |
| |
| def test_update_saml_provider(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.update_saml_provider('arn', 'doc') |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'UpdateSAMLProvider', |
| 'SAMLMetadataDocument': 'doc', |
| 'SAMLProviderArn': 'arn' |
| }, |
| ignore_params_values=['Version']) |
| |
| |
| class TestDeleteSamlProvider(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return "" |
| |
| def test_delete_saml_provider(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.delete_saml_provider('arn') |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'DeleteSAMLProvider', |
| 'SAMLProviderArn': 'arn' |
| }, |
| ignore_params_values=['Version']) |
| |
| |
| class TestCreateRole(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <CreateRoleResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <CreateRoleResult> |
| <Role> |
| <Path>/application_abc/component_xyz/</Path> |
| <Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn> |
| <RoleName>S3Access</RoleName> |
| <AssumeRolePolicyDocument>{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]},"Action":["sts:AssumeRole"]}]}</AssumeRolePolicyDocument> |
| <CreateDate>2012-05-08T23:34:01.495Z</CreateDate> |
| <RoleId>AROADBQP57FF2AEXAMPLE</RoleId> |
| </Role> |
| </CreateRoleResult> |
| <ResponseMetadata> |
| <RequestId>4a93ceee-9966-11e1-b624-b1aEXAMPLE7c</RequestId> |
| </ResponseMetadata> |
| </CreateRoleResponse> |
| """ |
| |
| def test_create_role_default(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.create_role('a_name') |
| |
| self.assert_request_parameters( |
| {'Action': 'CreateRole', |
| 'RoleName': 'a_name'}, |
| ignore_params_values=['Version', 'AssumeRolePolicyDocument']) |
| self.assertDictEqual(json.loads(self.actual_request.params["AssumeRolePolicyDocument"]), {"Statement": [{"Action": ["sts:AssumeRole"], "Effect": "Allow", "Principal": {"Service": ["ec2.amazonaws.com"]}}]}) |
| |
| def test_create_role_default_cn_north(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.host = 'iam.cn-north-1.amazonaws.com.cn' |
| self.service_connection.create_role('a_name') |
| |
| self.assert_request_parameters( |
| {'Action': 'CreateRole', |
| 'RoleName': 'a_name'}, |
| ignore_params_values=['Version', 'AssumeRolePolicyDocument']) |
| self.assertDictEqual(json.loads(self.actual_request.params["AssumeRolePolicyDocument"]), {"Statement": [{"Action": ["sts:AssumeRole"], "Effect": "Allow", "Principal": {"Service": ["ec2.amazonaws.com.cn"]}}]}) |
| |
| def test_create_role_string_policy(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.create_role( |
| 'a_name', |
| # Historical usage. |
| assume_role_policy_document='{"hello": "policy"}' |
| ) |
| |
| self.assert_request_parameters( |
| {'Action': 'CreateRole', |
| 'AssumeRolePolicyDocument': '{"hello": "policy"}', |
| 'RoleName': 'a_name'}, |
| ignore_params_values=['Version']) |
| |
| def test_create_role_data_policy(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.create_role( |
| 'a_name', |
| # With plain data, we should dump it for them. |
| assume_role_policy_document={"hello": "policy"} |
| ) |
| |
| self.assert_request_parameters( |
| {'Action': 'CreateRole', |
| 'AssumeRolePolicyDocument': '{"hello": "policy"}', |
| 'RoleName': 'a_name'}, |
| ignore_params_values=['Version']) |
| |
| |
| class TestGetSigninURL(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <ListAccountAliasesResponse> |
| <ListAccountAliasesResult> |
| <IsTruncated>false</IsTruncated> |
| <AccountAliases> |
| <member>foocorporation</member> |
| <member>anotherunused</member> |
| </AccountAliases> |
| </ListAccountAliasesResult> |
| <ResponseMetadata> |
| <RequestId>c5a076e9-f1b0-11df-8fbe-45274EXAMPLE</RequestId> |
| </ResponseMetadata> |
| </ListAccountAliasesResponse> |
| """ |
| |
| def test_get_signin_url_default(self): |
| self.set_http_response(status_code=200) |
| url = self.service_connection.get_signin_url() |
| self.assertEqual( |
| url, |
| 'https://foocorporation.signin.aws.amazon.com/console/ec2' |
| ) |
| |
| def test_get_signin_url_s3(self): |
| self.set_http_response(status_code=200) |
| url = self.service_connection.get_signin_url(service='s3') |
| self.assertEqual( |
| url, |
| 'https://foocorporation.signin.aws.amazon.com/console/s3' |
| ) |
| |
| def test_get_signin_url_cn_north(self): |
| self.set_http_response(status_code=200) |
| self.service_connection.host = 'iam.cn-north-1.amazonaws.com.cn' |
| url = self.service_connection.get_signin_url() |
| self.assertEqual( |
| url, |
| 'https://foocorporation.signin.amazonaws.cn/console/ec2' |
| ) |
| |
| |
| class TestGetSigninURLNoAliases(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <ListAccountAliasesResponse> |
| <ListAccountAliasesResult> |
| <IsTruncated>false</IsTruncated> |
| <AccountAliases></AccountAliases> |
| </ListAccountAliasesResult> |
| <ResponseMetadata> |
| <RequestId>c5a076e9-f1b0-11df-8fbe-45274EXAMPLE</RequestId> |
| </ResponseMetadata> |
| </ListAccountAliasesResponse> |
| """ |
| |
| def test_get_signin_url_no_aliases(self): |
| self.set_http_response(status_code=200) |
| |
| with self.assertRaises(Exception): |
| self.service_connection.get_signin_url() |
| |
| |
| class TestGenerateCredentialReport(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <GenerateCredentialReportResponse> |
| <GenerateCredentialReportResult> |
| <State>COMPLETE</State> |
| </GenerateCredentialReportResult> |
| <ResponseMetadata> |
| <RequestId>b62e22a3-0da1-11e4-ba55-0990EXAMPLE</RequestId> |
| </ResponseMetadata> |
| </GenerateCredentialReportResponse> |
| """ |
| |
| def test_generate_credential_report(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.generate_credential_report() |
| self.assertEquals(response['generate_credential_report_response'] |
| ['generate_credential_report_result'] |
| ['state'], 'COMPLETE') |
| |
| |
| class TestGetCredentialReport(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <GetCredentialReportResponse> |
| <ResponseMetadata> |
| <RequestId>99e60e9a-0db5-11e4-94d4-b764EXAMPLE</RequestId> |
| </ResponseMetadata> |
| <GetCredentialReportResult> |
| <Content>RXhhbXBsZQ==</Content> |
| <ReportFormat>text/csv</ReportFormat> |
| <GeneratedTime>2014-07-17T11:09:11Z</GeneratedTime> |
| </GetCredentialReportResult> |
| </GetCredentialReportResponse> |
| """ |
| |
| def test_get_credential_report(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.get_credential_report() |
| b64decode(response['get_credential_report_response'] |
| ['get_credential_report_result'] |
| ['content']) |
| |
| class TestCreateVirtualMFADevice(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <CreateVirtualMFADeviceResponse> |
| <CreateVirtualMFADeviceResult> |
| <VirtualMFADevice> |
| <SerialNumber>arn:aws:iam::123456789012:mfa/ExampleName</SerialNumber> |
| <Base32StringSeed>2K5K5XTLA7GGE75TQLYEXAMPLEEXAMPLEEXAMPLECHDFW4KJYZ6 |
| UFQ75LL7COCYKM</Base32StringSeed> |
| <QRCodePNG>89504E470D0A1A0AASDFAHSDFKJKLJFKALSDFJASDF</QRCodePNG> |
| </VirtualMFADevice> |
| </CreateVirtualMFADeviceResult> |
| <ResponseMetadata> |
| <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId> |
| </ResponseMetadata> |
| </CreateVirtualMFADeviceResponse> |
| """ |
| |
| def test_create_virtual_mfa_device(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.create_virtual_mfa_device('/', 'ExampleName') |
| self.assert_request_parameters( |
| {'Path': '/', |
| 'VirtualMFADeviceName': 'ExampleName', |
| 'Action': 'CreateVirtualMFADevice'}, |
| ignore_params_values=['Version']) |
| self.assertEquals(response['create_virtual_mfa_device_response'] |
| ['create_virtual_mfa_device_result'] |
| ['virtual_mfa_device'] |
| ['serial_number'], 'arn:aws:iam::123456789012:mfa/ExampleName') |
| |
| class TestGetAccountPasswordPolicy(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <GetAccountPasswordPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <GetAccountPasswordPolicyResult> |
| <PasswordPolicy> |
| <AllowUsersToChangePassword>true</AllowUsersToChangePassword> |
| <RequireUppercaseCharacters>true</RequireUppercaseCharacters> |
| <RequireSymbols>true</RequireSymbols> |
| <ExpirePasswords>false</ExpirePasswords> |
| <PasswordReusePrevention>12</PasswordReusePrevention> |
| <RequireLowercaseCharacters>true</RequireLowercaseCharacters> |
| <MaxPasswordAge>90</MaxPasswordAge> |
| <HardExpiry>false</HardExpiry> |
| <RequireNumbers>true</RequireNumbers> |
| <MinimumPasswordLength>12</MinimumPasswordLength> |
| </PasswordPolicy> |
| </GetAccountPasswordPolicyResult> |
| <ResponseMetadata> |
| <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId> |
| </ResponseMetadata> |
| </GetAccountPasswordPolicyResponse> |
| """ |
| |
| def test_get_account_password_policy(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.get_account_password_policy() |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'GetAccountPasswordPolicy', |
| }, |
| ignore_params_values=['Version']) |
| self.assertEquals(response['get_account_password_policy_response'] |
| ['get_account_password_policy_result']['password_policy'] |
| ['minimum_password_length'], '12') |
| |
| |
| class TestUpdateAccountPasswordPolicy(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <UpdateAccountPasswordPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> |
| <ResponseMetadata> |
| <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId> |
| </ResponseMetadata> |
| </UpdateAccountPasswordPolicyResponse> |
| """ |
| |
| def test_update_account_password_policy(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.update_account_password_policy(minimum_password_length=88) |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'UpdateAccountPasswordPolicy', |
| 'MinimumPasswordLength': 88 |
| }, |
| ignore_params_values=['Version']) |
| |
| |
| class TestDeleteAccountPasswordPolicy(AWSMockServiceTestCase): |
| connection_class = IAMConnection |
| |
| def default_body(self): |
| return b""" |
| <DeleteAccountPasswordPolicyResponse> |
| <ResponseMetadata> |
| <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId> |
| </ResponseMetadata> |
| </DeleteAccountPasswordPolicyResponse> |
| """ |
| |
| def test_delete_account_password_policy(self): |
| self.set_http_response(status_code=200) |
| response = self.service_connection.delete_account_password_policy() |
| |
| self.assert_request_parameters( |
| { |
| 'Action': 'DeleteAccountPasswordPolicy' |
| }, |
| ignore_params_values=['Version']) |