Fixed AssumedRole ARN.

2019-08-21 19:47:12 +02:00 · 2019-08-21 19:47:12 +02:00 · 3012740699
commit 3012740699
parent 6bdbd0dbc8
2 changed files with 14 additions and 5 deletions
--- a/tests/test_sts/test_sts.py
+++ b/tests/test_sts/test_sts.py
@ -66,7 +66,8 @@ def test_assume_role():
            },
        ]
    })
-    s3_role = "arn:aws:iam::{account_id}:role/test-role".format(account_id=ACCOUNT_ID)
+    role_name = "test-role"
+    s3_role = "arn:aws:iam::{account_id}:role/{role_name}".format(account_id=ACCOUNT_ID, role_name=role_name)
    assume_role_response = client.assume_role(RoleArn=s3_role, RoleSessionName=session_name,
                                              Policy=policy, DurationSeconds=900)

@ -78,7 +79,8 @@ def test_assume_role():
    assert credentials['AccessKeyId'].startswith("ASIA")
    credentials['SecretAccessKey'].should.have.length_of(40)

-    assume_role_response['AssumedRoleUser']['Arn'].should.equal(s3_role + "/" + session_name)
+    assume_role_response['AssumedRoleUser']['Arn'].should.equal("arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
+        account_id=ACCOUNT_ID, role_name=role_name, session_name=session_name))
    assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].startswith("AROA")
    assert assume_role_response['AssumedRoleUser']['AssumedRoleId'].endswith(":" + session_name)
    assume_role_response['AssumedRoleUser']['AssumedRoleId'].should.have.length_of(21 + 1 + len(session_name))
@ -103,7 +105,8 @@ def test_assume_role_with_web_identity():
            },
        ]
    })
-    s3_role = "arn:aws:iam::{account_id}:role/test-role".format(account_id=ACCOUNT_ID)
+    role_name = "test-role"
+    s3_role = "arn:aws:iam::{account_id}:role/{role_name}".format(account_id=ACCOUNT_ID, role_name=role_name)
    session_name = "session-name"
    role = conn.assume_role_with_web_identity(
        s3_role, session_name, policy, duration_seconds=123)
@ -116,7 +119,8 @@ def test_assume_role_with_web_identity():
    assert credentials.access_key.startswith("ASIA")
    credentials.secret_key.should.have.length_of(40)

-    role.user.arn.should.equal(s3_role + "/" + session_name)
+    role.user.arn.should.equal("arn:aws:sts::{account_id}:assumed-role/{role_name}/{session_name}".format(
+        account_id=ACCOUNT_ID, role_name=role_name, session_name=session_name))
    role.user.assume_role_id.should.contain("session-name")