From fb558bb1ca0b27ad516a9c3c01f39e033497d5c4 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 20 Mar 2014 18:29:39 +0200 Subject: [PATCH 1/4] add support for sts get_federation_token --- moto/sts/models.py | 8 +++++++- moto/sts/responses.py | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/moto/sts/models.py b/moto/sts/models.py index 3a9e64e0..f70c5917 100644 --- a/moto/sts/models.py +++ b/moto/sts/models.py @@ -4,9 +4,11 @@ from moto.core.utils import iso_8601_datetime class Token(object): - def __init__(self, duration): + def __init__(self, duration, name=None, policy=None): now = datetime.datetime.now() self.expiration = now + datetime.timedelta(seconds=duration) + self.name = name + self.policy = None @property def expiration_ISO8601(self): @@ -32,6 +34,10 @@ class STSBackend(BaseBackend): token = Token(duration=duration) return token + def get_federation_token(self, name, duration, policy): + token = Token(duration=duration, name=name, policy=policy) + return token + def assume_role(self, **kwargs): role = AssumedRole(**kwargs) return role diff --git a/moto/sts/responses.py b/moto/sts/responses.py index e97c9ec5..23561dd7 100644 --- a/moto/sts/responses.py +++ b/moto/sts/responses.py @@ -12,6 +12,15 @@ class TokenResponse(BaseResponse): template = Template(GET_SESSION_TOKEN_RESPONSE) return template.render(token=token) + def get_federation_token(self): + duration = int(self.querystring.get('DurationSeconds', [43200])[0]) + policy = self.querystring.get('Policy', None)[0] + name = self.querystring.get('Name')[0] + token = sts_backend.get_federation_token( + duration=duration, name=name, policy=policy) + template = Template(GET_FEDERATION_TOKEN_RESPONSE) + return template.render(token=token) + def assume_role(self): role_session_name = self.querystring.get('RoleSessionName')[0] role_arn = self.querystring.get('RoleArn')[0] @@ -46,6 +55,35 @@ GET_SESSION_TOKEN_RESPONSE = """ + + + + AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW + LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd + QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU + 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz + +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA== + + + wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY + + {{ token.expiration_ISO8601 }} + AKIAIOSFODNN7EXAMPLE + + + arn:aws:sts::123456789012:federated-user/{{ token.name }} + 123456789012:{{ token.name }} + + 6 + + + c6104cbe-af31-11e0-8154-cbc7ccf896c7 + +""" + + ASSUME_ROLE_RESPONSE = """ From 8e541ae9f80bce9f5b679d3584ebc77593caa898 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 20 Mar 2014 18:46:03 +0200 Subject: [PATCH 2/4] add unit tests for get_federation_token --- tests/test_sts/test_server.py | 10 ++++++++++ tests/test_sts/test_sts.py | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/tests/test_sts/test_server.py b/tests/test_sts/test_server.py index a1f428ca..5e57f56e 100644 --- a/tests/test_sts/test_server.py +++ b/tests/test_sts/test_server.py @@ -15,3 +15,13 @@ def test_sts_get_session_token(): res.status_code.should.equal(200) res.data.should.contain("SessionToken") res.data.should.contain("AccessKeyId") + + +def test_sts_get_federation_token(): + backend = server.create_backend_app("sts") + test_client = backend.test_client() + + res = test_client.get('/?Action=GetFederationToken&Name=Bob') + res.status_code.should.equal(200) + res.data.should.contain("SessionToken") + res.data.should.contain("AccessKeyId") diff --git a/tests/test_sts/test_sts.py b/tests/test_sts/test_sts.py index e0dbc9cd..04f37292 100644 --- a/tests/test_sts/test_sts.py +++ b/tests/test_sts/test_sts.py @@ -19,6 +19,20 @@ def test_get_session_token(): token.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY") +@freeze_time("2012-01-01 12:00:00") +@mock_sts +def test_get_federation_token(): + conn = boto.connect_sts() + token = conn.get_federation_token(duration=123, name="Bob") + + token.credentials.expiration.should.equal('2012-01-01T12:02:03Z') + token.credentials.session_token.should.equal("AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==") + token.credentials.access_key.should.equal("AKIAIOSFODNN7EXAMPLE") + token.credentials.secret_key.should.equal("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY") + token.federated_user_arn.should.equal("arn:aws:sts::123456789012:federated-user/Bob") + token.federated_user_id.should.equal("123456789012:Bob") + + @freeze_time("2012-01-01 12:00:00") @mock_sts def test_assume_role(): From bcc2aa3394fec95869a5c721267d104b38b5bcb7 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Fri, 21 Mar 2014 13:08:08 +0200 Subject: [PATCH 3/4] fix querystring handling in get_federation_token --- moto/sts/responses.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/moto/sts/responses.py b/moto/sts/responses.py index 23561dd7..845844a2 100644 --- a/moto/sts/responses.py +++ b/moto/sts/responses.py @@ -14,7 +14,7 @@ class TokenResponse(BaseResponse): def get_federation_token(self): duration = int(self.querystring.get('DurationSeconds', [43200])[0]) - policy = self.querystring.get('Policy', None)[0] + policy = self.querystring.get('Policy', [None])[0] name = self.querystring.get('Name')[0] token = sts_backend.get_federation_token( duration=duration, name=name, policy=policy) From b3608cac66107dedd3704f45424561bb96752c0b Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Fri, 21 Mar 2014 13:08:31 +0200 Subject: [PATCH 4/4] remove whitespace in sample responses in STS get_federation_token response --- moto/sts/responses.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/moto/sts/responses.py b/moto/sts/responses.py index 845844a2..5472fd07 100644 --- a/moto/sts/responses.py +++ b/moto/sts/responses.py @@ -59,16 +59,8 @@ GET_FEDERATION_TOKEN_RESPONSE = """ - - AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW - LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd - QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU - 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz - +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA== - - - wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY - + AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA== + wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY {{ token.expiration_ISO8601 }} AKIAIOSFODNN7EXAMPLE