1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
package sts_test
import (
"testing"
"time"
. "gopkg.in/check.v1"
"github.com/goamz/goamz/aws"
"github.com/goamz/goamz/sts"
"github.com/goamz/goamz/testutil"
)
func Test(t *testing.T) {
TestingT(t)
}
var _ = Suite(&S{})
type S struct {
sts *sts.STS
}
var testServer = testutil.NewHTTPServer()
var mockTest bool
func (s *S) SetUpSuite(c *C) {
testServer.Start()
auth := aws.Auth{AccessKey: "abc", SecretKey: "123"}
s.sts = sts.New(auth, aws.Region{STSEndpoint: testServer.URL})
}
func (s *S) TearDownTest(c *C) {
testServer.Flush()
}
func (s *S) TestAssumeRole(c *C) {
testServer.Response(200, nil, AssumeRoleResponse)
request := &sts.AssumeRoleParams{
DurationSeconds: 3600,
ExternalId: "123ABC",
Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}`,
RoleArn: "arn:aws:iam::123456789012:role/demo",
RoleSessionName: "Bob",
}
resp, err := s.sts.AssumeRole(request)
c.Assert(err, IsNil)
values := testServer.WaitRequest().PostForm
// Post request test
c.Assert(values.Get("Version"), Equals, "2011-06-15")
c.Assert(values.Get("Action"), Equals, "AssumeRole")
c.Assert(values.Get("DurationSeconds"), Equals, "3600")
c.Assert(values.Get("ExternalId"), Equals, "123ABC")
c.Assert(values.Get("Policy"), Equals, `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}`)
c.Assert(values.Get("RoleArn"), Equals, "arn:aws:iam::123456789012:role/demo")
c.Assert(values.Get("RoleSessionName"), Equals, "Bob")
// Response test
exp, _ := time.Parse(time.RFC3339, "2011-07-15T23:28:33.359Z")
c.Assert(resp.RequestId, Equals, "c6104cbe-af31-11e0-8154-cbc7ccf896c7")
c.Assert(resp.PackedPolicySize, Equals, 6)
c.Assert(resp.AssumedRoleUser, DeepEquals, sts.AssumedRoleUser{
Arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob",
AssumedRoleId: "ARO123EXAMPLE123:Bob",
})
c.Assert(resp.Credentials, DeepEquals, sts.Credentials{
SessionToken: `
AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
`,
SecretAccessKey: `
wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY
`,
AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
Expiration: exp,
})
}
func (s *S) TestGetFederationToken(c *C) {
testServer.Response(200, nil, GetFederationTokenResponse)
resp, err := s.sts.GetFederationToken(
"Bob",
`{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}`,
3600,
)
c.Assert(err, IsNil)
values := testServer.WaitRequest().PostForm
// Post request test
c.Assert(values.Get("Version"), Equals, "2011-06-15")
c.Assert(values.Get("Action"), Equals, "GetFederationToken")
c.Assert(values.Get("DurationSeconds"), Equals, "3600")
c.Assert(values.Get("Policy"), Equals, `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}`)
c.Assert(values.Get("Name"), Equals, "Bob")
// Response test
exp, _ := time.Parse(time.RFC3339, "2011-07-15T23:28:33.359Z")
c.Assert(resp.RequestId, Equals, "c6104cbe-af31-11e0-8154-cbc7ccf896c7")
c.Assert(resp.PackedPolicySize, Equals, 6)
c.Assert(resp.FederatedUser, DeepEquals, sts.FederatedUser{
Arn: "arn:aws:sts::123456789012:federated-user/Bob",
FederatedUserId: "123456789012:Bob",
})
c.Assert(resp.Credentials, DeepEquals, sts.Credentials{
SessionToken: `
AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
`,
SecretAccessKey: `
wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY
`,
AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
Expiration: exp,
})
}
func (s *S) TestGetSessionToken(c *C) {
testServer.Response(200, nil, GetSessionTokenResponse)
resp, err := s.sts.GetSessionToken(3600, "YourMFADeviceSerialNumber", "123456")
c.Assert(err, IsNil)
values := testServer.WaitRequest().PostForm
// Post request test
c.Assert(values.Get("Version"), Equals, "2011-06-15")
c.Assert(values.Get("Action"), Equals, "GetSessionToken")
c.Assert(values.Get("DurationSeconds"), Equals, "3600")
c.Assert(values.Get("SerialNumber"), Equals, "YourMFADeviceSerialNumber")
c.Assert(values.Get("TokenCode"), Equals, "123456")
// Response test
exp, _ := time.Parse(time.RFC3339, "2011-07-11T19:55:29.611Z")
c.Assert(resp.RequestId, Equals, "58c5dbae-abef-11e0-8cfe-09039844ac7d")
c.Assert(resp.Credentials, DeepEquals, sts.Credentials{
SessionToken: `
AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/L
To6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3z
rkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtp
Z3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE
`,
SecretAccessKey: `
wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY
`,
AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
Expiration: exp,
})
}
|