mirror
/
s3-credentials
kopia lustrzana https://github.com/simonw/s3-credentials
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

create --duration --format ini, closes #17

pull/34/head
Simon Willison 2021-11-10 19:29:37 -08:00
rodzic 56cede90cc
commit f444ef1ba1
3 zmienionych plików z 70 dodań i 16 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

1
README.md
Wyświetl plik

@ -65,6 +65,7 @@ Created user: s3.read-write.static.niche-museums.com with permissions boundary:
Attached policy s3.read-write.static.niche-museums.com to user s3.read-write.static.niche-museums.com Attached policy s3.read-write.static.niche-museums.com to user s3.read-write.static.niche-museums.com
Created access key for user: s3.read-write.static.niche-museums.com Created access key for user: s3.read-write.static.niche-museums.com
% cat ini.txt % cat ini.txt
[default]
aws_access_key_id=AKIAWXFXAIOZKGXI4PVO aws_access_key_id=AKIAWXFXAIOZKGXI4PVO
aws_secret_access_key=... aws_secret_access_key=...
``` ```

14
s3_credentials/cli.py
Wyświetl plik

@ -242,6 +242,18 @@ def create(
Policy=json.dumps(bucket_access_policy), Policy=json.dumps(bucket_access_policy),
DurationSeconds=duration, DurationSeconds=duration,
) )
if format_ == "ini":
click.echo(
(
"[default]\naws_access_key_id={}\n"
"aws_secret_access_key={}\naws_session_token={}"
).format(
credentials_response["Credentials"]["AccessKeyId"],
credentials_response["Credentials"]["SecretAccessKey"],
credentials_response["Credentials"]["SessionToken"],
)
)
else:
click.echo( click.echo(
json.dumps(credentials_response["Credentials"], indent=4, default=str) json.dumps(credentials_response["Credentials"], indent=4, default=str)
) )
@ -307,7 +319,7 @@ def create(
log("Created access key for user: {}".format(username)) log("Created access key for user: {}".format(username))
if format_ == "ini": if format_ == "ini":
click.echo( click.echo(
("aws_access_key_id={}\n" "aws_secret_access_key={}").format( ("[default]\naws_access_key_id={}\n" "aws_secret_access_key={}").format(
response["AccessKey"]["AccessKeyId"], response["AccessKey"]["AccessKeyId"],
response["AccessKey"]["SecretAccessKey"], response["AccessKey"]["SecretAccessKey"],
) )

65
tests/test_s3_credentials.py
Wyświetl plik

@ -348,13 +348,8 @@ def test_create(
] ]
@pytest.mark.parametrize( @pytest.fixture
"options,use_policy_stdin,expected_policy,expected_name_fragment", def mocked_for_duration(mocker):
CREATE_TESTS,
)
def test_create_duration(
mocker, tmpdir, options, use_policy_stdin, expected_policy, expected_name_fragment
):
boto3 = mocker.patch("boto3.client") boto3 = mocker.patch("boto3.client")
boto3.return_value = Mock() boto3.return_value = Mock()
boto3.return_value.create_access_key.return_value = { boto3.return_value.create_access_key.return_value = {
@ -363,8 +358,27 @@ def test_create_duration(
boto3.return_value.get_caller_identity.return_value = {"Account": "1234"} boto3.return_value.get_caller_identity.return_value = {"Account": "1234"}
boto3.return_value.get_role.return_value = {"Role": {"Arn": "arn:::role"}} boto3.return_value.get_role.return_value = {"Role": {"Arn": "arn:::role"}}
boto3.return_value.assume_role.return_value = { boto3.return_value.assume_role.return_value = {
"Credentials": {"AccessKeyId": "access", "SecretAccessKey": "secret"} "Credentials": {
"AccessKeyId": "access",
"SecretAccessKey": "secret",
"SessionToken": "session",
} }
}
return boto3
@pytest.mark.parametrize(
"options,use_policy_stdin,expected_policy,expected_name_fragment",
CREATE_TESTS,
)
def test_create_duration(
mocked_for_duration,
tmpdir,
options,
use_policy_stdin,
expected_policy,
expected_name_fragment,
):
runner = CliRunner() runner = CliRunner()
with runner.isolated_filesystem(): with runner.isolated_filesystem():
filepath = str(tmpdir / "policy.json") filepath = str(tmpdir / "policy.json")
@ -386,9 +400,13 @@ def test_create_duration(
assert result.exit_code == 0 assert result.exit_code == 0
assert result.output == ( assert result.output == (
"Assume role against arn:::role for 900s\n" "Assume role against arn:::role for 900s\n"
'{\n "AccessKeyId": "access",\n "SecretAccessKey": "secret"\n}\n' "{\n"
' "AccessKeyId": "access",\n'
' "SecretAccessKey": "secret",\n'
' "SessionToken": "session"\n'
"}\n"
) )
assert [str(c) for c in boto3.mock_calls] == [ assert [str(c) for c in mocked_for_duration.mock_calls] == [
"call('s3')", "call('s3')",
"call('iam')", "call('iam')",
"call('sts')", "call('sts')",
@ -408,7 +426,11 @@ def test_create_format_ini(mocker):
boto3 = mocker.patch("boto3.client") boto3 = mocker.patch("boto3.client")
boto3.return_value = Mock() boto3.return_value = Mock()
boto3.return_value.create_access_key.return_value = { boto3.return_value.create_access_key.return_value = {
"AccessKey": {"AccessKeyId": "access", "SecretAccessKey": "secret"} "AccessKey": {
"AccessKeyId": "access",
"SecretAccessKey": "secret",
"SessionToken": "session",
}
} }
runner = CliRunner(mix_stderr=False) runner = CliRunner(mix_stderr=False)
result = runner.invoke( result = runner.invoke(
@ -416,7 +438,26 @@ def test_create_format_ini(mocker):
["create", "test-bucket", "-c", "-f", "ini"], ["create", "test-bucket", "-c", "-f", "ini"],
) )
assert result.exit_code == 0 assert result.exit_code == 0
assert result.stdout == "aws_access_key_id=access\naws_secret_access_key=secret\n" assert (
result.stdout
== "[default]\naws_access_key_id=access\naws_secret_access_key=secret\n"
)
def test_create_format_duration_ini(mocked_for_duration):
runner = CliRunner(mix_stderr=False)
result = runner.invoke(
cli,
["create", "test-bucket", "-c", "--duration", "15m", "-f", "ini"],
catch_exceptions=False,
)
assert result.exit_code == 0
assert result.stdout == (
"[default]\n"
"aws_access_key_id=access\n"
"aws_secret_access_key=secret\n"
"aws_session_token=session\n"
)
def test_list_user_policies(mocker): def test_list_user_policies(mocker):