2019-08-03 07:08:36 +02:00
|
|
|
# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
|
|
|
|
# may not use this file except in compliance with the License. A copy of
|
|
|
|
|
# the License is located at
|
|
|
|
|
#
|
|
|
|
|
# http://aws.amazon.com/apache2.0/
|
|
|
|
|
#
|
|
|
|
|
# or in the "license" file accompanying this file. This file is
|
|
|
|
|
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
|
|
|
|
# ANY KIND, either express or implied. See the License for the specific
|
|
|
|
|
# language governing permissions and limitations under the License.
|
|
|
|
|
import os
|
|
|
|
|
import shutil
|
2022-05-26 00:10:07 +02:00
|
|
|
import tempfile
|
|
|
|
|
|
|
|
|
|
from urllib3.exceptions import LocationParseError
|
2019-08-03 07:08:36 +02:00
|
|
|
|
2021-11-03 18:14:15 +01:00
|
|
|
from botocore.exceptions import (
|
2022-05-26 00:10:07 +02:00
|
|
|
ConnectionClosedError,
|
|
|
|
|
HTTPClientError,
|
|
|
|
|
InvalidIMDSEndpointError,
|
2021-11-03 18:14:15 +01:00
|
|
|
)
|
2021-01-26 16:12:20 +01:00
|
|
|
from botocore.utils import FileWebIdentityTokenLoader, InstanceMetadataFetcher
|
2022-05-26 00:10:07 +02:00
|
|
|
from tests import mock, unittest
|
2019-08-03 07:08:36 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestFileWebIdentityTokenLoader(unittest.TestCase):
|
|
|
|
|
def setUp(self):
|
2022-05-26 00:10:07 +02:00
|
|
|
super().setUp()
|
2019-08-03 07:08:36 +02:00
|
|
|
self.tempdir = tempfile.mkdtemp()
|
|
|
|
|
self.token = 'totally.a.token'
|
|
|
|
|
self.token_file = os.path.join(self.tempdir, 'token.jwt')
|
|
|
|
|
self.write_token(self.token)
|
|
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
|
shutil.rmtree(self.tempdir)
|
2022-05-26 00:10:07 +02:00
|
|
|
super().tearDown()
|
2019-08-03 07:08:36 +02:00
|
|
|
|
|
|
|
|
def write_token(self, token, path=None):
|
|
|
|
|
if path is None:
|
|
|
|
|
path = self.token_file
|
|
|
|
|
with open(path, 'w') as f:
|
|
|
|
|
f.write(token)
|
|
|
|
|
|
|
|
|
|
def test_can_load_token(self):
|
|
|
|
|
loader = FileWebIdentityTokenLoader(self.token_file)
|
|
|
|
|
token = loader()
|
|
|
|
|
self.assertEqual(self.token, token)
|
2021-01-26 16:12:20 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestInstanceMetadataFetcher(unittest.TestCase):
|
|
|
|
|
def test_catch_retryable_http_errors(self):
|
2022-05-26 00:10:07 +02:00
|
|
|
with mock.patch(
|
|
|
|
|
'botocore.httpsession.URLLib3Session.send'
|
|
|
|
|
) as send_mock:
|
2021-01-26 16:12:20 +01:00
|
|
|
fetcher = InstanceMetadataFetcher()
|
|
|
|
|
send_mock.side_effect = ConnectionClosedError(endpoint_url="foo")
|
|
|
|
|
creds = fetcher.retrieve_iam_role_credentials()
|
2021-09-22 22:53:42 +02:00
|
|
|
self.assertEqual(send_mock.call_count, 2)
|
2021-01-26 16:12:20 +01:00
|
|
|
for call_instance in send_mock.call_args_list:
|
2022-05-26 00:10:07 +02:00
|
|
|
self.assertTrue(
|
|
|
|
|
call_instance[0][0].url.startswith(fetcher.get_base_url())
|
|
|
|
|
)
|
2021-09-22 22:53:42 +02:00
|
|
|
self.assertEqual(creds, {})
|
2021-01-26 16:12:20 +01:00
|
|
|
|
|
|
|
|
def test_catch_invalid_imds_error(self):
|
2022-05-26 00:10:07 +02:00
|
|
|
with mock.patch(
|
|
|
|
|
'botocore.httpsession.URLLib3Session.send'
|
|
|
|
|
) as send_mock:
|
2021-01-26 16:12:20 +01:00
|
|
|
fetcher = InstanceMetadataFetcher()
|
|
|
|
|
e = LocationParseError(location="foo")
|
|
|
|
|
send_mock.side_effect = HTTPClientError(error=e)
|
|
|
|
|
with self.assertRaises(InvalidIMDSEndpointError):
|
|
|
|
|
fetcher.retrieve_iam_role_credentials()
|
