python-botocore/tests/integration/test_credentials.py
2017-06-27 18:52:19 +09:00

124 lines
4.7 KiB
Python

# Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
import os
import mock
from botocore.session import Session
from tests import BaseEnvVar, temporary_file
class TestCredentialPrecedence(BaseEnvVar):
def setUp(self):
super(TestCredentialPrecedence, self).setUp()
# Set the config file to something that doesn't exist so
# that we don't accidentally load a config.
os.environ['AWS_CONFIG_FILE'] = '~/.aws/config-missing'
def create_session(self, *args, **kwargs):
"""
Create a new session with the given arguments. Additionally,
this method will set the credentials file to the test credentials
used by the following test cases.
"""
kwargs['session_vars'] = {
'credentials_file': (
None, None,
os.path.join(os.path.dirname(__file__), 'test-credentials'),
None)
}
return Session(*args, **kwargs)
def test_access_secret_vs_profile_env(self):
# If all three are given, then the access/secret keys should
# take precedence.
os.environ['AWS_ACCESS_KEY_ID'] = 'env'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'env-secret'
os.environ['AWS_DEFAULT_PROFILE'] = 'test'
s = self.create_session()
credentials = s.get_credentials()
self.assertEqual(credentials.access_key, 'env')
self.assertEqual(credentials.secret_key, 'env-secret')
@mock.patch('botocore.credentials.Credentials')
def test_access_secret_vs_profile_code(self, credentials_cls):
# If all three are given, then the access/secret keys should
# take precedence.
s = self.create_session(profile='test')
client = s.create_client('s3', aws_access_key_id='code',
aws_secret_access_key='code-secret')
credentials_cls.assert_called_with(
access_key='code', secret_key='code-secret', token=mock.ANY)
def test_profile_env_vs_code(self):
# If the profile is set both by the env var and by code,
# then the one set by code should take precedence.
os.environ['AWS_DEFAULT_PROFILE'] = 'test'
s = self.create_session(profile='default')
credentials = s.get_credentials()
self.assertEqual(credentials.access_key, 'default')
self.assertEqual(credentials.secret_key, 'default-secret')
@mock.patch('botocore.credentials.Credentials')
def test_access_secret_env_vs_code(self, credentials_cls):
# If the access/secret keys are set both as env vars and via
# code, then those set by code should take precedence.
os.environ['AWS_ACCESS_KEY_ID'] = 'env'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'secret'
s = self.create_session()
client = s.create_client('s3', aws_access_key_id='code',
aws_secret_access_key='code-secret')
credentials_cls.assert_called_with(
access_key='code', secret_key='code-secret', token=mock.ANY)
def test_access_secret_env_vs_profile_code(self):
# If access/secret keys are set in the environment, but then a
# specific profile is passed via code, then the access/secret
# keys defined in that profile should take precedence over
# the environment variables. Example:
#
# ``aws --profile dev s3 ls``
#
os.environ['AWS_ACCESS_KEY_ID'] = 'env'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'env-secret'
s = self.create_session(profile='test')
credentials = s.get_credentials()
self.assertEqual(credentials.access_key, 'test')
self.assertEqual(credentials.secret_key, 'test-secret')
def test_honors_aws_shared_credentials_file_env_var(self):
with temporary_file('w') as f:
f.write('[default]\n'
'aws_access_key_id=custom1\n'
'aws_secret_access_key=custom2\n')
f.flush()
os.environ['AWS_SHARED_CREDENTIALS_FILE'] = f.name
s = Session()
credentials = s.get_credentials()
self.assertEqual(credentials.access_key, 'custom1')
self.assertEqual(credentials.secret_key, 'custom2')