Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_get_credentials_invalid_profile_error(__init__: MagicMock, safe_print: MagicMock, isatty: MagicMock):
__init__.return_value = None
args = argparse.Namespace(json=None, with_saml=False, with_web_identity=False)
profiles = {}
obj = app.Awsume()
obj.config = {}
obj.plugin_manager = MagicMock()
isatty.return_value = True
obj.plugin_manager.hook.get_credentials.side_effect = InvalidProfileError(profile_name='profile')
with pytest.raises(SystemExit):
obj.get_credentials(args, profiles)
obj.plugin_manager.hook.catch_invalid_profile_exception.assert_called_with(config=obj.config, arguments=args, error=obj.plugin_manager.hook.get_credentials.side_effect, profiles=profiles)
if len(roles) > 1:
if args.role_arn and args.principal_arn:
principal_plus_role_arn = ','.join(args.role_arn, args.principal_arn)
if self.config.get('fuzzy-match'):
choice = difflib.get_close_matches(principal_plus_role_arn, roles, cutoff=0)[0]
safe_print('Closest match: {}'.format(choice))
else:
if principal_plus_role_arn not in roles:
raise exceptions.SAMLRoleNotFoundError(args.principal_arn, args.role_arn)
else:
choice = principal_plus_role_arn
elif args.profile_name:
profile_role_arn = profiles.get(args.profile_name, {}).get('role_arn')
principal_arn = profiles.get(args.profile_name, {}).get('principal_arn')
if profile_role_arn is None or principal_arn is None:
raise exceptions.InvalidProfileError(args.profile_name, 'both role_arn and principal_arn are necessary for saml profiles')
principal_plus_profile_role_arn = ','.join([principal_arn, profile_role_arn])
if principal_plus_profile_role_arn in roles:
choice = principal_plus_profile_role_arn
else:
raise exceptions.SAMLRoleNotFoundError(principal_arn, profile_role_arn)
safe_print('Match: {}'.format(choice))
else:
for index, choice in enumerate(roles):
safe_print('{}) {}'.format(index, choice), color=colorama.Fore.LIGHTYELLOW_EX)
safe_print('Which role do you want to assume? > ', end='', color=colorama.Fore.LIGHTCYAN_EX)
response = input()
if response.isnumeric():
choice = roles[int(response)]
else:
choice = difflib.get_close_matches(response, roles, cutoff=0)[0]
role_arn = choice.split(',')[1]
def validate_profile(config: dict, arguments: argparse.Namespace, profiles: dict, target_profile_name: str) -> bool:
logger.debug('Validating profile')
profile = get_profile(config, arguments, profiles, target_profile_name)
if not profile:
raise exceptions.ProfileNotFoundError(profile_name=target_profile_name)
# validate role profiles
if 'role_arn' in profile:
if profile.get('credential_process'):
raise exceptions.InvalidProfileError(target_profile_name, message='awsume does not support the credential_process profile option: {}')
if profile.get('credential_source') and profile.get('source_profile'):
raise exceptions.InvalidProfileError(target_profile_name, message='credential_source and source_profile are mutually exclusive profile options')
if not profile.get('credential_source') and not profile.get('source_profile') and not profile.get('principal_arn'):
raise exceptions.InvalidProfileError(target_profile_name, message='role profiles must contain one of credential_source or source_profile')
if profile.get('credential_source') not in VALID_CREDENTIAL_SOURCES:
raise exceptions.InvalidProfileError(target_profile_name, message='unsupported awsume credential_source profile option: {}'.format(profile.get('credential_source')))
source_profile_name = profile.get('source_profile')
if source_profile_name and not profiles.get(source_profile_name):
raise exceptions.ProfileNotFoundError(profile_name=source_profile_name)
user_profile = get_source_profile(profiles, target_profile_name)
user_profile_name = source_profile_name
else:
user_profile = profile
user_profile_name = target_profile_name
# validate user profile
raise exceptions.ProfileNotFoundError(profile_name=source_profile_name)
user_profile = get_source_profile(profiles, target_profile_name)
user_profile_name = source_profile_name
else:
user_profile = profile
user_profile_name = target_profile_name
# validate user profile
if user_profile:
missing_keys = []
if 'aws_access_key_id' not in user_profile:
missing_keys.append('aws_access_key_id')
if 'aws_secret_access_key' not in user_profile:
missing_keys.append('aws_secret_access_key')
if missing_keys:
raise exceptions.InvalidProfileError(user_profile_name, message='Missing keys {}'.format(', '.join(missing_keys)))
# validate arguments with profile
if 'role_arn' not in profile and arguments.auto_refresh:
raise exceptions.ValidationException('Cannot use autoawsume with non-role profile')
return True