public async Task Will_Return_A_Role_If_CreateRoleAsync_Response_Is_Ok()
{
// Arrange
var role = new Role();
var createRoleResponse = new CreateRoleResponse();
createRoleResponse.HttpStatusCode = HttpStatusCode.OK;
createRoleResponse.Role = role;
var amazonIdentityManagementServiceStubBuilder = new AmazonIdentityManagementServiceStubBuilder();
var getCallerIdentityResponse = new GetCallerIdentityResponse();
getCallerIdentityResponse.Account = "AccountDoesNotMatter";
var amazonSecurityTokenServiceStubBuilder = new AmazonSecurityTokenServiceStubBuilder();
var roleName = "doesNotMatter";
var identityManagementClient = new IdentityManagementServiceClientStub();
var sut = new AwsIdentityCommandClient(
amazonIdentityManagementServiceStubBuilder.WithCreateRoleResponse(createRoleResponse),
amazonSecurityTokenServiceStubBuilder.WithGetCallerIdentityResponse(getCallerIdentityResponse),
new PolicyTemplateRepositoryStub(),
identityManagementClient
);
// Act
var resultRole = await sut.PutRoleAsync(new RoleName(roleName));
// Assert
Assert.Same(role, resultRole);
}
public async Task Can_Create_A_Role()
{
// Arrange
var regionalEndpoint = RegionEndpoint.EUWest1;
var amazonIdentityManagementServiceClient = new AmazonIdentityManagementServiceClient(regionalEndpoint);
var amazonSecurityTokenServiceClient = new AmazonSecurityTokenServiceClient(regionalEndpoint);
var fakePolicyRepository = new FakePolicyTemplateRepository();
var identityManagementClient = new IdentityManagementServiceClient(new AmazonIdentityManagementServiceWrapper(amazonIdentityManagementServiceClient));
var awsIdentityClient = new AwsIdentityCommandClient(
amazonIdentityManagementServiceClient,
amazonSecurityTokenServiceClient,
fakePolicyRepository,
identityManagementClient
);
var roleName = RoleName.Create("test-role-do-delete-33");
var role = await awsIdentityClient.EnsureRoleExistsAsync(roleName);
try
{
// Act
// Assert
}
finally
{
await identityManagementClient.DeleteRoleAsync(roleName);
}
}
public async Task Will_Throw_A_Exception_If_CreateRoleAsync_Response_Is_Not_Ok()
{
// Arrange
var createRoleResponse = new CreateRoleResponse();
createRoleResponse.HttpStatusCode = HttpStatusCode.ServiceUnavailable;
createRoleResponse.ResponseMetadata = new ResponseMetadata();
createRoleResponse.ResponseMetadata.Metadata["foo"] = "bar";
var amazonIdentityManagementServiceStubBuilder = new AmazonIdentityManagementServiceStubBuilder();
var getCallerIdentityResponse = new GetCallerIdentityResponse();
getCallerIdentityResponse.Account = "AccountDoesNotMatter";
var amazonSecurityTokenServiceStubBuilder = new AmazonSecurityTokenServiceStubBuilder();
var roleName = "doesNotMatter";
var identityManagementClient = new IdentityManagementServiceClientStub();
var sut = new AwsIdentityCommandClient(
amazonIdentityManagementServiceStubBuilder.WithCreateRoleResponse(createRoleResponse),
amazonSecurityTokenServiceStubBuilder.WithGetCallerIdentityResponse(getCallerIdentityResponse),
new PolicyTemplateRepositoryStub(),
identityManagementClient
);
// Act / Assert
await Assert.ThrowsAsync <Exception>(() => sut.PutRoleAsync(new RoleName(roleName)));
}
public void Will_Set_RoleName()
{
var accountArn = new AwsAccountArn("foo");
var roleName = new RoleName("baa");
var sut = new AwsIdentityCommandClient(null, null, null, null);
// Act
var assumableRoleRequest = sut.CreateRoleRequest(accountArn, roleName);
// Assert
Assert.Equal(roleName, assumableRoleRequest.RoleName);
}
//allowed or denied access to a resource. The
public void Principal_Will_Point_To_Federated_Login()
{
var accountArn = new AwsAccountArn("foo");
var roleName = new RoleName("baa");
var sut = new AwsIdentityCommandClient(null, null, null, null);
// Act
var assumableRoleRequest = sut.CreateRoleRequest(accountArn, roleName);
// Assert
var expectedSubstring = "Principal\":{\"Federated\":\"arn:aws:iam::foo:saml-provider/ADFS\"}";//@"{""Effect"":""Allow"",""Principal"":{""AWS"":""" + accountArn + @"""}";
Assert.Contains(expectedSubstring, assumableRoleRequest.AssumeRolePolicyDocument);
}
