private void AssertFederatedCredentialsAreEqual(FederatedAWSCredentials expected, AWSCredentials actualAWSCredentials)
{
var actual = actualAWSCredentials as FederatedAWSCredentials;
Assert.IsNotNull(actual);
Assert.AreEqual(expected.SAMLEndpoint.Name, actual.SAMLEndpoint.Name);
Assert.AreEqual(expected.RoleArn, actual.RoleArn);
Assert.AreEqual(expected.Options.UserIdentity, actual.Options.UserIdentity);
}
public void GetCredentialsUserIdentityNoCallback()
{
var awsCredentials = new FederatedAWSCredentials(SomeSAMLEndpoint, RoleArn, new FederatedAWSCredentialsOptions()
{
UserIdentity = UserIdentity
});
AssertCallSTSFails(awsCredentials);
}
public void GetCredentialsSessionCached()
{
var sessionName = SomeSAMLEndpoint.Name + "," + RoleArn + ",";
var samlImmutableCredentials = new SAMLImmutableCredentials(AccessKeyID, SecretAccessKey, Token, DateTime.UtcNow.AddDays(1), Subject);
sessionManager.RegisterRoleSession(sessionName, samlImmutableCredentials);
var awsCredentials = new FederatedAWSCredentials(SomeSAMLEndpoint, RoleArn);
AssertSAMLImmutableCredentials(samlImmutableCredentials, awsCredentials.GetCredentials());
}
/// <summary>
/// Asserts that the call to GetCredentials() on the FederatedAWSCredentials is
/// actually attempting to call STS and failing.
/// </summary>
/// <param name="credentials"></param>
private void AssertCallSTSFails(FederatedAWSCredentials credentials)
{
AssertExtensions.ExpectException(() =>
{
throw AssertExtensions.ExpectException(() =>
{
throw AssertExtensions.ExpectException(() =>
{
credentials.GetCredentials();
}, typeof(AmazonClientException)).InnerException;
}, typeof(FederatedAuthenticationFailureException)).InnerException;
}, typeof(AdfsAuthenticationControllerException), new Regex("(The remote name could not be resolved: \'somesamlendpoint.com\')|(The remote server returned an error: \\(502\\) Bad Gateway.)"));
}
public void GetCredentialsUserCancels()
{
var awsCredentials = new FederatedAWSCredentials(SomeSAMLEndpoint, RoleArn, new FederatedAWSCredentialsOptions()
{
UserIdentity = UserIdentity,
CredentialRequestCallback = (e) => { return(null); }
});
AssertExtensions.ExpectException(() =>
{
awsCredentials.GetCredentials();
}, typeof(FederatedAuthenticationCancelledException), "User cancelled credential request.");
}
public void GetCredentialsUserIdentityAndCallback()
{
var awsCredentials = new FederatedAWSCredentials(SomeSAMLEndpoint, RoleArn, new FederatedAWSCredentialsOptions()
{
UserIdentity = UserIdentity,
CredentialRequestCallback = (e) => { throw new Exception("BLAH"); }
});
AssertExtensions.ExpectException(() =>
{
awsCredentials.GetCredentials();
}, typeof(Exception), "BLAH");
}
