-
Notifications
You must be signed in to change notification settings - Fork 25
Test Plan
Below are instructions on how to install awscli-login for manual testing in a Unix environment. If you are performing testing on a Windows environment you may want to use a docker container for testing. All the instructions and examples below were tested in a Python docker container.
$ docker run -it --rm python bash
-
First install and activate a virtual environment
# pip install virtualenv # virtualenv venv # source venv/bin/activate (venv) # -
Install awscli-login
If you want to test the latest development release with production dependencies type:
(venv) # pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple awscli-loginIf you need to test code that is checked out locally then type:
(venv) # git clone -b feature/TEST_BRANCH https://github.com/YOUR_GIT_ID/awscli-login.git (venv) # cd awscli-login (venv) # pip install -e . -
Enable plugin
If this is your first time installing the plugin then enable it in your
~/.aws/configfile by typing:(venv) # aws configure set plugins.login awscli_login -
Configure a test profile
You should configure a fresh test profile for use with the following test plan
(venv) # aws --profile test configure set region us-east-2 (venv) # aws --profile test configure set cli_follow_urlparam off (venv) # aws --profile test login configure ECP Endpoint URL [None]: https://shibboleth.illinois.edu/idp/profile/SAML2/SOAP/ECP Username [None]: YOUR_NETID Enable Keyring [False]: Duo Factor [None]: Role ARN [None]:
-
Basic usage
First let's make sure things work in the simple case. You will only receive a selection screen if you have access to more than one role.
-
Login using any factor that is handy
(venv) # aws login --profile test Password: Factor: auto -
Verify the credentials function
(venv) # aws --profile test sts get-caller-identity { "UserId": "AROAJXYHRY7CGHBN5NE3O:ddriddle@illinois.edu", "Account": "224588347132", "Arn": "arn:aws:sts::224588347132:assumed-role/ApplicationServicesAdmins/ddriddle@illinois.edu" } -
Logout and verify credentials no longer function
(venv) # aws --profile test logout (venv) # aws --profile test sts get-caller-identity An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
-
-
Bad endpoint urls
Please be sure to provide a fake password with these tests.
- Missing schema
(venv) # aws login --profile test --ecp-endpoint-url foo.net --password bar --factor auto Invalid URL 'foo.net': No schema supplied. Perhaps you meant http://foo.net?- Regular random website
(venv) # aws login --profile test --ecp-endpoint-url https://google.com --password bar --factor auto 405 Client Error: Method Not Allowed for url: https://google.com/- Unresolvable Hostname
(venv) # aws login --profile test --ecp-endpoint-url https://foo.illionis.edu --password bar --factor auto HTTPSConnectionPool(host='foo.illionis.edu', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f92cfe2d490>: Failed to establish a new connection: [Errno -2] Name or service not known')) -
Ensure all properties and flags work
Set all properties and flags to ensure they work as expected. Ensure that flags can override properties. To each with both good input and bad input to ensure a reasonable error message is returned.
Property Good data Bad data Argument Good data Bad data Override ecp_endpoint_url --ecp-endpoint-url username --username password --password role_arn --role-arn enable-keyring --ask-password factor --factor passcode --passcode disable_refresh --disable-refresh refresh --refresh duration --duratione http_header_factor --http-header-factor http_header_passcode --http-header-passcode http_header_passcode --http-header-passcode --verbose N/A --force-refresh N/A