Beispiel #1
0
func (s *AmazonClientSuite) SetUpSuite(c *C) {
	if !testutil.Amazon {
		c.Skip("AmazonClientSuite tests not enabled")
	}
	s.srv.SetUp(c)
	s.iam = iam.New(s.srv.auth, aws.USEast)
}
Beispiel #2
0
// getIAMEndpoint returns an iam.IAM instance configured to access the endpoint
// defined in aws:iam:endpoint. If this setting is undefined, it will use the
// default endpoint (https://iam.amazonaws.com).
func getIAMEndpoint() *iam.IAM {
	endpoint, err := config.GetString("aws:iam:endpoint")
	if err != nil {
		endpoint = "https://iam.amazonaws.com/"
	}
	region := aws.Region{IAMEndpoint: endpoint}
	return iam.New(getAWSAuth(), region)
}
Beispiel #3
0
func (s *S) TestCreateIAMUser(c *gocheck.C) {
	user, err := createIAMUser("rules")
	c.Assert(err, gocheck.IsNil)
	c.Assert(user.Name, gocheck.Equals, "rules")
	c.Assert(user.Path, gocheck.Equals, "/rules/")
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	_, err = iamClient.GetUser(user.Name)
	defer iamClient.DeleteUser(user.Name)
	c.Assert(err, gocheck.IsNil)
}
Beispiel #4
0
func (s *S) TestCreateIAMUserBackward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	app := App{Name: "escape"}
	user, err := createIAMUser(app.Name)
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(user.Name)
	ctx := action.BWContext{Params: []interface{}{&app}, FWResult: user}
	createIAMUserAction.Backward(ctx)
	_, err = iamClient.GetUser(user.Name)
	c.Assert(err, gocheck.NotNil)
}
Beispiel #5
0
func (s *S) TestCreateIAMUserForward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	app := App{Name: "trapped"}
	ctx := action.FWContext{Params: []interface{}{&app}, Previous: &app}
	result, err := createIAMUserAction.Forward(ctx)
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(app.Name)
	u, ok := result.(*iam.User)
	c.Assert(ok, gocheck.Equals, true)
	c.Assert(u.Name, gocheck.Equals, app.Name)
}
Beispiel #6
0
func (s *S) TestCreateIAMAccessKey(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	user, err := createIAMUser("hit")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(user.Name)
	key, err := createIAMAccessKey(user)
	c.Assert(err, gocheck.IsNil)
	c.Assert(key.Id, gocheck.Not(gocheck.Equals), "")
	c.Assert(key.Secret, gocheck.Equals, "")
	c.Assert(key.UserName, gocheck.Equals, user.Name)
}
Beispiel #7
0
func (s *S) TestCreateIAMAccessKeyBackward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	resp, err := iamClient.CreateUser("myuser", "/")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(resp.User.Name)
	kresp, err := iamClient.CreateAccessKey(resp.User.Name)
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteAccessKey(kresp.AccessKey.Id, resp.User.Name)
	ctx := action.BWContext{Params: []interface{}{nil}, FWResult: &kresp.AccessKey}
	createIAMAccessKeyAction.Backward(ctx)
	akResp, err := iamClient.AccessKeys(resp.User.Name)
	c.Assert(err, gocheck.IsNil)
	c.Assert(akResp.AccessKeys, gocheck.HasLen, 0)
}
Beispiel #8
0
func (s *S) TestCreateIAMAccessKeyForward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	resp, err := iamClient.CreateUser("puppets", "/")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(resp.User.Name)
	ctx := action.FWContext{Params: []interface{}{nil}, Previous: &resp.User}
	result, err := createIAMAccessKeyAction.Forward(ctx)
	c.Assert(err, gocheck.IsNil)
	ak, ok := result.(*iam.AccessKey)
	c.Assert(ok, gocheck.Equals, true)
	c.Assert(ak.UserName, gocheck.Equals, resp.User.Name)
	c.Assert(ak.Id, gocheck.Not(gocheck.Equals), "")
	c.Assert(ak.Secret, gocheck.Equals, "")
	defer iamClient.DeleteAccessKey(ak.Id, ak.UserName)
}
Beispiel #9
0
func (s *S) TestCreateIAMUserPolicy(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	user, err := createIAMUser("fight")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(user.Name)
	userPolicy, err := createIAMUserPolicy(user, "fight", "mybucket")
	c.Assert(err, gocheck.IsNil)
	c.Assert(userPolicy.UserName, gocheck.Equals, user.Name)
	c.Assert(userPolicy.Name, gocheck.Equals, "app-fight-bucket")
	resp, err := iamClient.GetUserPolicy(user.Name, userPolicy.Name)
	c.Assert(err, gocheck.IsNil)
	var buf bytes.Buffer
	policy.Execute(&buf, "mybucket")
	c.Assert(resp.Policy.Document, gocheck.Equals, buf.String())
}
Beispiel #10
0
func (s *S) TestCreateUserPolicyBackward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	resp, err := iamClient.CreateUser("blackened", "/")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(resp.User.Name)
	app := App{Name: resp.User.Name}
	env := s3Env{
		Auth:               aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"},
		bucket:             app.Name,
		endpoint:           s.t.S3Server.URL(),
		locationConstraint: true,
	}
	_, err = iamClient.PutUserPolicy(resp.User.Name, "app-blackened-bucket", "null")
	c.Assert(err, gocheck.IsNil)
	ctx := action.BWContext{Params: []interface{}{&app}, FWResult: &env}
	createUserPolicyAction.Backward(ctx)
	_, err = iamClient.GetUserPolicy(resp.User.Name, "app-blackened-bucket")
	c.Assert(err, gocheck.NotNil)
}
Beispiel #11
0
func (s *S) TestCreateUserPolicyForward(c *gocheck.C) {
	auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
	region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
	iamClient := iam.New(auth, region)
	resp, err := iamClient.CreateUser("blackened", "/")
	c.Assert(err, gocheck.IsNil)
	defer iamClient.DeleteUser(resp.User.Name)
	app := App{Name: resp.User.Name}
	env := s3Env{
		Auth:               aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"},
		bucket:             app.Name,
		endpoint:           s.t.S3Server.URL(),
		locationConstraint: true,
	}
	ctx := action.FWContext{Params: []interface{}{&app}, Previous: &env}
	result, err := createUserPolicyAction.Forward(ctx)
	c.Assert(err, gocheck.IsNil)
	e, ok := result.(*s3Env)
	c.Assert(ok, gocheck.Equals, true)
	c.Assert(e, gocheck.Equals, &env)
	_, err = iamClient.GetUserPolicy(resp.User.Name, "app-blackened-bucket")
	c.Assert(err, gocheck.IsNil)
}
Beispiel #12
0
func (s *S) SetUpSuite(c *C) {
	s.HTTPSuite.SetUpSuite(c)
	auth := aws.Auth{"abc", "123"}
	s.iam = iam.New(auth, aws.Region{IAMEndpoint: testServer.URL})
}
Beispiel #13
0
func (s *LocalServerSuite) SetUpSuite(c *C) {
	s.srv.SetUp(c)
	s.ClientTests.iam = iam.New(s.srv.auth, s.srv.region)
}