func (s *AmazonClientSuite) SetUpSuite(c *C) {
if !testutil.Amazon {
c.Skip("AmazonClientSuite tests not enabled")
}
s.srv.SetUp(c)
s.iam = iam.New(s.srv.auth, aws.USEast)
}
// getIAMEndpoint returns an iam.IAM instance configured to access the endpoint
// defined in aws:iam:endpoint. If this setting is undefined, it will use the
// default endpoint (https://iam.amazonaws.com).
func getIAMEndpoint() *iam.IAM {
endpoint, err := config.GetString("aws:iam:endpoint")
if err != nil {
endpoint = "https://iam.amazonaws.com/"
}
region := aws.Region{IAMEndpoint: endpoint}
return iam.New(getAWSAuth(), region)
}
func (s *S) TestCreateIAMUser(c *gocheck.C) {
user, err := createIAMUser("rules")
c.Assert(err, gocheck.IsNil)
c.Assert(user.Name, gocheck.Equals, "rules")
c.Assert(user.Path, gocheck.Equals, "/rules/")
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
_, err = iamClient.GetUser(user.Name)
defer iamClient.DeleteUser(user.Name)
c.Assert(err, gocheck.IsNil)
}
func (s *S) TestCreateIAMUserBackward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
app := App{Name: "escape"}
user, err := createIAMUser(app.Name)
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(user.Name)
ctx := action.BWContext{Params: []interface{}{&app}, FWResult: user}
createIAMUserAction.Backward(ctx)
_, err = iamClient.GetUser(user.Name)
c.Assert(err, gocheck.NotNil)
}
func (s *S) TestCreateIAMUserForward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
app := App{Name: "trapped"}
ctx := action.FWContext{Params: []interface{}{&app}, Previous: &app}
result, err := createIAMUserAction.Forward(ctx)
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(app.Name)
u, ok := result.(*iam.User)
c.Assert(ok, gocheck.Equals, true)
c.Assert(u.Name, gocheck.Equals, app.Name)
}
func (s *S) TestCreateIAMAccessKey(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
user, err := createIAMUser("hit")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(user.Name)
key, err := createIAMAccessKey(user)
c.Assert(err, gocheck.IsNil)
c.Assert(key.Id, gocheck.Not(gocheck.Equals), "")
c.Assert(key.Secret, gocheck.Equals, "")
c.Assert(key.UserName, gocheck.Equals, user.Name)
}
func (s *S) TestCreateIAMAccessKeyBackward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
resp, err := iamClient.CreateUser("myuser", "/")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(resp.User.Name)
kresp, err := iamClient.CreateAccessKey(resp.User.Name)
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteAccessKey(kresp.AccessKey.Id, resp.User.Name)
ctx := action.BWContext{Params: []interface{}{nil}, FWResult: &kresp.AccessKey}
createIAMAccessKeyAction.Backward(ctx)
akResp, err := iamClient.AccessKeys(resp.User.Name)
c.Assert(err, gocheck.IsNil)
c.Assert(akResp.AccessKeys, gocheck.HasLen, 0)
}
func (s *S) TestCreateIAMAccessKeyForward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
resp, err := iamClient.CreateUser("puppets", "/")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(resp.User.Name)
ctx := action.FWContext{Params: []interface{}{nil}, Previous: &resp.User}
result, err := createIAMAccessKeyAction.Forward(ctx)
c.Assert(err, gocheck.IsNil)
ak, ok := result.(*iam.AccessKey)
c.Assert(ok, gocheck.Equals, true)
c.Assert(ak.UserName, gocheck.Equals, resp.User.Name)
c.Assert(ak.Id, gocheck.Not(gocheck.Equals), "")
c.Assert(ak.Secret, gocheck.Equals, "")
defer iamClient.DeleteAccessKey(ak.Id, ak.UserName)
}
func (s *S) TestCreateIAMUserPolicy(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
user, err := createIAMUser("fight")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(user.Name)
userPolicy, err := createIAMUserPolicy(user, "fight", "mybucket")
c.Assert(err, gocheck.IsNil)
c.Assert(userPolicy.UserName, gocheck.Equals, user.Name)
c.Assert(userPolicy.Name, gocheck.Equals, "app-fight-bucket")
resp, err := iamClient.GetUserPolicy(user.Name, userPolicy.Name)
c.Assert(err, gocheck.IsNil)
var buf bytes.Buffer
policy.Execute(&buf, "mybucket")
c.Assert(resp.Policy.Document, gocheck.Equals, buf.String())
}
func (s *S) TestCreateUserPolicyBackward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
resp, err := iamClient.CreateUser("blackened", "/")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(resp.User.Name)
app := App{Name: resp.User.Name}
env := s3Env{
Auth: aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"},
bucket: app.Name,
endpoint: s.t.S3Server.URL(),
locationConstraint: true,
}
_, err = iamClient.PutUserPolicy(resp.User.Name, "app-blackened-bucket", "null")
c.Assert(err, gocheck.IsNil)
ctx := action.BWContext{Params: []interface{}{&app}, FWResult: &env}
createUserPolicyAction.Backward(ctx)
_, err = iamClient.GetUserPolicy(resp.User.Name, "app-blackened-bucket")
c.Assert(err, gocheck.NotNil)
}
func (s *S) TestCreateUserPolicyForward(c *gocheck.C) {
auth := aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"}
region := aws.Region{IAMEndpoint: s.t.IamServer.URL()}
iamClient := iam.New(auth, region)
resp, err := iamClient.CreateUser("blackened", "/")
c.Assert(err, gocheck.IsNil)
defer iamClient.DeleteUser(resp.User.Name)
app := App{Name: resp.User.Name}
env := s3Env{
Auth: aws.Auth{AccessKey: "access", SecretKey: "s3cr3t"},
bucket: app.Name,
endpoint: s.t.S3Server.URL(),
locationConstraint: true,
}
ctx := action.FWContext{Params: []interface{}{&app}, Previous: &env}
result, err := createUserPolicyAction.Forward(ctx)
c.Assert(err, gocheck.IsNil)
e, ok := result.(*s3Env)
c.Assert(ok, gocheck.Equals, true)
c.Assert(e, gocheck.Equals, &env)
_, err = iamClient.GetUserPolicy(resp.User.Name, "app-blackened-bucket")
c.Assert(err, gocheck.IsNil)
}
func (s *S) SetUpSuite(c *C) {
s.HTTPSuite.SetUpSuite(c)
auth := aws.Auth{"abc", "123"}
s.iam = iam.New(auth, aws.Region{IAMEndpoint: testServer.URL})
}
func (s *LocalServerSuite) SetUpSuite(c *C) {
s.srv.SetUp(c)
s.ClientTests.iam = iam.New(s.srv.auth, s.srv.region)
}
