1# Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2# 3# Licensed under the Apache License, Version 2.0 (the "License"). You 4# may not use this file except in compliance with the License. A copy of 5# the License is located at 6# 7# http://aws.amazon.com/apache2.0/ 8# 9# or in the "license" file accompanying this file. This file is 10# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF 11# ANY KIND, either express or implied. See the License for the specific 12# language governing permissions and limitations under the License. 13from tests import unittest 14 15import botocore.session 16from botocore.exceptions import ClientError 17 18 19class TestSTS(unittest.TestCase): 20 def setUp(self): 21 self.session = botocore.session.get_session() 22 credentials = self.session.get_credentials() 23 if credentials.token is not None: 24 self.skipTest('STS tests require long-term credentials') 25 26 def test_regionalized_endpoints(self): 27 sts = self.session.create_client('sts', region_name='ap-southeast-1') 28 response = sts.get_session_token() 29 # Do not want to be revealing any temporary keys if the assertion fails 30 self.assertIn('Credentials', response.keys()) 31 32 # Since we have to activate STS regionalization, we will test 33 # that you can send an STS request to a regionalized endpoint 34 # by making a call with the explicitly wrong region name 35 sts = self.session.create_client( 36 'sts', region_name='ap-southeast-1', 37 endpoint_url='https://sts.us-west-2.amazonaws.com') 38 self.assertEqual(sts.meta.region_name, 'ap-southeast-1') 39 self.assertEqual(sts.meta.endpoint_url, 40 'https://sts.us-west-2.amazonaws.com') 41 # Signing error will be thrown with the incorrect region name included. 42 with self.assertRaisesRegex(ClientError, 'ap-southeast-1'): 43 sts.get_session_token() 44