mirror of
https://github.com/trailofbits/algo.git
synced 2025-10-14 22:45:19 +02:00
8ee15e6966
* feat: Add AWS credentials file support - Automatically reads AWS credentials from ~/.aws/credentials - Supports AWS_PROFILE and AWS_SHARED_CREDENTIALS_FILE environment variables - Adds support for temporary credentials with session tokens - Maintains backward compatibility with existing credential methods - Follows standard AWS credential precedence order Based on PR #14460 by @lefth with the following improvements: - Fixed variable naming to match existing code (access_key vs aws_access_key) - Added session token support for temporary credentials - Integrated credential discovery directly into prompts.yml - Added comprehensive tests - Added documentation Closes #14382 * fix ansible lint --------- Co-authored-by: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
107 lines
No EOL
3.3 KiB
YAML
107 lines
No EOL
3.3 KiB
YAML
---
|
|
# Test AWS credential reading from files
|
|
# Run with: ansible-playbook tests/test-aws-credentials.yml
|
|
|
|
- name: Test AWS credential file reading
|
|
hosts: localhost
|
|
gather_facts: no
|
|
vars:
|
|
# These would normally come from config.cfg
|
|
cloud_providers:
|
|
ec2:
|
|
use_existing_eip: false
|
|
|
|
tasks:
|
|
- name: Test with environment variables
|
|
block:
|
|
- include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
|
|
vars:
|
|
algo_server_name: test-server
|
|
|
|
- assert:
|
|
that:
|
|
- access_key == "test_env_key"
|
|
- secret_key == "test_env_secret"
|
|
msg: "Environment variables should take precedence"
|
|
vars:
|
|
AWS_ACCESS_KEY_ID: "test_env_key"
|
|
AWS_SECRET_ACCESS_KEY: "test_env_secret"
|
|
environment:
|
|
AWS_ACCESS_KEY_ID: "test_env_key"
|
|
AWS_SECRET_ACCESS_KEY: "test_env_secret"
|
|
|
|
- name: Test with command line variables
|
|
block:
|
|
- include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
|
|
vars:
|
|
aws_access_key: "test_cli_key"
|
|
aws_secret_key: "test_cli_secret"
|
|
algo_server_name: test-server
|
|
region: "us-east-1"
|
|
|
|
- assert:
|
|
that:
|
|
- access_key == "test_cli_key"
|
|
- secret_key == "test_cli_secret"
|
|
msg: "Command line variables should take precedence over everything"
|
|
|
|
- name: Test reading from credentials file
|
|
block:
|
|
- name: Create test credentials directory
|
|
file:
|
|
path: /tmp/test-aws
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Create test credentials file
|
|
copy:
|
|
dest: /tmp/test-aws/credentials
|
|
mode: '0600'
|
|
content: |
|
|
[default]
|
|
aws_access_key_id = test_file_key
|
|
aws_secret_access_key = test_file_secret
|
|
|
|
[test-profile]
|
|
aws_access_key_id = test_profile_key
|
|
aws_secret_access_key = test_profile_secret
|
|
aws_session_token = test_session_token
|
|
|
|
- name: Test default profile
|
|
include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
|
|
vars:
|
|
algo_server_name: test-server
|
|
region: "us-east-1"
|
|
environment:
|
|
HOME: /tmp/test-aws
|
|
AWS_ACCESS_KEY_ID: ""
|
|
AWS_SECRET_ACCESS_KEY: ""
|
|
|
|
- assert:
|
|
that:
|
|
- access_key == "test_file_key"
|
|
- secret_key == "test_file_secret"
|
|
msg: "Should read from default profile"
|
|
|
|
- name: Test custom profile
|
|
include_tasks: ../roles/cloud-ec2/tasks/prompts.yml
|
|
vars:
|
|
algo_server_name: test-server
|
|
region: "us-east-1"
|
|
environment:
|
|
HOME: /tmp/test-aws
|
|
AWS_PROFILE: "test-profile"
|
|
AWS_ACCESS_KEY_ID: ""
|
|
AWS_SECRET_ACCESS_KEY: ""
|
|
|
|
- assert:
|
|
that:
|
|
- access_key == "test_profile_key"
|
|
- secret_key == "test_profile_secret"
|
|
- session_token == "test_session_token"
|
|
msg: "Should read from custom profile with session token"
|
|
|
|
- name: Cleanup test directory
|
|
file:
|
|
path: /tmp/test-aws
|
|
state: absent |