Merge remote-tracking branch 'origin/testing' into testing

eutester4j/TestSuites/IAMSuite.xml

@@ -3,11 +3,12 @@
 <suite name="IAM Test Suite">
     <test name="IAM_Roles_Tests">
         <classes>
+            <class name="com.eucalyptus.tests.awssdk.TestAdminRoles"/>
+            <class name="com.eucalyptus.tests.awssdk.TestCannedRoles"/>
             <class name="com.eucalyptus.tests.awssdk.TestIAMInstanceProfileManagement"/>
             <class name="com.eucalyptus.tests.awssdk.TestIAMInstanceProfiles"/>
             <class name="com.eucalyptus.tests.awssdk.TestIAMRoleManagement"/>
-            <!-- TestSTSAssumeRole must be run as non-admin user -->
-            <!-- <class name="com.eucalyptus.tests.awssdk.TestSTSAssumeRole"/> -->
+            <class name="com.eucalyptus.tests.awssdk.TestSTSAssumeRole"/>
         </classes>
     </test>
 </suite>

eutester4j/build.xml

@@ -12,13 +12,16 @@
     <property name="endpoints" value="endpoints.xml"/>
     <property name="tests" value="AllTestsSuite.xml"/>
 
+    <!--youare sdk location link-->
+    <property name="YouAre" value="https://github.com/tbeckham/you-are-sdk/releases/download/alpha/YouAreSDK.jar"/>
+
     <!-- download testng and AWS JAVA SDK -->
     <target name="download-deps">
         <mkdir dir="${deps.dir}"/>
         <ivy:retrieve conf="default" pattern="${deps.dir}/[artifact]-[revision].[ext]"/>
         <echo message="fetching YouAre SDk..."/>
-        <get src="https://github.com/tbeckham/you-are-sdk/releases/download/v0.0.1/YouAreSDK-1.0.jar"
-             dest="${deps.dir}/YouAreSDK-1.0.jar"/>
+        <get src="${YouAre}"
+             dest="${deps.dir}/YouAreSDK.jar"/>
     </target>
 
     <!-- set classpath to include dependencies and build output -->

eutester4j/com/eucalyptus/tests/awssdk/Eutester4j.java

@@ -37,10 +37,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 
 class Eutester4j {
@@ -943,11 +940,13 @@ public void beforeRequest(final Request<?> request) {
         int start = newKeys.lastIndexOf("AccessKeyId:") + 13;
         int end = newKeys.lastIndexOf(",Status");
         String accessKey = newKeys.substring(start, end);
+        print("Access Key: " + accessKey);
 
         // get secretkey from key gen result request
         start = newKeys.lastIndexOf("SecretAccessKey:") + 17;
         end = newKeys.lastIndexOf(",CreateDate:");
         String secretKey = newKeys.substring(start, end);
+        print("Secret Key: " + secretKey);
 
         return new BasicAWSCredentials(accessKey, secretKey);
     }
@@ -986,7 +985,39 @@ public void beforeRequest(final Request<?> request) {
                 .withPath("/");
         youAre.createUser(createUserRequest);
 
-        assertThat((numUsersBefore < youAre.listUsers().getUsers().size()),"Failed to create user " + userName);
+        assertThat((numUsersBefore < youAre.listUsers().getUsers().size()), "Failed to create user " + userName);
         print("Created new user " + userName + " in account " + accountName);
     }
+
+    public static Map<String, String> getUserKeys(final String accountName, String userName){
+        Map<String, String> keys = new HashMap<>();
+
+        AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider( new BasicAWSCredentials(ACCESS_KEY, SECRET_KEY));
+        final YouAreClient youAre = new YouAreClient(awsCredentialsProvider);
+        youAre.setEndpoint(IAM_ENDPOINT);
+
+        youAre.addRequestHandler(new AbstractRequestHandler() {
+            public void beforeRequest(final Request<?> request) {
+                request.addParameter("DelegateAccount", accountName);
+            }
+        });
+
+        CreateAccessKeyRequest createAccessKeyRequest = new CreateAccessKeyRequest().withUserName(userName);
+        String newKeys = String.valueOf(youAre.createAccessKey(createAccessKeyRequest));
+        print("Created new access key for user " + userName);
+
+        // get accesskey from key gen result request
+        int start = newKeys.lastIndexOf("AccessKeyId:") + 13;
+        int end = newKeys.lastIndexOf(",Status");
+        String accessKey = newKeys.substring(start, end);
+        keys.put("ak", accessKey);
+
+        // get secretkey from key gen result request
+        start = newKeys.lastIndexOf("SecretAccessKey:") + 17;
+        end = newKeys.lastIndexOf(",CreateDate:");
+        String secretKey = newKeys.substring(start, end);
+        keys.put("sk", secretKey);
+
+        return keys;
+    }
 }

eutester4j/com/eucalyptus/tests/awssdk/TestAdminRoles.java

@@ -31,6 +31,7 @@
 import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
 import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
 import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
+import com.github.sjones4.youcan.youare.model.Account;
 import org.testng.annotations.Test;
 import static com.eucalyptus.tests.awssdk.Eutester4j.*;
 
@@ -54,16 +55,6 @@ public class TestAdminRoles {
             "   }]\n" +
             "}";
 
-    private final String assumeRolePolicy = "{\n" +
-            "    \"Statement\": [ {\n" +
-            "      \"Effect\": \"Allow\",\n" +
-            "      \"Principal\": {\n" +
-            "         \"AWS\": [ \"arn:aws:iam::" + ACCOUNT_ID + ":user/admin\" ]\n" +
-            "      },\n" +
-            "      \"Action\": [ \"sts:AssumeRole\" ]\n" +
-            "    } ]\n" +
-            "}";
-
     private AmazonEC2 getEc2ClientUsingRole(final String roleArn,
                                             final String sessionName,
                                             final String accessKey,
@@ -101,8 +92,6 @@ public void test() throws Exception {
 
         testInfo(this.getClass().getSimpleName());
         getCloudInfo();
-
-        // create non-admin user in non-euca account then get credentials and connection for user
         final String user = NAME_PREFIX + "user";
         final String account = NAME_PREFIX + "account";
 
@@ -128,7 +117,7 @@ public void run() {
             print("Creating role with name: " + roleName);
             final String roleArn = youAre.createRole(new CreateRoleRequest()
                     .withRoleName(roleName)
-                    .withAssumeRolePolicyDocument(assumeRolePolicy)
+                    .withAssumeRolePolicyDocument(getAssumeRolePolicy(getAccountID("eucalyptus")))
             ).getRole().getArn();
             print("Created role with ARN " + roleArn);
 
@@ -204,4 +193,28 @@ public void run() {
         }
     }
 
+    public String getAccountID(String account){
+        String accountId = null;
+
+        List<Account> accounts = youAre.listAccounts().getAccounts();
+        for (Account a : accounts) {
+            if (a.getAccountName().equals(account)){
+                accountId = a.getAccountId();
+            }
+        }
+        return accountId == null ?  "no account named " + account + " was found." :  accountId;
+    }
+
+    public String getAssumeRolePolicy(String accountId){
+        return "{\n" +
+                "    \"Statement\": [ {\n" +
+                "      \"Effect\": \"Allow\",\n" +
+                "      \"Principal\": {\n" +
+                "         \"AWS\": [ \"arn:aws:iam::" + accountId + ":user/admin\" ]\n" +
+                "      },\n" +
+                "      \"Action\": [ \"sts:AssumeRole\" ]\n" +
+                "    } ]\n" +
+                "}";
+    }
+
 }