iam: add account test for OpenIDConnectProvider apis

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d5791d8da6)
This commit is contained in:
Casey Bodley 2024-02-06 17:57:14 -05:00
parent 8182d10048
commit 5613ec249f

View file

@ -967,6 +967,17 @@ def nuke_roles(client, **kwargs):
except: except:
pass pass
def nuke_oidc_providers(client, prefix):
result = client.list_open_id_connect_providers()
for provider in result['OpenIDConnectProviderList']:
arn = provider['Arn']
if f':oidc-provider{prefix}' in arn:
try:
client.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
except:
pass
# fixture for iam account root user # fixture for iam account root user
@pytest.fixture @pytest.fixture
def iam_root(configfile): def iam_root(configfile):
@ -981,6 +992,7 @@ def iam_root(configfile):
yield client yield client
nuke_users(client, PathPrefix=get_iam_path_prefix()) nuke_users(client, PathPrefix=get_iam_path_prefix())
nuke_roles(client, PathPrefix=get_iam_path_prefix()) nuke_roles(client, PathPrefix=get_iam_path_prefix())
nuke_oidc_providers(client, get_iam_path_prefix())
# IAM User apis # IAM User apis
@ -1915,6 +1927,40 @@ def test_account_role_policy_allow(iam_root):
retry_on('AccessDenied', 10, s3.list_buckets) retry_on('AccessDenied', 10, s3.list_buckets)
# IAM OpenIDConnectProvider apis
@pytest.mark.iam_account
def test_account_oidc_provider(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
ClientIDList=['my-application-id'],
ThumbprintList=['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'],
Url=url)
arn = response['OpenIDConnectProviderArn']
assert arn.endswith(f':oidc-provider/{url_host}')
response = iam_root.list_open_id_connect_providers()
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
assert arn in arns
response = iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
assert url == response['Url']
assert ['my-application-id'] == response['ClientIDList']
assert ['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'] == response['ThumbprintList']
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
response = iam_root.list_open_id_connect_providers()
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
assert arn not in arns
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
# fixture for iam alt account root user # fixture for iam alt account root user
@pytest.fixture @pytest.fixture
def iam_alt_root(configfile): def iam_alt_root(configfile):