1 package credentials
2
3 import (
4 "errors"
5 "net/http"
6 "os"
7 "testing"
8
9 "github.com/aliyun/credentials-go/credentials/utils"
10 "github.com/stretchr/testify/assert"
11 )
12
13 func Test_oidcCredential_updateCredential(t *testing.T) {
14 oidcCredential := newOIDCRoleArnCredential("accessKeyId", "accessKeySecret", "RoleArn", "OIDCProviderArn", "tokenFilePath", "roleSessionName", "Policy", 3600, nil)
15 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
16 return func(req *http.Request) (*http.Response, error) {
17 return mockResponse(300, ``, errors.New("sdk test"))
18 }
19 }
20 accesskeyId, err := oidcCredential.GetAccessKeyId()
21 assert.NotNil(t, err)
22 assert.Equal(t, "refresh RoleArn sts token err: sdk test", err.Error())
23 assert.Equal(t, "", *accesskeyId)
24
25 assert.Equal(t, "oidc_role_arn", *oidcCredential.GetType())
26
27 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
28 return func(req *http.Request) (*http.Response, error) {
29 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
30 }
31 }
32 accesskeyId, err = oidcCredential.GetAccessKeyId()
33 assert.Nil(t, err)
34 assert.Equal(t, "accessKeyId", *accesskeyId)
35
36 accesskeySecret, err := oidcCredential.GetAccessKeySecret()
37 assert.Nil(t, err)
38 assert.Equal(t, "accessKeySecret", *accesskeySecret)
39
40 ststoken, err := oidcCredential.GetSecurityToken()
41 assert.Nil(t, err)
42 assert.Equal(t, "securitytoken", *ststoken)
43
44 cred, err := oidcCredential.GetCredential()
45 assert.Nil(t, err)
46 assert.Equal(t, "accessKeyId", *cred.AccessKeyId)
47 assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret)
48 assert.Equal(t, "securitytoken", *cred.SecurityToken)
49 assert.Nil(t, cred.BearerToken)
50 assert.Equal(t, "oidc_role_arn", *cred.Type)
51
52 os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "")
53 token := oidcCredential.GetOIDCToken("/test")
54 assert.Nil(t, token)
55 path, _ := os.Getwd()
56 os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", path+"/oidc_token")
57 token = oidcCredential.GetOIDCToken("/test")
58 assert.Equal(t, "test_long_oidc_token_eyJhbGciOiJSUzI1NiIsImtpZCI6ImFQaXlpNEVGSU8wWnlGcFh1V0psQUNWbklZVlJsUkNmM2tlSzNMUlhWT1UifQ.eyJhdWQiOlsic3RzLmFsaXl1bmNzLmNvbSJdLCJleHAiOjE2NDUxMTk3ODAsImlhdCI6MTY0NTA4Mzc4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWFjay1jbi1oYW5nemhvdS5vc3MtY24taGFuZ3pob3UtaW50ZXJuYWwuYWxpeXVuY3MuY29tL2NmMWQ4ZGIwMjM0ZDk0YzEyOGFiZDM3MTc4NWJjOWQxNSIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoidGVzdC1ycnNhIiwicG9kIjp7Im5hbWUiOiJydW4tYXMtcm9vdCIsInVpZCI6ImIzMGI0MGY2LWNiZTAtNGY0Yy1hZGYyLWM1OGQ4ZmExZTAxMCJ9LCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoidXNlcjEiLCJ1aWQiOiJiZTEyMzdjYS01MTY4LTQyMzYtYWUyMC00NDM1YjhmMGI4YzAifX0sIm5iZiI6MTY0NTA4Mzc4MCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRlc3QtcnJzYTp1c2VyMSJ9.XGP-wgLj-iMiAHjLe0lZLh7y48Qsj9HzsEbNh706WwerBoxnssdsyGFb9lzd2FyM8CssbAOCstr7OuAMWNdJmDZgpiOGGSbQ-KXXmbfnIS4ix-V3pQF6LVBFr7xJlj20J6YY89um3rv_04t0iCGxKWs2ZMUyU1FbZpIPRep24LVKbUz1saiiVGgDBTIZdHA13Z-jUvYAnsxK_Kj5tc1K-IuQQU0IwSKJh5OShMcdPugMV5LwTL3ogCikfB7yljq5vclBhCeF2lXLIibvwF711TOhuJ5lMlh-a2KkIgwBHhANg_U9k4Mt_VadctfUGc4hxlSbBD0w9o9mDGKwgGmW5Q", *token)
59 os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "")
60 token = oidcCredential.GetOIDCToken(path + "/oidc_token")
61 assert.Equal(t, 1027, len(*token))
62 assert.Equal(t, "test_long_oidc_token_eyJhbGciOiJSUzI1NiIsImtpZCI6ImFQaXlpNEVGSU8wWnlGcFh1V0psQUNWbklZVlJsUkNmM2tlSzNMUlhWT1UifQ.eyJhdWQiOlsic3RzLmFsaXl1bmNzLmNvbSJdLCJleHAiOjE2NDUxMTk3ODAsImlhdCI6MTY0NTA4Mzc4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWFjay1jbi1oYW5nemhvdS5vc3MtY24taGFuZ3pob3UtaW50ZXJuYWwuYWxpeXVuY3MuY29tL2NmMWQ4ZGIwMjM0ZDk0YzEyOGFiZDM3MTc4NWJjOWQxNSIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoidGVzdC1ycnNhIiwicG9kIjp7Im5hbWUiOiJydW4tYXMtcm9vdCIsInVpZCI6ImIzMGI0MGY2LWNiZTAtNGY0Yy1hZGYyLWM1OGQ4ZmExZTAxMCJ9LCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoidXNlcjEiLCJ1aWQiOiJiZTEyMzdjYS01MTY4LTQyMzYtYWUyMC00NDM1YjhmMGI4YzAifX0sIm5iZiI6MTY0NTA4Mzc4MCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRlc3QtcnJzYTp1c2VyMSJ9.XGP-wgLj-iMiAHjLe0lZLh7y48Qsj9HzsEbNh706WwerBoxnssdsyGFb9lzd2FyM8CssbAOCstr7OuAMWNdJmDZgpiOGGSbQ-KXXmbfnIS4ix-V3pQF6LVBFr7xJlj20J6YY89um3rv_04t0iCGxKWs2ZMUyU1FbZpIPRep24LVKbUz1saiiVGgDBTIZdHA13Z-jUvYAnsxK_Kj5tc1K-IuQQU0IwSKJh5OShMcdPugMV5LwTL3ogCikfB7yljq5vclBhCeF2lXLIibvwF711TOhuJ5lMlh-a2KkIgwBHhANg_U9k4Mt_VadctfUGc4hxlSbBD0w9o9mDGKwgGmW5Q", *token)
63
64 oidcCredential = newOIDCRoleArnCredential("accessKeyId", "accessKeySecret", "RoleArn", "OIDCProviderArn", "tokenFilePath", "roleSessionName", "Policy", 7200, &utils.Runtime{STSEndpoint: "www.aliyun.com"})
65 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
66 return func(req *http.Request) (*http.Response, error) {
67 assert.Equal(t, "www.aliyun.com", req.Host)
68 assert.Contains(t, req.URL.RawQuery, "DurationSeconds=7200")
69 return mockResponse(400, ``, errors.New("sdk test"))
70 }
71 }
72 accesskeyId, err = oidcCredential.GetAccessKeyId()
73 assert.NotNil(t, err)
74 assert.Equal(t, "refresh RoleArn sts token err: sdk test", err.Error())
75 assert.Equal(t, "", *accesskeyId)
76 }
77
View as plain text