1 package credentials
2
3 import (
4 "os"
5 "runtime"
6 "strings"
7 "testing"
8
9 "github.com/alibabacloud-go/tea/tea"
10 "github.com/stretchr/testify/assert"
11 )
12
13 var inistr = `
14 [default]
15 enable = true
16 type = access_key
17 access_key_id = foo
18 access_key_secret = bar
19
20 [notype]
21 access_key_id = foo
22 access_key_secret = bar
23
24 [noak]
25 type = access_key
26 access_key_secret = bar
27
28 [emptyak]
29 type = access_key
30 access_key_id =
31 access_key_secret = bar
32
33 [noaksecret]
34 type = access_key
35 access_key_id = bar
36
37 [emptyaksecret]
38 type = access_key
39 access_key_id = bar
40 access_key_secret =
41
42 [ecs]
43 type = ecs_ram_role
44 role_name = EcsRamRoleTest
45
46 [noecs]
47 type = ecs_ram_role
48
49 [emptyecs]
50 type = ecs_ram_role
51 role_name =
52
53 [invalidRuntimeEcs]
54 type = ecs_ram_role
55 role_name = EcsRamRoleTest
56 timeout = a
57
58 [ram]
59 type = ram_role_arn
60 access_key_id = foo
61 access_key_secret = bar
62 role_arn = role_arn
63 role_session_name = session_name
64
65 [noramak]
66 type = ram_role_arn
67 access_key_secret = bar
68 role_arn = role_arn
69 role_session_name = session_name
70
71 [emptyramak]
72 type = ram_role_arn
73 access_key_id =
74 access_key_secret = bar
75 role_arn = role_arn
76 role_session_name = session_name
77
78 [noramsecret]
79 type = ram_role_arn
80 access_key_id = id
81 role_arn = role_arn
82 role_session_name = session_name
83
84 [emptyramsecret]
85 type = ram_role_arn
86 access_key_id = id
87 access_key_secret =
88 role_arn = role_arn
89 role_session_name = session_name
90
91 [noramarn]
92 type = ram_role_arn
93 access_key_id = id
94 access_key_secret = bar
95 role_session_name = session_name
96
97 [emptyramarn]
98 type = ram_role_arn
99 access_key_id = id
100 access_key_secret = bar
101 role_arn =
102 role_session_name = session_name
103
104 [noramsessionname]
105 type = ram_role_arn
106 access_key_id = id
107 access_key_secret = bar
108 role_arn = role_arn
109
110 [emptyramsessionname]
111 type = ram_role_arn
112 access_key_id = id
113 access_key_secret = bar
114 role_arn = role_arn
115 role_session_name =
116
117 [invalidexpirationram]
118 type = ram_role_arn
119 access_key_id = foo
120 access_key_secret = bar
121 role_arn = role_arn
122 role_session_name = session_name
123 role_session_expiration = a
124
125 [invalidRuntimeram]
126 type = ram_role_arn
127 access_key_id = foo
128 access_key_secret = bar
129 role_arn = role_arn
130 role_session_name = session_name
131 timeout = a
132
133 [sts]
134 type = sts
135 access_key_id = foo
136 access_key_secret = bar
137 security_token= token
138
139 [nostskey]
140 type = sts
141 access_key_secret = bar
142 security_token= token
143
144 [emptystskey]
145 type = sts
146 access_key_id =
147 access_key_secret = bar
148 security_token= token
149
150 [nostssecret]
151 type = sts
152 access_key_id = id
153 security_token= token
154
155 [emptystssecret]
156 type = sts
157 access_key_id = id
158 access_key_secret =
159 security_token= token
160
161 [noststoken]
162 type = sts
163 access_key_id = id
164 access_key_secret = bar
165
166 [emptyststoken]
167 type = sts
168 access_key_id = id
169 access_key_secret = bar
170 security_token=
171
172 [bearer]
173 type = bearer
174 bearer_token = foo
175
176 [nobearer]
177 type = bearer
178
179 [emptybearer]
180 type = bearer
181 bearer_token =
182
183 [rsa]
184 type = rsa_key_pair
185 public_key_id = publicKeyId
186 private_key_file = ./pk.pem
187 proxy = www.aliyun.com
188 timeout = 10
189 connect_timeout = 10
190 host = www.aliyun.com
191
192 [norsaprivate]
193 type = rsa_key_pair
194 public_key_id = publicKeyId
195
196 [emptyrsaprivate]
197 type = rsa_key_pair
198 public_key_id = publicKeyId
199 private_key_file =
200
201 [norsapublic]
202 type = rsa_key_pair
203 private_key_file = ./pk.pem
204
205 [emptyrsapublic]
206 type = rsa_key_pair
207 public_key_id =
208 private_key_file = ./pk.pem
209
210 [invalidexpirationrsa]
211 type = rsa_key_pair
212 public_key_id = publicKeyId
213 private_key_file = ./pk.pem
214 session_expiration = a
215
216 [invalidTimeoutrsa]
217 type = rsa_key_pair
218 public_key_id = publicKeyId
219 private_key_file = ./pk.pem
220 timeout = a
221
222 [invalidConnectTimeoutrsa]
223 type = rsa_key_pair
224 public_key_id = publicKeyId
225 private_key_file = ./pk.pem
226 connect_timeout = a
227
228 [error_type]
229 type = error_type
230 public_key_id = publicKeyId
231 private_key_file = ./pk_error.pem
232 `
233
234 func TestProfileProvider(t *testing.T) {
235 var HOME string
236 if runtime.GOOS == "windows" {
237 HOME = "USERPROFILE"
238 } else {
239 HOME = "HOME"
240 }
241 path, ok := os.LookupEnv(HOME)
242 assert.True(t, ok)
243 os.Unsetenv(HOME)
244
245
246 p := newProfileProvider()
247 c, err := p.resolve()
248 assert.Nil(t, c)
249 assert.EqualError(t, err, "The default credential file path is invalid")
250
251 originFilePath := os.Getenv(ENVCredentialFile)
252 os.Setenv(ENVCredentialFile, "")
253 defer func() {
254 os.Setenv(ENVCredentialFile, originFilePath)
255 }()
256 c, err = p.resolve()
257 assert.Nil(t, c)
258 assert.EqualError(t, err, "ALIBABA_CLOUD_CREDENTIALS_FILE cannot be empty")
259
260
261 os.Unsetenv(ENVCredentialFile)
262 os.Setenv(HOME, path)
263 p = newProfileProvider()
264 value, ok := p.(*profileProvider)
265 assert.True(t, ok)
266 assert.Equal(t, value.Profile, "default")
267
268
269
270 p = newProfileProvider("first")
271 value, ok = p.(*profileProvider)
272 assert.True(t, ok)
273 assert.Equal(t, value.Profile, "first")
274 c, err = p.resolve()
275 assert.Nil(t, c)
276 assert.Nil(t, err)
277
278
279 os.Setenv(ENVCredentialFile, "../../credentials_error")
280 p = newProfileProvider()
281 c, err = p.resolve()
282 assert.Nil(t, c)
283 assert.True(t, strings.Contains(err.Error(), "ERROR: Can not open file"))
284
285
286 os.Setenv(ENVCredentialFile, "./credentials")
287
288 file, err := os.Create("./credentials")
289 assert.Nil(t, err)
290 file.WriteString(inistr)
291 file.Close()
292 defer os.Remove("./credentials")
293
294
295 p = newProfileProvider("NonExist")
296 c, err = p.resolve()
297 assert.Nil(t, c)
298 assert.Contains(t, err.Error(), "ERROR: Can not load section section", "does not exist")
299
300
301 p = newProfileProvider("notype")
302 c, err = p.resolve()
303 assert.Nil(t, c)
304 assert.Contains(t, err.Error(), "Missing required type option error when getting key of section", "not exists")
305
306
307 p = newProfileProvider()
308 c, err = p.resolve()
309 assert.Equal(t, "access_key", tea.StringValue(c.Type))
310 assert.Nil(t, err)
311
312 p = newProfileProvider("noak")
313 c, err = p.resolve()
314 assert.Nil(t, c)
315 assert.Equal(t, "Missing required access_key_id option in profile for access_key", err.Error())
316
317 p = newProfileProvider("emptyak")
318 c, err = p.resolve()
319 assert.Nil(t, c)
320 assert.Equal(t, "access_key_id cannot be empty", err.Error())
321
322 p = newProfileProvider("noaksecret")
323 c, err = p.resolve()
324 assert.Nil(t, c)
325 assert.Equal(t, "Missing required access_key_secret option in profile for access_key", err.Error())
326
327 p = newProfileProvider("emptyaksecret")
328 c, err = p.resolve()
329 assert.Nil(t, c)
330 assert.Equal(t, "access_key_secret cannot be empty", err.Error())
331
332
333 p = newProfileProvider("ecs")
334 c, err = p.resolve()
335 assert.Equal(t, "ecs_ram_role", tea.StringValue(c.Type))
336 assert.Nil(t, err)
337
338 p = newProfileProvider("invalidRuntimeEcs")
339 c, err = p.resolve()
340 assert.Nil(t, c)
341 assert.Equal(t, "Please set timeout with an int value", err.Error())
342
343
344 p = newProfileProvider("ram")
345 c, err = p.resolve()
346 assert.Equal(t, "ram_role_arn", tea.StringValue(c.Type))
347 assert.Nil(t, err)
348
349 p = newProfileProvider("noramak")
350 c, err = p.resolve()
351 assert.Nil(t, c)
352 assert.Equal(t, "Missing required access_key_id option in profile for ram_role_arn", err.Error())
353
354 p = newProfileProvider("emptyramak")
355 c, err = p.resolve()
356 assert.Nil(t, c)
357 assert.Equal(t, "access_key_id cannot be empty", err.Error())
358
359 p = newProfileProvider("noramsecret")
360 c, err = p.resolve()
361 assert.Nil(t, c)
362 assert.Equal(t, "Missing required access_key_secret option in profile for ram_role_arn", err.Error())
363
364 p = newProfileProvider("emptyramsecret")
365 c, err = p.resolve()
366 assert.Nil(t, c)
367 assert.Equal(t, "access_key_secret cannot be empty", err.Error())
368
369 p = newProfileProvider("noramarn")
370 c, err = p.resolve()
371 assert.Nil(t, c)
372 assert.Equal(t, "Missing required role_arn option in profile for ram_role_arn", err.Error())
373
374 p = newProfileProvider("emptyramarn")
375 c, err = p.resolve()
376 assert.Nil(t, c)
377 assert.Equal(t, "role_arn cannot be empty", err.Error())
378
379 p = newProfileProvider("noramsessionname")
380 c, err = p.resolve()
381 assert.Nil(t, c)
382 assert.Equal(t, "Missing required role_session_name option in profile for ram_role_arn", err.Error())
383
384 p = newProfileProvider("emptyramsessionname")
385 c, err = p.resolve()
386 assert.Nil(t, c)
387 assert.Equal(t, "role_session_name cannot be empty", err.Error())
388
389 p = newProfileProvider("invalidexpirationram")
390 c, err = p.resolve()
391 assert.Nil(t, c)
392 assert.Equal(t, "role_session_expiration must be an int", err.Error())
393
394 p = newProfileProvider("invalidRuntimeram")
395 c, err = p.resolve()
396 assert.Nil(t, c)
397 assert.Equal(t, "Please set timeout with an int value", err.Error())
398
399
400 file, err = os.Create("./pk.pem")
401 assert.Nil(t, err)
402 _, err = file.WriteString(privatekey)
403 assert.Nil(t, err)
404 file.Close()
405
406 p = newProfileProvider("rsa")
407 c, err = p.resolve()
408 assert.Equal(t, "rsa_key_pair", tea.StringValue(c.Type))
409 assert.Nil(t, err)
410 defer os.Remove(`./pk.pem`)
411
412 p = newProfileProvider("norsaprivate")
413 c, err = p.resolve()
414 assert.Nil(t, c)
415 assert.Equal(t, "Missing required private_key_file option in profile for rsa_key_pair", err.Error())
416
417 p = newProfileProvider("emptyrsaprivate")
418 c, err = p.resolve()
419 assert.Nil(t, c)
420 assert.Equal(t, "private_key_file cannot be empty", err.Error())
421
422 p = newProfileProvider("norsapublic")
423 c, err = p.resolve()
424 assert.Nil(t, c)
425 assert.Equal(t, "Missing required public_key_id option in profile for rsa_key_pair", err.Error())
426
427 p = newProfileProvider("emptyrsapublic")
428 c, err = p.resolve()
429 assert.Nil(t, c)
430 assert.Equal(t, "public_key_id cannot be empty", err.Error())
431
432 p = newProfileProvider("invalidexpirationrsa")
433 c, err = p.resolve()
434 assert.Nil(t, c)
435 assert.Equal(t, "session_expiration must be an int", err.Error())
436
437 p = newProfileProvider("invalidTimeoutrsa")
438 c, err = p.resolve()
439 assert.Nil(t, c)
440 assert.Equal(t, "Please set timeout with an int value", err.Error())
441
442 p = newProfileProvider("invalidConnectTimeoutrsa")
443 c, err = p.resolve()
444 assert.Nil(t, c)
445 assert.Equal(t, "Please set connect_timeout with an int value", err.Error())
446
447
448 p = newProfileProvider("sts")
449 c, err = p.resolve()
450 assert.Equal(t, "sts", tea.StringValue(c.Type))
451 assert.Nil(t, err)
452
453 p = newProfileProvider("nostskey")
454 c, err = p.resolve()
455 assert.Nil(t, c)
456 assert.Equal(t, "Missing required access_key_id option in profile for sts", err.Error())
457
458 p = newProfileProvider("emptystskey")
459 c, err = p.resolve()
460 assert.Nil(t, c)
461 assert.Equal(t, "access_key_id cannot be empty", err.Error())
462
463 p = newProfileProvider("nostssecret")
464 c, err = p.resolve()
465 assert.Nil(t, c)
466 assert.Equal(t, "Missing required access_key_secret option in profile for sts", err.Error())
467
468 p = newProfileProvider("emptystssecret")
469 c, err = p.resolve()
470 assert.Nil(t, c)
471 assert.Equal(t, "access_key_secret cannot be empty", err.Error())
472
473 p = newProfileProvider("noststoken")
474 c, err = p.resolve()
475 assert.Nil(t, c)
476 assert.Equal(t, "Missing required security_token option in profile for sts", err.Error())
477
478 p = newProfileProvider("emptyststoken")
479 c, err = p.resolve()
480 assert.Nil(t, c)
481 assert.Equal(t, "security_token cannot be empty", err.Error())
482
483
484 p = newProfileProvider("bearer")
485 c, err = p.resolve()
486 assert.Equal(t, "bearer", tea.StringValue(c.Type))
487 assert.Nil(t, err)
488
489 p = newProfileProvider("nobearer")
490 c, err = p.resolve()
491 assert.Nil(t, c)
492 assert.Equal(t, "Missing required bearer_token option in profile for bearer", err.Error())
493
494 p = newProfileProvider("emptybearer")
495 c, err = p.resolve()
496 assert.Nil(t, c)
497 assert.Equal(t, "bearer_token cannot be empty", err.Error())
498
499
500 p = newProfileProvider("error_type")
501 c, err = p.resolve()
502 assert.Nil(t, c)
503 assert.Equal(t, "Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair", err.Error())
504 }
505
506 func TestHookOS(t *testing.T) {
507 goos := "windows"
508 goos = hookOS(goos)
509 assert.Equal(t, "windows", goos)
510
511 originHookOs := hookOS
512 originUserProfile := os.Getenv("USERPROFILE")
513 hookOS = func(goos string) string {
514 return "windows"
515 }
516 defer func() {
517 hookOS = originHookOs
518 os.Setenv("USERPROFILE", originUserProfile)
519 }()
520 os.Unsetenv("USERPROFILE")
521 path := getHomePath()
522 assert.Equal(t, "", path)
523
524 os.Setenv("USERPROFILE", "ok")
525 path = getHomePath()
526 assert.Equal(t, "ok", path)
527 }
528
529 func TestHookState(t *testing.T) {
530 info, err := hookState(nil, nil)
531 assert.Nil(t, info)
532 assert.Nil(t, err)
533
534 originHookState := hookState
535 hookState = func(info os.FileInfo, err error) (os.FileInfo, error) {
536 return nil, nil
537 }
538 defer func() {
539 hookState = originHookState
540 }()
541 path, err := checkDefaultPath()
542 assert.Nil(t, err)
543 assert.NotNil(t, path)
544 }
545
View as plain text