1 package credentials
2
3 import (
4 "bytes"
5 "errors"
6 "io/ioutil"
7 "net/http"
8 "strconv"
9 "testing"
10
11 "github.com/aliyun/credentials-go/credentials/utils"
12 "github.com/stretchr/testify/assert"
13 )
14
15 func mockResponse(statusCode int, content string, mockerr error) (res *http.Response, err error) {
16 status := strconv.Itoa(statusCode)
17 res = &http.Response{
18 Proto: "HTTP/1.1",
19 ProtoMajor: 1,
20 Header: map[string][]string{"sdk": []string{"test"}},
21 StatusCode: statusCode,
22 Status: status + " " + http.StatusText(statusCode),
23 }
24 res.Body = ioutil.NopCloser(bytes.NewReader([]byte(content)))
25 err = mockerr
26 return
27 }
28
29 func Test_RoleArnCredential(t *testing.T) {
30 auth := newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 300, nil)
31 origTestHookDo := hookDo
32 defer func() { hookDo = origTestHookDo }()
33 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
34 return func(req *http.Request) (*http.Response, error) {
35 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, errors.New("Internal error"))
36 }
37 }
38 accesskeyId, err := auth.GetAccessKeyId()
39 assert.NotNil(t, err)
40 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
41 assert.Equal(t, "", *accesskeyId)
42
43 accesskeySecret, err := auth.GetAccessKeySecret()
44 assert.NotNil(t, err)
45 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
46 assert.Equal(t, "", *accesskeySecret)
47
48 ststoken, err := auth.GetSecurityToken()
49 assert.NotNil(t, err)
50 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
51 assert.Equal(t, "", *ststoken)
52
53 assert.Equal(t, "", *auth.GetBearerToken())
54 assert.Equal(t, "ram_role_arn", *auth.GetType())
55
56 auth.RoleSessionExpiration = 1000
57 accesskeyId, err = auth.GetAccessKeyId()
58 assert.NotNil(t, err)
59 assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
60 assert.Equal(t, "", *accesskeyId)
61
62 auth.RoleSessionExpiration = 0
63 accesskeyId, err = auth.GetAccessKeyId()
64 assert.NotNil(t, err)
65 assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
66 assert.Equal(t, "", *accesskeyId)
67
68 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
69 return func(req *http.Request) (*http.Response, error) {
70 return mockResponse(300, ``, nil)
71 }
72 }
73 accesskeyId, err = auth.GetAccessKeyId()
74 assert.NotNil(t, err)
75 assert.Equal(t, "refresh RoleArn sts token err: httpStatus: 300, message = ", err.Error())
76 assert.Equal(t, "", *accesskeyId)
77
78 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
79 return func(req *http.Request) (*http.Response, error) {
80 return mockResponse(200, `"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil)
81 }
82 }
83 accesskeyId, err = auth.GetAccessKeyId()
84 assert.NotNil(t, err)
85 assert.Equal(t, "refresh RoleArn sts token err: Json.Unmarshal fail: invalid character ':' after top-level value", err.Error())
86 assert.Equal(t, "", *accesskeyId)
87
88 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
89 return func(req *http.Request) (*http.Response, error) {
90 return mockResponse(200, `{"Credentials":{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil)
91 }
92 }
93 accesskeyId, err = auth.GetAccessKeyId()
94 assert.NotNil(t, err)
95 assert.Equal(t, "refresh RoleArn sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
96 assert.Equal(t, "", *accesskeyId)
97
98 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
99 return func(req *http.Request) (*http.Response, error) {
100 return mockResponse(200, `{}`, nil)
101 }
102 }
103 accesskeyId, err = auth.GetAccessKeyId()
104 assert.NotNil(t, err)
105 assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
106 assert.Equal(t, "", *accesskeyId)
107
108 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
109 return func(req *http.Request) (*http.Response, error) {
110 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
111 }
112 }
113 accesskeyId, err = auth.GetAccessKeyId()
114 assert.Nil(t, err)
115 assert.Equal(t, "accessKeyId", *accesskeyId)
116
117 accesskeySecret, err = auth.GetAccessKeySecret()
118 assert.Nil(t, err)
119 assert.Equal(t, "accessKeySecret", *accesskeySecret)
120
121 ststoken, err = auth.GetSecurityToken()
122 assert.Nil(t, err)
123 assert.Equal(t, "securitytoken", *ststoken)
124
125 cred, err := auth.GetCredential()
126 assert.Nil(t, err)
127 assert.Equal(t, "accessKeyId", *cred.AccessKeyId)
128 assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret)
129 assert.Equal(t, "securitytoken", *cred.SecurityToken)
130 assert.Nil(t, cred.BearerToken)
131 assert.Equal(t, "ram_role_arn", *cred.Type)
132
133 auth = newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, &utils.Runtime{STSEndpoint: "www.aliyun.com"})
134 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
135 return func(req *http.Request) (*http.Response, error) {
136 assert.Equal(t, "www.aliyun.com", req.Host)
137 return mockResponse(200, `{}`, nil)
138 }
139 }
140 accesskeyId, err = auth.GetAccessKeyId()
141 assert.NotNil(t, err)
142 assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
143 assert.Equal(t, "", *accesskeyId)
144
145 auth = newRAMRoleArnWithExternalIdCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
146 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
147 return func(req *http.Request) (*http.Response, error) {
148 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
149 }
150 }
151 accesskeyId, err = auth.GetAccessKeyId()
152 assert.Nil(t, err)
153 assert.Equal(t, "accessKeyId", *accesskeyId)
154
155 accesskeySecret, err = auth.GetAccessKeySecret()
156 assert.Nil(t, err)
157 assert.Equal(t, "accessKeySecret", *accesskeySecret)
158
159 ststoken, err = auth.GetSecurityToken()
160 assert.Nil(t, err)
161 assert.Equal(t, "securitytoken", *ststoken)
162 }
163
View as plain text