1 package config
2
3 import (
4 "context"
5 "path/filepath"
6 "testing"
7 "time"
8
9 "github.com/aws/aws-sdk-go-v2/aws"
10 "github.com/aws/aws-sdk-go-v2/credentials/ssocreds"
11 "github.com/aws/aws-sdk-go-v2/internal/sdk"
12 smithybearer "github.com/aws/smithy-go/auth/bearer"
13 )
14
15 func TestResolveBearerAuthToken(t *testing.T) {
16 cases := map[string]struct {
17 setNowTime func() func()
18 configs configs
19 expectProvider bool
20 expectToken smithybearer.Token
21 }{
22 "no provider": {},
23 "config source provider": {
24 configs: configs{
25 LoadOptions{
26 BearerAuthTokenProvider: smithybearer.StaticTokenProvider{
27 Token: smithybearer.Token{Value: "abc123"},
28 },
29 },
30 },
31 expectProvider: true,
32 expectToken: smithybearer.Token{Value: "abc123"},
33 },
34 "sso session legacy": {
35 setNowTime: func() func() {
36 return sdk.TestingUseReferenceTime(time.Date(2044, 4, 4, 0, 0, 0, 0, time.UTC))
37 },
38 configs: configs{
39 LoadOptions{
40 SSOTokenProviderOptions: func(o *ssocreds.SSOTokenProviderOptions) {
41 expectPath, _ := ssocreds.StandardCachedTokenFilepath("https://example.aws/start")
42 if e, a := expectPath, o.CachedTokenFilepath; e != a {
43 t.Errorf("expect %v cache file path, got %v", e, a)
44 }
45
46 o.CachedTokenFilepath = filepath.Join("testdata", "cached_sso_token.json")
47 },
48 },
49 SharedConfig{
50 SSORegion: "us-west-2",
51 SSOStartURL: "https://example.aws/start",
52 },
53 },
54 expectProvider: false,
55 expectToken: smithybearer.Token{
56 Value: "access token",
57 CanExpire: true,
58 Expires: time.Date(2044, 4, 4, 7, 0, 1, 0, time.UTC),
59 },
60 },
61 "sso session named": {
62 setNowTime: func() func() {
63 return sdk.TestingUseReferenceTime(time.Date(2044, 4, 4, 0, 0, 0, 0, time.UTC))
64 },
65 configs: configs{
66 LoadOptions{
67 SSOTokenProviderOptions: func(o *ssocreds.SSOTokenProviderOptions) {
68 expectPath, _ := ssocreds.StandardCachedTokenFilepath("test-session")
69 if e, a := expectPath, o.CachedTokenFilepath; e != a {
70 t.Errorf("expect %v cache file path, got %v", e, a)
71 }
72
73 o.CachedTokenFilepath = filepath.Join("testdata", "cached_sso_token.json")
74 },
75 },
76 SharedConfig{
77 SSOSessionName: "test-session",
78 SSOSession: &SSOSession{
79 Name: "test-session",
80 SSORegion: "us-west-2",
81 SSOStartURL: "https://example.aws/start",
82 },
83 },
84 },
85 expectProvider: true,
86 expectToken: smithybearer.Token{
87 Value: "access token",
88 CanExpire: true,
89 Expires: time.Date(2044, 4, 4, 7, 0, 1, 0, time.UTC),
90 },
91 },
92 }
93
94 for name, c := range cases {
95 t.Run(name, func(t *testing.T) {
96 if c.setNowTime != nil {
97 restoreTime := c.setNowTime()
98 defer restoreTime()
99 }
100
101 var cfg aws.Config
102 err := resolveBearerAuthToken(context.Background(), &cfg, c.configs)
103 if err != nil {
104 t.Fatalf("expect no error, got %v", err)
105 }
106
107 if !c.expectProvider {
108 if v := cfg.BearerAuthTokenProvider; v != nil {
109 t.Errorf("expect no provider, got %T, %v", v, v)
110 }
111 return
112 }
113
114 token, err := cfg.BearerAuthTokenProvider.RetrieveBearerToken(context.Background())
115 if err != nil {
116 t.Fatalf("expect no error, got %v", err)
117 }
118
119 if diff := cmpDiff(c.expectToken, token); diff != "" {
120 t.Errorf("expect token match\n%s", diff)
121 }
122 })
123 }
124 }
125
126 func TestWrapWithBearerAuthTokenProvider(t *testing.T) {
127 cases := map[string]struct {
128 configs configs
129 provider smithybearer.TokenProvider
130 optFns []func(*smithybearer.TokenCacheOptions)
131 compareProvider bool
132 expectToken smithybearer.Token
133 }{
134 "already wrapped": {
135 provider: smithybearer.NewTokenCache(smithybearer.StaticTokenProvider{
136 Token: smithybearer.Token{Value: "abc123"},
137 }),
138 compareProvider: true,
139 expectToken: smithybearer.Token{Value: "abc123"},
140 },
141 "to be wrapped": {
142 provider: smithybearer.StaticTokenProvider{
143 Token: smithybearer.Token{Value: "abc123"},
144 },
145 expectToken: smithybearer.Token{Value: "abc123"},
146 },
147 }
148
149 for name, c := range cases {
150 t.Run(name, func(t *testing.T) {
151 provider, err := wrapWithBearerAuthTokenCache(context.Background(),
152 c.configs, c.provider, c.optFns...)
153 if err != nil {
154 t.Fatalf("expect no error, got %v", err)
155 }
156
157 if p, ok := provider.(*smithybearer.TokenCache); !ok {
158 t.Fatalf("expect provider wrapped in %T, got %T", p, provider)
159 }
160
161 if c.compareProvider && provider != c.provider {
162 t.Errorf("expect same provider, was not")
163 }
164
165 token, err := provider.RetrieveBearerToken(context.Background())
166 if err != nil {
167 t.Fatalf("expect no error, got %v", err)
168 }
169
170 if diff := cmpDiff(c.expectToken, token); diff != "" {
171 t.Errorf("expect token match\n%s", diff)
172 }
173 })
174 }
175 }
176
View as plain text