github.com/aliyun/credentials-go@v1.4.7/credentials/credential_test.go (about) 1 package credentials 2 3 import ( 4 "os" 5 "testing" 6 7 "github.com/alibabacloud-go/tea/tea" 8 "github.com/aliyun/credentials-go/credentials/internal/utils" 9 "github.com/aliyun/credentials-go/credentials/request" 10 "github.com/stretchr/testify/assert" 11 ) 12 13 var privatekey = `---- 14 this is privatekey` 15 16 func TestConfig(t *testing.T) { 17 config := new(Config) 18 assert.Equal(t, "{\n \"type\": null,\n \"access_key_id\": null,\n \"access_key_secret\": null,\n \"security_token\": null,\n \"bearer_token\": null,\n \"oidc_provider_arn\": null,\n \"oidc_token\": null,\n \"role_arn\": null,\n \"role_session_name\": null,\n \"role_session_expiration\": null,\n \"policy\": null,\n \"external_id\": null,\n \"sts_endpoint\": null,\n \"role_name\": null,\n \"enable_imds_v2\": null,\n \"disable_imds_v1\": null,\n \"metadata_token_duration\": null,\n \"url\": null,\n \"session_expiration\": null,\n \"public_key_id\": null,\n \"private_key_file\": null,\n \"host\": null,\n \"timeout\": null,\n \"connect_timeout\": null,\n \"proxy\": null,\n \"inAdvanceScale\": null\n}", config.String()) 19 assert.Equal(t, "{\n \"type\": null,\n \"access_key_id\": null,\n \"access_key_secret\": null,\n \"security_token\": null,\n \"bearer_token\": null,\n \"oidc_provider_arn\": null,\n \"oidc_token\": null,\n \"role_arn\": null,\n \"role_session_name\": null,\n \"role_session_expiration\": null,\n \"policy\": null,\n \"external_id\": null,\n \"sts_endpoint\": null,\n \"role_name\": null,\n \"enable_imds_v2\": null,\n \"disable_imds_v1\": null,\n \"metadata_token_duration\": null,\n \"url\": null,\n \"session_expiration\": null,\n \"public_key_id\": null,\n \"private_key_file\": null,\n \"host\": null,\n \"timeout\": null,\n \"connect_timeout\": null,\n \"proxy\": null,\n \"inAdvanceScale\": null\n}", config.GoString()) 20 21 config.SetSTSEndpoint("sts.cn-hangzhou.aliyuncs.com") 22 assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", *config.STSEndpoint) 23 } 24 25 func TestNewCredentialWithNil(t *testing.T) { 26 rollback := utils.Memory(EnvVarAccessKeyId, EnvVarAccessKeySecret, "ALIBABA_CLOUD_CLI_PROFILE_DISABLED") 27 defer func() { 28 rollback() 29 }() 30 31 os.Setenv(EnvVarAccessKeyId, "accesskey") 32 os.Setenv(EnvVarAccessKeySecret, "accesssecret") 33 34 cred, err := NewCredential(nil) 35 assert.Nil(t, err) 36 assert.NotNil(t, cred) 37 38 os.Unsetenv(EnvVarAccessKeyId) 39 os.Unsetenv(EnvVarAccessKeySecret) 40 os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "true") 41 42 cred, err = NewCredential(nil) 43 assert.Nil(t, err) 44 _, err = cred.GetCredential() 45 assert.Contains(t, err.Error(), "unable to get credentials from any of the providers in the chain:") 46 } 47 48 func TestNewCredentialWithAK(t *testing.T) { 49 config := new(Config) 50 config.SetType("access_key") 51 cred, err := NewCredential(config) 52 assert.NotNil(t, err) 53 assert.Equal(t, "the access key id is empty", err.Error()) 54 assert.Nil(t, cred) 55 56 config.SetAccessKeyId("AccessKeyId") 57 cred, err = NewCredential(config) 58 assert.NotNil(t, err) 59 assert.Equal(t, "the access key secret is empty", err.Error()) 60 assert.Nil(t, cred) 61 62 config.SetAccessKeySecret("AccessKeySecret") 63 cred, err = NewCredential(config) 64 assert.Nil(t, err) 65 cm, err := cred.GetCredential() 66 assert.Nil(t, err) 67 assert.Equal(t, "AccessKeyId", *cm.AccessKeyId) 68 assert.Equal(t, "AccessKeySecret", *cm.AccessKeySecret) 69 assert.Equal(t, "", *cm.SecurityToken) 70 71 // test deprecated methods 72 accessKeyId, err := cred.GetAccessKeyId() 73 assert.Nil(t, err) 74 assert.Equal(t, "AccessKeyId", *accessKeyId) 75 accessKeySecret, err := cred.GetAccessKeySecret() 76 assert.Nil(t, err) 77 assert.Equal(t, "AccessKeySecret", *accessKeySecret) 78 securityToken, err := cred.GetSecurityToken() 79 assert.Nil(t, err) 80 assert.Equal(t, "", *securityToken) 81 } 82 83 func TestNewCredentialWithSts(t *testing.T) { 84 config := new(Config) 85 config.SetType("sts") 86 87 config.SetAccessKeyId("") 88 cred, err := NewCredential(config) 89 assert.NotNil(t, err) 90 assert.Equal(t, "the access key id is empty", err.Error()) 91 assert.Nil(t, cred) 92 93 config.SetAccessKeyId("akid") 94 cred, err = NewCredential(config) 95 assert.NotNil(t, err) 96 assert.Equal(t, "the access key secret is empty", err.Error()) 97 assert.Nil(t, cred) 98 99 config.SetAccessKeySecret("aksecret") 100 cred, err = NewCredential(config) 101 assert.NotNil(t, err) 102 assert.Equal(t, "the security token is empty", err.Error()) 103 assert.Nil(t, cred) 104 105 config.SetSecurityToken("SecurityToken") 106 cred, err = NewCredential(config) 107 assert.Nil(t, err) 108 assert.NotNil(t, cred) 109 } 110 111 func TestNewCredentialWithECSRAMRole(t *testing.T) { 112 config := new(Config) 113 config.SetType("ecs_ram_role") 114 cred, err := NewCredential(config) 115 assert.Nil(t, err) 116 assert.NotNil(t, cred) 117 118 config.SetRoleName("AccessKeyId") 119 cred, err = NewCredential(config) 120 assert.Nil(t, err) 121 assert.NotNil(t, cred) 122 123 config.SetEnableIMDSv2(false) 124 cred, err = NewCredential(config) 125 assert.Nil(t, err) 126 assert.NotNil(t, cred) 127 128 config.SetDisableIMDSv1(false) 129 cred, err = NewCredential(config) 130 assert.Nil(t, err) 131 assert.NotNil(t, cred) 132 133 config.SetEnableIMDSv2(true) 134 cred, err = NewCredential(config) 135 assert.Nil(t, err) 136 assert.NotNil(t, cred) 137 138 config.SetDisableIMDSv1(true) 139 cred, err = NewCredential(config) 140 assert.Nil(t, err) 141 assert.NotNil(t, cred) 142 143 config.SetEnableIMDSv2(true) 144 config.SetMetadataTokenDuration(180) 145 cred, err = NewCredential(config) 146 assert.Nil(t, err) 147 assert.NotNil(t, cred) 148 } 149 150 func TestNewCredentialWithRSAKeyPair(t *testing.T) { 151 config := new(Config) 152 config.SetType("rsa_key_pair") 153 cred, err := NewCredential(config) 154 assert.NotNil(t, err) 155 assert.Equal(t, "PrivateKeyFile cannot be empty", err.Error()) 156 assert.Nil(t, cred) 157 158 config.SetPrivateKeyFile("test") 159 cred, err = NewCredential(config) 160 assert.NotNil(t, err) 161 assert.Equal(t, "PublicKeyId cannot be empty", err.Error()) 162 assert.Nil(t, cred) 163 164 config. 165 SetPublicKeyId("resource"). 166 SetPrivateKeyFile("nofile"). 167 SetSessionExpiration(10). 168 SetRoleSessionExpiration(10). 169 SetPolicy(""). 170 SetHost(""). 171 SetTimeout(10). 172 SetConnectTimeout(10). 173 SetProxy("") 174 cred, err = NewCredential(config) 175 assert.NotNil(t, err) 176 assert.Contains(t, err.Error(), "InvalidPath: Can not open PrivateKeyFile, err is open nofile:") 177 assert.Nil(t, cred) 178 179 file, err := os.Create("./pk.pem") 180 assert.Nil(t, err) 181 file.WriteString(privatekey) 182 file.Close() 183 184 config.SetType("rsa_key_pair"). 185 SetPublicKeyId("resource"). 186 SetPrivateKeyFile("./pk.pem") 187 cred, err = NewCredential(config) 188 assert.Nil(t, err) 189 assert.NotNil(t, cred) 190 } 191 192 func TestNewCredentialWithRAMRoleARN(t *testing.T) { 193 config := new(Config) 194 config.SetType("ram_role_arn") 195 config.SetAccessKeyId("") 196 cred, err := NewCredential(config) 197 assert.NotNil(t, err) 198 assert.Equal(t, "the access key id is empty", err.Error()) 199 assert.Nil(t, cred) 200 201 config.SetAccessKeyId("akid") 202 config.SetAccessKeySecret("") 203 cred, err = NewCredential(config) 204 assert.NotNil(t, err) 205 assert.Equal(t, "the access key secret is empty", err.Error()) 206 assert.Nil(t, cred) 207 208 config.SetAccessKeySecret("AccessKeySecret") 209 cred, err = NewCredential(config) 210 assert.NotNil(t, err) 211 assert.Equal(t, "the RoleArn is empty", err.Error()) 212 assert.Nil(t, cred) 213 214 config.SetRoleArn("roleArn") 215 cred, err = NewCredential(config) 216 assert.Nil(t, err) 217 assert.NotNil(t, cred) 218 219 config.SetRoleSessionName("role_session_name") 220 cred, err = NewCredential(config) 221 assert.Nil(t, err) 222 assert.NotNil(t, cred) 223 224 // empty security token should ok 225 config.SetSecurityToken("") 226 cred, err = NewCredential(config) 227 assert.Nil(t, err) 228 assert.NotNil(t, cred) 229 230 // with sts should ok 231 config.SetSecurityToken("securitytoken") 232 cred, err = NewCredential(config) 233 assert.Nil(t, err) 234 assert.NotNil(t, cred) 235 236 config.SetExternalId("externalId") 237 config.SetPolicy("policy") 238 config.SetRoleSessionExpiration(3600) 239 config.SetRoleSessionName("roleSessionName") 240 cred, err = NewCredential(config) 241 assert.Nil(t, err) 242 assert.NotNil(t, cred) 243 244 } 245 246 func TestNewCredentialWithBearerToken(t *testing.T) { 247 config := new(Config) 248 config.SetType("bearer") 249 cred, err := NewCredential(config) 250 assert.NotNil(t, err) 251 assert.Equal(t, "BearerToken cannot be empty", err.Error()) 252 assert.Nil(t, cred) 253 254 config.SetBearerToken("BearerToken") 255 cred, err = NewCredential(config) 256 assert.Nil(t, err) 257 assert.NotNil(t, cred) 258 } 259 260 func TestNewCredentialWithOIDC(t *testing.T) { 261 config := new(Config) 262 // oidc role arn 263 config.SetType("oidc_role_arn") 264 cred, err := NewCredential(config) 265 assert.NotNil(t, err) 266 assert.Equal(t, "the OIDCTokenFilePath is empty", err.Error()) 267 assert.Nil(t, cred) 268 269 config.SetOIDCTokenFilePath("oidc_token_file_path_test") 270 cred, err = NewCredential(config) 271 assert.NotNil(t, err) 272 assert.Equal(t, "the OIDCProviderARN is empty", err.Error()) 273 assert.Nil(t, cred) 274 275 config.SetOIDCProviderArn("oidc_provider_arn_test") 276 cred, err = NewCredential(config) 277 assert.NotNil(t, err) 278 assert.Equal(t, "the RoleArn is empty", err.Error()) 279 assert.Nil(t, cred) 280 281 config.SetRoleArn("role_arn_test") 282 cred, err = NewCredential(config) 283 assert.Nil(t, err) 284 assert.NotNil(t, cred) 285 assert.Equal(t, "oidc_provider_arn_test", tea.StringValue(config.OIDCProviderArn)) 286 assert.Equal(t, "oidc_token_file_path_test", tea.StringValue(config.OIDCTokenFilePath)) 287 assert.Equal(t, "role_arn_test", tea.StringValue(config.RoleArn)) 288 } 289 290 func TestNewCredentialWithCredentialsURI(t *testing.T) { 291 config := new(Config) 292 293 config.SetType("credentials_uri"). 294 SetURLCredential("http://test/") 295 cred, err := NewCredential(config) 296 assert.Nil(t, err) 297 assert.NotNil(t, cred) 298 assert.Equal(t, "http://test/", tea.StringValue(config.Url)) 299 300 config.SetURLCredential("") 301 cred, err = NewCredential(config) 302 assert.NotNil(t, err) 303 assert.Nil(t, cred) 304 assert.Equal(t, "", tea.StringValue(config.Url)) 305 } 306 307 func TestNewCredentialWithInvalidType(t *testing.T) { 308 config := new(Config) 309 config.SetType("sdk") 310 cred, err := NewCredential(config) 311 assert.NotNil(t, err) 312 assert.Equal(t, "invalid type option, support: access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri", err.Error()) 313 assert.Nil(t, cred) 314 } 315 316 func Test_doaction(t *testing.T) { 317 request := request.NewCommonRequest() 318 request.Method = "credential test" 319 content, err := doAction(request, nil) 320 assert.NotNil(t, err) 321 assert.Equal(t, `net/http: invalid method "credential test"`, err.Error()) 322 assert.Nil(t, content) 323 request.Method = "GET" 324 request.URL = "http://www.aliyun.com" 325 runtime := &utils.Runtime{ 326 Proxy: "# #%gfdf", 327 } 328 content, err = doAction(request, runtime) 329 assert.Contains(t, err.Error(), `invalid URL escape`) 330 assert.NotNil(t, err) 331 assert.Nil(t, content) 332 }