github.com/aliyun/credentials-go@v1.4.7/credentials/ecs_ram_role_credentials_provider_test.go (about) 1 package credentials 2 3 import ( 4 "errors" 5 "net/http" 6 "testing" 7 8 "github.com/stretchr/testify/assert" 9 ) 10 11 func Test_EcsRAmRoleCredential(t *testing.T) { 12 credentialUpdater := new(credentialUpdater) 13 credentialUpdater.inAdvanceScale = 0.5 14 auth := &ECSRAMRoleCredentialsProvider{ 15 RoleName: "go sdk", 16 credentialUpdater: credentialUpdater, 17 runtime: nil, 18 } 19 origTestHookDo := hookDo 20 defer func() { hookDo = origTestHookDo }() 21 22 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 23 return func(req *http.Request) (*http.Response, error) { 24 return mockResponse(300, ``, errors.New("sdk test")) 25 } 26 } 27 accesskeyId, err := auth.GetAccessKeyId() 28 assert.NotNil(t, err) 29 assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error()) 30 assert.Nil(t, accesskeyId) 31 32 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 33 return func(req *http.Request) (*http.Response, error) { 34 return mockResponse(300, ``, nil) 35 } 36 } 37 accesskeyId, err = auth.GetAccessKeyId() 38 assert.NotNil(t, err) 39 assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) 40 assert.Nil(t, accesskeyId) 41 42 accesskeySecret, err := auth.GetAccessKeySecret() 43 assert.NotNil(t, err) 44 assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) 45 assert.Nil(t, accesskeySecret) 46 47 ststoken, err := auth.GetSecurityToken() 48 assert.NotNil(t, err) 49 assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) 50 assert.Nil(t, ststoken) 51 52 assert.Equal(t, "", *auth.GetBearerToken()) 53 54 assert.Equal(t, "ecs_ram_role", *auth.GetType()) 55 56 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 57 return func(req *http.Request) (*http.Response, error) { 58 return mockResponse(400, `role`, nil) 59 } 60 } 61 auth.RoleName = "" 62 _, err = auth.GetAccessKeyId() 63 assert.NotNil(t, err) 64 assert.Equal(t, "refresh Ecs sts token err: httpStatus: 400, message = role", err.Error()) 65 66 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 67 return func(req *http.Request) (*http.Response, error) { 68 return mockResponse(200, `role`, nil) 69 } 70 } 71 _, err = auth.GetAccessKeyId() 72 assert.NotNil(t, err) 73 assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character 'r' looking for beginning of value", err.Error()) 74 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 75 return func(req *http.Request) (*http.Response, error) { 76 return mockResponse(200, `"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"`, nil) 77 } 78 } 79 auth.RoleName = "role" 80 accesskeyId, err = auth.GetAccessKeyId() 81 assert.NotNil(t, err) 82 assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error()) 83 assert.Nil(t, accesskeyId) 84 85 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 86 return func(req *http.Request) (*http.Response, error) { 87 return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"fail"}`, nil) 88 } 89 } 90 accesskeyId, err = auth.GetAccessKeyId() 91 assert.NotNil(t, err) 92 assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error()) 93 assert.Nil(t, accesskeyId) 94 95 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 96 return func(req *http.Request) (*http.Response, error) { 97 return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"Success"}`, nil) 98 } 99 } 100 accesskeyId, err = auth.GetAccessKeyId() 101 assert.NotNil(t, err) 102 assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error()) 103 assert.Nil(t, accesskeyId) 104 105 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 106 return func(req *http.Request) (*http.Response, error) { 107 return mockResponse(200, `{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2018-01-02T15:04:05Z","Code":"Success"}`, nil) 108 } 109 } 110 accesskeyId, err = auth.GetAccessKeyId() 111 assert.Nil(t, err) 112 assert.Equal(t, "accessKeyId", *accesskeyId) 113 114 accesskeySecret, err = auth.GetAccessKeySecret() 115 assert.Nil(t, err) 116 assert.Equal(t, "accessKeySecret", *accesskeySecret) 117 118 ststoken, err = auth.GetSecurityToken() 119 assert.Nil(t, err) 120 assert.Equal(t, "securitytoken", *ststoken) 121 122 err = errors.New("credentials") 123 err = hookParse(err) 124 assert.Equal(t, "credentials", err.Error()) 125 126 cred, err := auth.GetCredential() 127 assert.Nil(t, err) 128 assert.Equal(t, "accessKeyId", *cred.AccessKeyId) 129 assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret) 130 assert.Equal(t, "securitytoken", *cred.SecurityToken) 131 assert.Nil(t, cred.BearerToken) 132 assert.Equal(t, "ecs_ram_role", *cred.Type) 133 134 originHookParse := hookParse 135 hookParse = func(err error) error { 136 return errors.New("error parse") 137 } 138 defer func() { 139 hookParse = originHookParse 140 }() 141 accesskeyId, err = auth.GetAccessKeyId() 142 assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error()) 143 assert.Nil(t, accesskeyId) 144 } 145 146 func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { 147 auth := newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", false, 0, 0.5, nil) 148 origTestHookDo := hookDo 149 defer func() { hookDo = origTestHookDo }() 150 151 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 152 return func(req *http.Request) (*http.Response, error) { 153 return mockResponse(300, ``, errors.New("sdk test")) 154 } 155 } 156 accesskeyId, err := auth.GetAccessKeyId() 157 assert.NotNil(t, err) 158 assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error()) 159 assert.Nil(t, accesskeyId) 160 161 auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 0, 0.5, nil) 162 accesskeyId, err = auth.GetAccessKeyId() 163 assert.NotNil(t, err) 164 assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error()) 165 assert.Nil(t, accesskeyId) 166 167 auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 180, 0.5, nil) 168 accesskeyId, err = auth.GetAccessKeyId() 169 assert.NotNil(t, err) 170 assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error()) 171 assert.Nil(t, accesskeyId) 172 173 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 174 return func(req *http.Request) (*http.Response, error) { 175 return mockResponse(300, ``, nil) 176 } 177 } 178 accesskeyId, err = auth.GetAccessKeyId() 179 assert.NotNil(t, err) 180 assert.Equal(t, "failed to get token from ECS Metadata Service: httpStatus: 300, message = ", err.Error()) 181 assert.Nil(t, accesskeyId) 182 183 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 184 return func(req *http.Request) (*http.Response, error) { 185 return mockResponse(400, `role`, nil) 186 } 187 } 188 auth.RoleName = "" 189 _, err = auth.GetAccessKeyId() 190 assert.NotNil(t, err) 191 assert.Equal(t, "refresh Ecs sts token err: httpStatus: 400, message = role", err.Error()) 192 193 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 194 return func(req *http.Request) (*http.Response, error) { 195 return mockResponse(200, `role`, nil) 196 } 197 } 198 _, err = auth.GetAccessKeyId() 199 assert.NotNil(t, err) 200 assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character 'r' looking for beginning of value", err.Error()) 201 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 202 return func(req *http.Request) (*http.Response, error) { 203 return mockResponse(200, `"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"`, nil) 204 } 205 } 206 auth.RoleName = "role" 207 accesskeyId, err = auth.GetAccessKeyId() 208 assert.NotNil(t, err) 209 assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error()) 210 assert.Nil(t, accesskeyId) 211 212 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 213 return func(req *http.Request) (*http.Response, error) { 214 return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"fail"}`, nil) 215 } 216 } 217 accesskeyId, err = auth.GetAccessKeyId() 218 assert.NotNil(t, err) 219 assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error()) 220 assert.Nil(t, accesskeyId) 221 222 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 223 return func(req *http.Request) (*http.Response, error) { 224 return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"Success"}`, nil) 225 } 226 } 227 accesskeyId, err = auth.GetAccessKeyId() 228 assert.NotNil(t, err) 229 assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error()) 230 assert.Nil(t, accesskeyId) 231 232 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 233 return func(req *http.Request) (*http.Response, error) { 234 return mockResponse(200, `{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2018-01-02T15:04:05Z","Code":"Success"}`, nil) 235 } 236 } 237 accesskeyId, err = auth.GetAccessKeyId() 238 assert.Nil(t, err) 239 assert.Equal(t, "accessKeyId", *accesskeyId) 240 241 accesskeySecret, err := auth.GetAccessKeySecret() 242 assert.Nil(t, err) 243 assert.Equal(t, "accessKeySecret", *accesskeySecret) 244 245 ststoken, err := auth.GetSecurityToken() 246 assert.Nil(t, err) 247 assert.Equal(t, "securitytoken", *ststoken) 248 249 err = errors.New("credentials") 250 err = hookParse(err) 251 assert.Equal(t, "credentials", err.Error()) 252 253 cred, err := auth.GetCredential() 254 assert.Nil(t, err) 255 assert.Equal(t, "accessKeyId", *cred.AccessKeyId) 256 assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret) 257 assert.Equal(t, "securitytoken", *cred.SecurityToken) 258 assert.Nil(t, cred.BearerToken) 259 assert.Equal(t, "ecs_ram_role", *cred.Type) 260 261 originHookParse := hookParse 262 hookParse = func(err error) error { 263 return errors.New("error parse") 264 } 265 defer func() { 266 hookParse = originHookParse 267 }() 268 accesskeyId, err = auth.GetAccessKeyId() 269 assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error()) 270 assert.Nil(t, accesskeyId) 271 }