github.com/aliyun/credentials-go@v1.4.7/credentials/profile_provider_test.go

package credentials

import (
	"os"
	"runtime"
	"strings"
	"testing"

	"github.com/alibabacloud-go/tea/tea"
	"github.com/stretchr/testify/assert"
)

var inistr = `
[default]
enable = true
type = access_key
access_key_id = foo
access_key_secret = bar

[notype]
access_key_id = foo
access_key_secret = bar

[noak]
type = access_key
access_key_secret = bar

[emptyak]
type = access_key
access_key_id =
access_key_secret = bar

[noaksecret]
type = access_key
access_key_id =  bar

[emptyaksecret]
type = access_key
access_key_id =  bar
access_key_secret =

[ecs]
type = ecs_ram_role
role_name = EcsRamRoleTest

[noecs]
type = ecs_ram_role

[emptyecs]
type = ecs_ram_role
role_name =

[invalidRuntimeEcs]
type = ecs_ram_role
role_name = EcsRamRoleTest
timeout = a

[ram]
type = ram_role_arn
access_key_id = foo
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name

[noramak]
type = ram_role_arn
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name

[emptyramak]
type = ram_role_arn
access_key_id =
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name

[noramsecret]
type = ram_role_arn
access_key_id = id
role_arn = role_arn
role_session_name = session_name  

[emptyramsecret]
type = ram_role_arn
access_key_id = id
access_key_secret =
role_arn = role_arn
role_session_name = session_name

[noramarn]
type = ram_role_arn
access_key_id = id
access_key_secret = bar
role_session_name = session_name

[emptyramarn]
type = ram_role_arn
access_key_id = id
access_key_secret = bar
role_arn =
role_session_name = session_name

[noramsessionname]                                         
type = ram_role_arn   
access_key_id = id             
access_key_secret = bar
role_arn = role_arn

[emptyramsessionname]                                         
type = ram_role_arn                
access_key_id = id
access_key_secret = bar
role_arn = role_arn
role_session_name =

[invalidexpirationram]                                         
type = ram_role_arn                
access_key_id = foo
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name
role_session_expiration = a

[invalidRuntimeram]                         
type = ram_role_arn                
access_key_id = foo
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name
timeout = a

[sts]                                         
type = sts                
access_key_id = foo
access_key_secret = bar
security_token= token

[nostskey]                                         
type = sts                
access_key_secret = bar
security_token= token 

[emptystskey]                                         
type = sts                
access_key_id =
access_key_secret = bar
security_token= token

[nostssecret]                                         
type = sts    
access_key_id = id          
security_token= token 

[emptystssecret]                                         
type = sts                
access_key_id = id
access_key_secret =
security_token= token

[noststoken]                                         
type = sts     
access_key_id = id           
access_key_secret = bar

[emptyststoken]                                         
type = sts                
access_key_id = id
access_key_secret = bar
security_token=

[bearer]                                         
type = bearer                
bearer_token = foo 

[nobearer]                                         
type = bearer                

[emptybearer]                                         
type = bearer                
bearer_token = 

[rsa]                          
type = rsa_key_pair               
public_key_id = publicKeyId       
private_key_file = ./pk.pem
proxy = www.aliyun.com
timeout = 10
connect_timeout = 10
host = www.aliyun.com

[norsaprivate]
type = rsa_key_pair
public_key_id = publicKeyId

[emptyrsaprivate]
type = rsa_key_pair
public_key_id = publicKeyId
private_key_file = 

[norsapublic]
type = rsa_key_pair
private_key_file = ./pk.pem

[emptyrsapublic]
type = rsa_key_pair
public_key_id =
private_key_file = ./pk.pem

[invalidexpirationrsa]
type = rsa_key_pair
public_key_id = publicKeyId
private_key_file = ./pk.pem
session_expiration = a

[invalidTimeoutrsa]
type = rsa_key_pair
public_key_id = publicKeyId
private_key_file = ./pk.pem
timeout = a

[invalidConnectTimeoutrsa]
type = rsa_key_pair
public_key_id = publicKeyId
private_key_file = ./pk.pem
connect_timeout = a

[error_type]
type = error_type
public_key_id = publicKeyId
private_key_file = ./pk_error.pem
`

func TestProfileProvider(t *testing.T) {
	var HOME string
	if runtime.GOOS == "windows" {
		HOME = "USERPROFILE"
	} else {
		HOME = "HOME"
	}
	path, ok := os.LookupEnv(HOME)
	assert.True(t, ok)
	os.Unsetenv(HOME)

	// testcase 1, no HOME or USERPROFILE environment variable set
	p := newProfileProvider()
	c, err := p.resolve()
	assert.Nil(t, c)
	assert.EqualError(t, err, "the default credential file path is invalid")

	originFilePath := os.Getenv(ENVCredentialFile)
	os.Setenv(ENVCredentialFile, "")
	defer func() {
		os.Setenv(ENVCredentialFile, originFilePath)
	}()
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.EqualError(t, err, "ALIBABA_CLOUD_CREDENTIALS_FILE cannot be empty")

	// testcase 2, default profile object
	os.Unsetenv(ENVCredentialFile)
	os.Setenv(HOME, path)
	p = newProfileProvider()
	value, ok := p.(*profileProvider)
	assert.True(t, ok)
	assert.Equal(t, value.Profile, "default")

	// testcase 3, credential file does not exist in the default path
	// and section name does not exist
	p = newProfileProvider("first")
	value, ok = p.(*profileProvider)
	assert.True(t, ok)
	assert.Equal(t, value.Profile, "first")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Nil(t, err)

	// testcase 4, credential file path is error
	os.Setenv(ENVCredentialFile, "../../credentials_error")
	p = newProfileProvider()
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.True(t, strings.Contains(err.Error(), "ERROR: Can not open file"))

	// create profile
	os.Setenv(ENVCredentialFile, "./credentials")

	file, err := os.Create("./credentials")
	assert.Nil(t, err)
	file.WriteString(inistr)
	file.Close()
	defer os.Remove("./credentials")

	// testcase 5, section does not exist
	p = newProfileProvider("NonExist")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Contains(t, err.Error(), "ERROR: Can not load section section")

	// testcase 6, credential type does not set
	p = newProfileProvider("notype")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Contains(t, err.Error(), "missing required type option error when getting key of section")

	// testcase 7, normal AK
	p = newProfileProvider()
	c, err = p.resolve()
	assert.Equal(t, "access_key", tea.StringValue(c.Type))
	assert.Nil(t, err)
	// testcase 8, access_key_id key does not exist
	p = newProfileProvider("noak")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_id option in profile for access_key", err.Error())
	// testcase 9, access_key_id value is empty
	p = newProfileProvider("emptyak")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_id cannot be empty", err.Error())
	// testcase 10, access_key_secret key does not exist
	p = newProfileProvider("noaksecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_secret option in profile for access_key", err.Error())
	// testcase 11, access_key_secret value is empty
	p = newProfileProvider("emptyaksecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_secret cannot be empty", err.Error())

	//testcase 12, normal EcsRamRole
	p = newProfileProvider("ecs")
	c, err = p.resolve()
	assert.Equal(t, "ecs_ram_role", tea.StringValue(c.Type))
	assert.Nil(t, err)
	//testcase 15, timeout is not int
	p = newProfileProvider("invalidRuntimeEcs")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "please set timeout with an int value", err.Error())

	//testcase 16, normal RamRoleArn
	p = newProfileProvider("ram")
	c, err = p.resolve()
	assert.Equal(t, "ram_role_arn", tea.StringValue(c.Type))
	assert.Nil(t, err)
	//testcase 17, access_key_id key does not exist
	p = newProfileProvider("noramak")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_id option in profile for ram_role_arn", err.Error())
	//testcase 18, access_key_id value is empty
	p = newProfileProvider("emptyramak")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_id cannot be empty", err.Error())
	//testcase 19, access_key_secret key does not exist
	p = newProfileProvider("noramsecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_secret option in profile for ram_role_arn", err.Error())
	//testcase 20, access_key_secret value is empty
	p = newProfileProvider("emptyramsecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_secret cannot be empty", err.Error())
	//testcase 21, role_arn key does not exist
	p = newProfileProvider("noramarn")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required role_arn option in profile for ram_role_arn", err.Error())
	//testcase 22, role_arn value is empty
	p = newProfileProvider("emptyramarn")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "role_arn cannot be empty", err.Error())
	//testcase 23, role_session_name key does not exist
	p = newProfileProvider("noramsessionname")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required role_session_name option in profile for ram_role_arn", err.Error())
	//testcase 24, role_session_name value is empty
	p = newProfileProvider("emptyramsessionname")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "role_session_name cannot be empty", err.Error())
	//testcase 25, role_session_expiration is not int
	p = newProfileProvider("invalidexpirationram")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "role_session_expiration must be an int", err.Error())
	//testcase 26, timeout is not int
	p = newProfileProvider("invalidRuntimeram")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "please set timeout with an int value", err.Error())

	//testase 27, normal RsaKeyPair
	file, err = os.Create("./pk.pem")
	assert.Nil(t, err)
	_, err = file.WriteString(privatekey)
	assert.Nil(t, err)
	file.Close()

	p = newProfileProvider("rsa")
	c, err = p.resolve()
	assert.Equal(t, "rsa_key_pair", tea.StringValue(c.Type))
	assert.Nil(t, err)
	defer os.Remove(`./pk.pem`)
	//testcase 28, private_key_file key does not exist
	p = newProfileProvider("norsaprivate")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required private_key_file option in profile for rsa_key_pair", err.Error())
	//testcase 29, private_key_file value is empty
	p = newProfileProvider("emptyrsaprivate")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "private_key_file cannot be empty", err.Error())
	//testcase 30, public_key_id key does not exist
	p = newProfileProvider("norsapublic")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required public_key_id option in profile for rsa_key_pair", err.Error())
	//testcase 31, public_key_id value is empty
	p = newProfileProvider("emptyrsapublic")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "public_key_id cannot be empty", err.Error())
	//testcase 32, session_expiration is not int
	p = newProfileProvider("invalidexpirationrsa")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "session_expiration must be an int", err.Error())
	//testcase 33, timeout is not int
	p = newProfileProvider("invalidTimeoutrsa")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "please set timeout with an int value", err.Error())
	//testcase 34, connect_timeout is not int
	p = newProfileProvider("invalidConnectTimeoutrsa")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "please set connect_timeout with an int value", err.Error())

	//testcase 35, normal RamRoleArn
	p = newProfileProvider("sts")
	c, err = p.resolve()
	assert.Equal(t, "sts", tea.StringValue(c.Type))
	assert.Nil(t, err)
	//testcase 36, access_key_id key does not exist
	p = newProfileProvider("nostskey")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_id option in profile for sts", err.Error())
	//testcase 37, access_key_id value is empty
	p = newProfileProvider("emptystskey")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_id cannot be empty", err.Error())
	//testcase 38, access_key_secret key does not exist
	p = newProfileProvider("nostssecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required access_key_secret option in profile for sts", err.Error())
	//testcase 39, access_key_secret value is empty
	p = newProfileProvider("emptystssecret")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "access_key_secret cannot be empty", err.Error())
	//testcase 40, security_token access_key_secretkey does not exist
	p = newProfileProvider("noststoken")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required security_token option in profile for sts", err.Error())
	//testcase 41, security_token value is empty
	p = newProfileProvider("emptyststoken")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "security_token cannot be empty", err.Error())

	//testcase 42, normal RamRoleArn
	p = newProfileProvider("bearer")
	c, err = p.resolve()
	assert.Equal(t, "bearer", tea.StringValue(c.Type))
	assert.Nil(t, err)
	//testcase 43, key does not exist
	p = newProfileProvider("nobearer")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "missing required bearer_token option in profile for bearer", err.Error())
	//testcase 44, value is empty
	p = newProfileProvider("emptybearer")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "bearer_token cannot be empty", err.Error())

	//testcase 45, credential type is error
	p = newProfileProvider("error_type")
	c, err = p.resolve()
	assert.Nil(t, c)
	assert.Equal(t, "invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair", err.Error())
}

func TestHookState(t *testing.T) {
	info, err := hookState(nil, nil)
	assert.Nil(t, info)
	assert.Nil(t, err)

	originHookState := hookState
	hookState = func(info os.FileInfo, err error) (os.FileInfo, error) {
		return nil, nil
	}
	defer func() {
		hookState = originHookState
	}()
	path, err := checkDefaultPath()
	assert.Nil(t, err)
	assert.NotNil(t, path)
}