github.com/aliyun/credentials-go@v1.4.7/credentials/provider_chain_test.go

github.com/aliyun/credentials-go@v1.4.7/credentials/provider_chain_test.go (about)

     1  package credentials
     2  
     3  import (
     4  	"os"
     5  	"testing"
     6  
     7  	"github.com/alibabacloud-go/tea/tea"
     8  	"github.com/stretchr/testify/assert"
     9  )
    10  
    11  func TestProviderChain(t *testing.T) {
    12  	env := newEnvProvider()
    13  	pp := newProfileProvider()
    14  	instanceP := newInstanceCredentialsProvider()
    15  
    16  	pc := newProviderChain([]Provider{env, pp, instanceP})
    17  
    18  	originAccessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
    19  	originAccessKeyId := os.Getenv(EnvVarAccessKeyId)
    20  	originAccessKeySecret := os.Getenv(EnvVarAccessKeySecret)
    21  	os.Setenv(EnvVarAccessKeyId, "")
    22  	os.Setenv(EnvVarAccessKeyIdNew, "")
    23  	os.Setenv(EnvVarAccessKeySecret, "")
    24  	defer func() {
    25  		os.Setenv(EnvVarAccessKeyIdNew, originAccessKeyIdNew)
    26  		os.Setenv(EnvVarAccessKeyId, originAccessKeyId)
    27  		os.Setenv(EnvVarAccessKeySecret, originAccessKeySecret)
    28  	}()
    29  	c, err := pc.resolve()
    30  	assert.Nil(t, c)
    31  	assert.EqualError(t, err, "ALIBABA_CLOUD_ACCESS_KEY_ID or ALIBABA_CLOUD_ACCESS_KEY_Id cannot be empty")
    32  
    33  	os.Setenv(EnvVarAccessKeyId, "AccessKeyId")
    34  	os.Setenv(EnvVarAccessKeySecret, "AccessKeySecret")
    35  	c, err = pc.resolve()
    36  	assert.NotNil(t, c)
    37  	assert.Nil(t, err)
    38  
    39  	os.Unsetenv(EnvVarAccessKeyId)
    40  	os.Unsetenv(EnvVarAccessKeySecret)
    41  	os.Unsetenv(ENVCredentialFile)
    42  	os.Unsetenv(ENVEcsMetadata)
    43  
    44  	c, err = pc.resolve()
    45  	assert.Nil(t, c)
    46  	assert.EqualError(t, err, "no credential found")
    47  }
    48  
    49  func TestDefaultChainNoCred(t *testing.T) {
    50  	accessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
    51  	accessKeyId := os.Getenv(EnvVarAccessKeyId)
    52  	accessKeySecret := os.Getenv(EnvVarAccessKeySecret)
    53  	ecsMetadata := os.Getenv(ENVEcsMetadata)
    54  	roleArn := os.Getenv(ENVRoleArn)
    55  	oidcProviderArn := os.Getenv(ENVOIDCProviderArn)
    56  	oidcTokenFilePath := os.Getenv(ENVOIDCTokenFile)
    57  	roleSessionName := os.Getenv(ENVRoleSessionName)
    58  	os.Unsetenv(EnvVarAccessKeyId)
    59  	os.Unsetenv(EnvVarAccessKeySecret)
    60  	os.Unsetenv(ENVCredentialFile)
    61  	os.Unsetenv(ENVEcsMetadata)
    62  	os.Unsetenv(ENVRoleArn)
    63  	os.Unsetenv(ENVOIDCProviderArn)
    64  	os.Unsetenv(ENVOIDCTokenFile)
    65  	os.Unsetenv(ENVRoleSessionName)
    66  	defer func() {
    67  		os.Setenv(EnvVarAccessKeyIdNew, accessKeyIdNew)
    68  		os.Setenv(EnvVarAccessKeyId, accessKeyId)
    69  		os.Setenv(EnvVarAccessKeySecret, accessKeySecret)
    70  		os.Setenv(ENVEcsMetadata, ecsMetadata)
    71  		os.Setenv(ENVRoleArn, roleArn)
    72  		os.Setenv(ENVOIDCProviderArn, oidcProviderArn)
    73  		os.Setenv(ENVOIDCTokenFile, oidcTokenFilePath)
    74  		os.Setenv(ENVRoleSessionName, roleSessionName)
    75  	}()
    76  
    77  	chain, err := defaultChain.resolve()
    78  	assert.Nil(t, chain)
    79  	assert.Equal(t, "no credential found", err.Error())
    80  }
    81  
    82  func TestDefaultChainHasCred(t *testing.T) {
    83  	accessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
    84  	accessKeyId := os.Getenv(EnvVarAccessKeyId)
    85  	accessKeySecret := os.Getenv(EnvVarAccessKeySecret)
    86  	os.Unsetenv(EnvVarAccessKeyId)
    87  	os.Unsetenv(EnvVarAccessKeySecret)
    88  	os.Unsetenv(ENVCredentialFile)
    89  
    90  	path, _ := os.Getwd()
    91  	oidcTokenFilePathVar := path + "/oidc_token"
    92  	roleArn := os.Getenv(ENVRoleArn)
    93  	oidcProviderArn := os.Getenv(ENVOIDCProviderArn)
    94  	oidcTokenFilePath := os.Getenv(ENVOIDCTokenFile)
    95  	roleSessionName := os.Getenv(ENVRoleSessionName)
    96  	os.Setenv(ENVRoleArn, "acs:ram::roleArn:role/roleArn")
    97  	os.Setenv(ENVOIDCProviderArn, "acs:ram::roleArn")
    98  	os.Setenv(ENVOIDCTokenFile, oidcTokenFilePathVar)
    99  	os.Setenv(ENVRoleSessionName, "roleSessionName")
   100  	defer func() {
   101  		os.Setenv(EnvVarAccessKeyIdNew, accessKeyIdNew)
   102  		os.Setenv(EnvVarAccessKeyId, accessKeyId)
   103  		os.Setenv(EnvVarAccessKeySecret, accessKeySecret)
   104  		os.Setenv(ENVRoleArn, roleArn)
   105  		os.Setenv(ENVOIDCProviderArn, oidcProviderArn)
   106  		os.Setenv(ENVOIDCTokenFile, oidcTokenFilePath)
   107  		os.Setenv(ENVRoleSessionName, roleSessionName)
   108  	}()
   109  
   110  	config, err := defaultChain.resolve()
   111  	assert.NotNil(t, config)
   112  	assert.Nil(t, err)
   113  	assert.Equal(t, "acs:ram::roleArn:role/roleArn", tea.StringValue(config.RoleArn))
   114  	assert.Equal(t, "acs:ram::roleArn", tea.StringValue(config.OIDCProviderArn))
   115  	assert.Equal(t, oidcTokenFilePathVar, tea.StringValue(config.OIDCTokenFilePath))
   116  	assert.Equal(t, "roleSessionName", tea.StringValue(config.RoleSessionName))
   117  	assert.Equal(t, "oidc_role_arn", tea.StringValue(config.Type))
   118  
   119  	os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "true")
   120  	cred, err := NewCredential(nil)
   121  	assert.Nil(t, err)
   122  	assert.NotNil(t, cred)
   123  	assert.Equal(t, "default", *cred.GetType())
   124  }