github.com/aliyun/credentials-go@v1.4.7/credentials/providers/cli_profile_test.go (about) 1 package providers 2 3 import ( 4 "os" 5 "path" 6 "strings" 7 "testing" 8 "time" 9 10 httputil "github.com/aliyun/credentials-go/credentials/internal/http" 11 "github.com/aliyun/credentials-go/credentials/internal/utils" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 func TestCLIProfileCredentialsProvider(t *testing.T) { 16 rollback := utils.Memory("ALIBABA_CLOUD_PROFILE", "ALIBABA_CLOUD_CLI_PROFILE_DISABLED") 17 defer rollback() 18 19 b, err := NewCLIProfileCredentialsProviderBuilder(). 20 Build() 21 assert.Nil(t, err) 22 assert.Equal(t, "", b.profileName) 23 24 // get from env 25 os.Setenv("ALIBABA_CLOUD_PROFILE", "custom_profile") 26 b, err = NewCLIProfileCredentialsProviderBuilder(). 27 Build() 28 assert.Nil(t, err) 29 assert.Equal(t, "custom_profile", b.profileName) 30 31 b, err = NewCLIProfileCredentialsProviderBuilder(). 32 WithProfileName("profilename"). 33 Build() 34 assert.Nil(t, err) 35 assert.Equal(t, "profilename", b.profileName) 36 37 os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "True") 38 _, err = NewCLIProfileCredentialsProviderBuilder(). 39 WithProfileName("profilename"). 40 Build() 41 assert.Equal(t, "the CLI profile is disabled", err.Error()) 42 43 } 44 45 func Test_configuration(t *testing.T) { 46 wd, _ := os.Getwd() 47 _, err := newConfigurationFromPath(path.Join(wd, "fixtures/inexist_cli_config.json")) 48 assert.NotNil(t, err) 49 assert.True(t, strings.HasPrefix(err.Error(), "reading aliyun cli config from ")) 50 51 _, err = newConfigurationFromPath(path.Join(wd, "fixtures/invalid_cli_config.json")) 52 assert.NotNil(t, err) 53 assert.True(t, strings.HasPrefix(err.Error(), "unmarshal aliyun cli config from ")) 54 55 _, err = newConfigurationFromPath(path.Join(wd, "fixtures/mock_empty_cli_config.json")) 56 assert.True(t, strings.HasPrefix(err.Error(), "no any configured profiles in ")) 57 58 conf, err := newConfigurationFromPath(path.Join(wd, "fixtures/mock_cli_config.json")) 59 assert.Nil(t, err) 60 assert.Equal(t, &configuration{ 61 Current: "default", 62 Profiles: []*profile{ 63 { 64 Mode: "AK", 65 Name: "default", 66 AccessKeyID: "akid", 67 AccessKeySecret: "secret", 68 }, 69 { 70 Mode: "AK", 71 Name: "jacksontian", 72 AccessKeyID: "akid", 73 AccessKeySecret: "secret", 74 }, 75 }, 76 }, conf) 77 78 _, err = conf.getProfile("inexists") 79 assert.EqualError(t, err, "unable to get profile with 'inexists'") 80 81 p, err := conf.getProfile("jacksontian") 82 assert.Nil(t, err) 83 assert.Equal(t, p.Name, "jacksontian") 84 assert.Equal(t, p.Mode, "AK") 85 } 86 87 func TestCLIProfileCredentialsProvider_getCredentialsProvider(t *testing.T) { 88 conf := &configuration{ 89 Current: "AK", 90 Profiles: []*profile{ 91 { 92 Mode: "AK", 93 Name: "AK", 94 AccessKeyID: "akid", 95 AccessKeySecret: "secret", 96 }, 97 { 98 Mode: "StsToken", 99 Name: "StsToken", 100 AccessKeyID: "access_key_id", 101 AccessKeySecret: "access_key_secret", 102 SecurityToken: "sts_token", 103 }, 104 { 105 Mode: "RamRoleArn", 106 Name: "RamRoleArn", 107 AccessKeyID: "akid", 108 AccessKeySecret: "secret", 109 RoleArn: "arn", 110 StsRegion: "cn-hangzhou", 111 EnableVpc: true, 112 Policy: "policy", 113 ExternalId: "externalId", 114 }, 115 { 116 Mode: "RamRoleArn", 117 Name: "Invalid_RamRoleArn", 118 }, 119 { 120 Mode: "EcsRamRole", 121 Name: "EcsRamRole", 122 RoleName: "rolename", 123 }, 124 { 125 Mode: "OIDC", 126 Name: "OIDC", 127 RoleArn: "role_arn", 128 OIDCTokenFile: "path/to/oidc/file", 129 OIDCProviderARN: "provider_arn", 130 StsRegion: "cn-hangzhou", 131 EnableVpc: true, 132 Policy: "policy", 133 }, 134 { 135 Mode: "ChainableRamRoleArn", 136 Name: "ChainableRamRoleArn", 137 RoleArn: "arn", 138 SourceProfile: "AK", 139 }, 140 { 141 Mode: "ChainableRamRoleArn", 142 Name: "ChainableRamRoleArn2", 143 SourceProfile: "InvalidSource", 144 }, 145 { 146 Name: "CloudSSO", 147 Mode: "CloudSSO", 148 SignInUrl: "url", 149 AccessToken: "token", 150 AccessTokenExpire: time.Now().Unix() + 1000, 151 AccessConfig: "config", 152 AccountId: "uid", 153 }, 154 { 155 Mode: "Unsupported", 156 Name: "Unsupported", 157 }, 158 }, 159 } 160 161 provider, err := NewCLIProfileCredentialsProviderBuilder().Build() 162 assert.Nil(t, err) 163 _, err = provider.getCredentialsProvider(conf, "inexist") 164 assert.EqualError(t, err, "unable to get profile with 'inexist'") 165 166 // AK 167 cp, err := provider.getCredentialsProvider(conf, "AK") 168 assert.Nil(t, err) 169 akcp, ok := cp.(*StaticAKCredentialsProvider) 170 assert.True(t, ok) 171 cc, err := akcp.GetCredentials() 172 assert.Nil(t, err) 173 assert.Equal(t, cc, &Credentials{AccessKeyId: "akid", AccessKeySecret: "secret", SecurityToken: "", ProviderName: "static_ak"}) 174 // STS 175 cp, err = provider.getCredentialsProvider(conf, "StsToken") 176 assert.Nil(t, err) 177 stscp, ok := cp.(*StaticSTSCredentialsProvider) 178 assert.True(t, ok) 179 cc, err = stscp.GetCredentials() 180 assert.Nil(t, err) 181 assert.Equal(t, cc, &Credentials{AccessKeyId: "access_key_id", AccessKeySecret: "access_key_secret", SecurityToken: "sts_token", ProviderName: "static_sts"}) 182 // RamRoleArn 183 cp, err = provider.getCredentialsProvider(conf, "RamRoleArn") 184 assert.Nil(t, err) 185 _, ok = cp.(*RAMRoleARNCredentialsProvider) 186 assert.True(t, ok) 187 // RamRoleArn invalid ak 188 _, err = provider.getCredentialsProvider(conf, "Invalid_RamRoleArn") 189 assert.EqualError(t, err, "the access key id is empty") 190 // EcsRamRole 191 cp, err = provider.getCredentialsProvider(conf, "EcsRamRole") 192 assert.Nil(t, err) 193 _, ok = cp.(*ECSRAMRoleCredentialsProvider) 194 assert.True(t, ok) 195 // OIDC 196 cp, err = provider.getCredentialsProvider(conf, "OIDC") 197 assert.Nil(t, err) 198 _, ok = cp.(*OIDCCredentialsProvider) 199 assert.True(t, ok) 200 201 // ChainableRamRoleArn 202 cp, err = provider.getCredentialsProvider(conf, "ChainableRamRoleArn") 203 assert.Nil(t, err) 204 _, ok = cp.(*RAMRoleARNCredentialsProvider) 205 assert.True(t, ok) 206 207 // CloudSSO 208 cp, err = provider.getCredentialsProvider(conf, "CloudSSO") 209 assert.Nil(t, err) 210 _, ok = cp.(*CloudSSOCredentialsProvider) 211 assert.True(t, ok) 212 213 // ChainableRamRoleArn with invalid source profile 214 _, err = provider.getCredentialsProvider(conf, "ChainableRamRoleArn2") 215 assert.EqualError(t, err, "get source profile failed: unable to get profile with 'InvalidSource'") 216 217 // Unsupported 218 _, err = provider.getCredentialsProvider(conf, "Unsupported") 219 assert.EqualError(t, err, "unsupported profile mode 'Unsupported'") 220 } 221 222 func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) { 223 originHttpDo := httpDo 224 defer func() { httpDo = originHttpDo }() 225 rollback := utils.Memory("ALIBABA_CLOUD_CONFIG_FILE") 226 defer func() { 227 getHomePath = utils.GetHomePath 228 rollback() 229 }() 230 231 getHomePath = func() string { 232 return "" 233 } 234 provider, err := NewCLIProfileCredentialsProviderBuilder().Build() 235 assert.Nil(t, err) 236 _, err = provider.GetCredentials() 237 assert.EqualError(t, err, "cannot found home dir") 238 239 getHomePath = func() string { 240 return "/path/invalid/home/dir" 241 } 242 provider, err = NewCLIProfileCredentialsProviderBuilder().Build() 243 assert.Nil(t, err) 244 _, err = provider.GetCredentials() 245 assert.EqualError(t, err, "reading aliyun cli config from '/path/invalid/home/dir/.aliyun/config.json' failed open /path/invalid/home/dir/.aliyun/config.json: no such file or directory") 246 247 // testcase: specify credentials file 248 provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileFile("/path/to/config.invalid").Build() 249 assert.Nil(t, err) 250 _, err = provider.GetCredentials() 251 assert.EqualError(t, err, "reading aliyun cli config from '/path/to/config.invalid' failed open /path/to/config.invalid: no such file or directory") 252 253 // testcase: specify credentials file with env 254 os.Setenv("ALIBABA_CLOUD_CONFIG_FILE", "/path/to/config.invalid") 255 provider, err = NewCLIProfileCredentialsProviderBuilder().Build() 256 assert.Nil(t, err) 257 _, err = provider.GetCredentials() 258 assert.EqualError(t, err, "reading aliyun cli config from '/path/to/config.invalid' failed open /path/to/config.invalid: no such file or directory") 259 260 provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileFile("/path/to/config1.invalid").Build() 261 assert.Nil(t, err) 262 _, err = provider.GetCredentials() 263 assert.EqualError(t, err, "reading aliyun cli config from '/path/to/config1.invalid' failed open /path/to/config1.invalid: no such file or directory") 264 os.Unsetenv("ALIBABA_CLOUD_CONFIG_FILE") 265 266 getHomePath = func() string { 267 wd, _ := os.Getwd() 268 return path.Join(wd, "fixtures") 269 } 270 271 // get credentials by current profile 272 provider, err = NewCLIProfileCredentialsProviderBuilder().Build() 273 assert.Nil(t, err) 274 cc, err := provider.GetCredentials() 275 assert.Nil(t, err) 276 assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "secret", SecurityToken: "", ProviderName: "cli_profile/static_ak"}, cc) 277 278 provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("inexist").Build() 279 assert.Nil(t, err) 280 _, err = provider.GetCredentials() 281 assert.EqualError(t, err, "unable to get profile with 'inexist'") 282 283 // The get_credentials_error profile is invalid 284 provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("get_credentials_error").Build() 285 assert.Nil(t, err) 286 _, err = provider.GetCredentials() 287 assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound") 288 289 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 290 res = &httputil.Response{ 291 StatusCode: 200, 292 Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), 293 } 294 return 295 } 296 provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("ChainableRamRoleArn").Build() 297 assert.Nil(t, err) 298 cc, err = provider.GetCredentials() 299 assert.Nil(t, err) 300 assert.Equal(t, "akid", cc.AccessKeyId) 301 assert.Equal(t, "aksecret", cc.AccessKeySecret) 302 assert.Equal(t, "ststoken", cc.SecurityToken) 303 assert.Equal(t, "cli_profile/ram_role_arn/ram_role_arn/static_ak", cc.ProviderName) 304 305 provider.innerProvider = new(testProvider) 306 cc, err = provider.GetCredentials() 307 assert.Nil(t, err) 308 assert.Equal(t, "test", cc.AccessKeyId) 309 assert.Equal(t, "test", cc.AccessKeySecret) 310 assert.Equal(t, "cli_profile/test", cc.ProviderName) 311 }