github.com/aliyun/credentials-go@v1.4.7/credentials/providers/cloud_sso_test.go (about) 1 package providers 2 3 import ( 4 "errors" 5 "testing" 6 "time" 7 8 httputil "github.com/aliyun/credentials-go/credentials/internal/http" 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func TestNewCloudSSOCredentialsProvider(t *testing.T) { 13 14 _, err := NewCloudSSOCredentialsProviderBuilder().Build() 15 assert.NotNil(t, err) 16 assert.Equal(t, "CloudSSO access token is empty or expired, please re-login with cli", err.Error()) 17 18 _, err = NewCloudSSOCredentialsProviderBuilder().WithAccessToken("token").Build() 19 assert.NotNil(t, err) 20 assert.Equal(t, "CloudSSO access token is empty or expired, please re-login with cli", err.Error()) 21 22 _, err = NewCloudSSOCredentialsProviderBuilder(). 23 WithAccessToken("token"). 24 WithAccessTokenExpire(time.Now().Unix() + 1000). 25 Build() 26 assert.NotNil(t, err) 27 assert.Equal(t, "CloudSSO sign in url or account id or access config is empty", err.Error()) 28 29 _, err = NewCloudSSOCredentialsProviderBuilder(). 30 WithAccessToken("token"). 31 WithAccessTokenExpire(time.Now().Unix() + 1000). 32 WithSignInUrl("https://signin.aliyun.com"). 33 Build() 34 assert.NotNil(t, err) 35 assert.Equal(t, "CloudSSO sign in url or account id or access config is empty", err.Error()) 36 37 _, err = NewCloudSSOCredentialsProviderBuilder(). 38 WithAccessToken("token"). 39 WithAccessTokenExpire(time.Now().Unix() + 1000). 40 WithSignInUrl("https://signin.aliyun.com"). 41 WithAccountId("123456"). 42 Build() 43 assert.NotNil(t, err) 44 assert.Equal(t, "CloudSSO sign in url or account id or access config is empty", err.Error()) 45 46 p, err := NewCloudSSOCredentialsProviderBuilder(). 47 WithAccessToken("token"). 48 WithAccessTokenExpire(time.Now().Unix() + 1000). 49 WithSignInUrl("https://signin.aliyun.com"). 50 WithAccountId("123456"). 51 WithAccessConfig("config"). 52 Build() 53 assert.Nil(t, err) 54 55 assert.Equal(t, "https://signin.aliyun.com", p.signInUrl) 56 57 } 58 59 func TestCloudSSOCredentialsProvider_getCredentials(t *testing.T) { 60 originHttpDo := httpDo 61 defer func() { httpDo = originHttpDo }() 62 63 p, err := NewCloudSSOCredentialsProviderBuilder(). 64 WithSignInUrl("https://signin-cn-shanghai.alibabacloudsso.com/a/login"). 65 WithAccountId("uid"). 66 WithAccessConfig("config"). 67 WithAccessToken("token"). 68 WithAccessTokenExpire(time.Now().Unix() + 1000). 69 Build() 70 assert.Nil(t, err) 71 72 // case 1: mock new http request failed 73 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 74 err = errors.New("mock server error") 75 return 76 } 77 _, err = p.getCredentials() 78 assert.NotNil(t, err) 79 assert.Equal(t, "mock server error", err.Error()) 80 81 // case 2: 4xx error 82 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 83 res = &httputil.Response{ 84 StatusCode: 400, 85 Body: []byte("4xx error"), 86 } 87 return 88 } 89 _, err = p.getCredentials() 90 assert.NotNil(t, err) 91 assert.Equal(t, "get session token from sso failed: 4xx error", err.Error()) 92 93 // case 3: invalid json 94 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 95 res = &httputil.Response{ 96 StatusCode: 200, 97 Body: []byte("invalid json"), 98 } 99 return 100 } 101 _, err = p.getCredentials() 102 assert.NotNil(t, err) 103 assert.Equal(t, "get session token from sso failed, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error()) 104 105 // case 4: empty response json 106 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 107 res = &httputil.Response{ 108 StatusCode: 200, 109 Body: []byte("null"), 110 } 111 return 112 } 113 _, err = p.getCredentials() 114 assert.NotNil(t, err) 115 assert.Equal(t, "get session token from sso failed, fail to get credentials", err.Error()) 116 117 // case 5: empty session ak response json 118 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 119 res = &httputil.Response{ 120 StatusCode: 200, 121 Body: []byte(`{"Credentials": {}}`), 122 } 123 return 124 } 125 _, err = p.getCredentials() 126 assert.NotNil(t, err) 127 assert.Equal(t, "get session token from sso failed, fail to get credentials", err.Error()) 128 129 // case 6: mock ok value 130 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 131 res = &httputil.Response{ 132 StatusCode: 200, 133 Body: []byte(`{"RequestId": "123", "CloudCredential": {"AccessKeyId":"ak","AccessKeySecret":"sk","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"token"}}`), 134 } 135 return 136 } 137 creds, err := p.getCredentials() 138 assert.Nil(t, err) 139 assert.Equal(t, "ak", creds.AccessKeyId) 140 assert.Equal(t, "sk", creds.AccessKeySecret) 141 assert.Equal(t, "token", creds.SecurityToken) 142 assert.Equal(t, "2021-10-20T04:27:09Z", creds.Expiration) 143 144 // needUpdateCredential 145 assert.True(t, p.needUpdateCredential()) 146 p.expirationTimestamp = time.Now().Unix() 147 assert.True(t, p.needUpdateCredential()) 148 149 p.expirationTimestamp = time.Now().Unix() + 300 150 assert.False(t, p.needUpdateCredential()) 151 } 152 153 func TestCloudSSOCredentialsProviderGetCredentials(t *testing.T) { 154 155 p, err := NewCloudSSOCredentialsProviderBuilder(). 156 WithSignInUrl("https://signin-cn-shanghai.alibabacloudsso.com/a/login"). 157 WithAccountId("uid"). 158 WithAccessConfig("config"). 159 WithAccessToken("token"). 160 WithAccessTokenExpire(time.Now().Unix() + 1000). 161 WithHttpOptions(&HttpOptions{ 162 ConnectTimeout: 10000, 163 }). 164 Build() 165 166 assert.Nil(t, err) 167 assert.Equal(t, 10000, p.httpOptions.ConnectTimeout) 168 _, err = p.GetCredentials() 169 assert.NotNil(t, err) 170 assert.Contains(t, err.Error(), "InvalidParameter.AccountId.InvalidChars") 171 172 originHttpDo := httpDo 173 defer func() { httpDo = originHttpDo }() 174 175 // case 1: mock new http request failed 176 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 177 err = errors.New("mock server error") 178 return 179 } 180 _, err = p.GetCredentials() 181 assert.NotNil(t, err) 182 assert.Equal(t, "mock server error", err.Error()) 183 184 // case 2: get invalid expiration 185 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 186 res = &httputil.Response{ 187 StatusCode: 200, 188 Body: []byte(`{"CloudCredential": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"invalidexpiration","SecurityToken":"ststoken"}}`), 189 } 190 return 191 } 192 _, err = p.GetCredentials() 193 assert.NotNil(t, err) 194 assert.Equal(t, "parsing time \"invalidexpiration\" as \"2006-01-02T15:04:05Z\": cannot parse \"invalidexpiration\" as \"2006\"", err.Error()) 195 196 // case 3: happy result 197 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 198 res = &httputil.Response{ 199 StatusCode: 200, 200 Body: []byte(`{"CloudCredential": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), 201 } 202 return 203 } 204 cc, err := p.GetCredentials() 205 assert.Nil(t, err) 206 assert.Equal(t, "akid", cc.AccessKeyId) 207 assert.Equal(t, "aksecret", cc.AccessKeySecret) 208 assert.Equal(t, "ststoken", cc.SecurityToken) 209 assert.Equal(t, "cloud_sso", cc.ProviderName) 210 assert.True(t, p.needUpdateCredential()) 211 } 212 213 func TestCloudSSOCredentialsProviderGetCredentialsWithHttpOptions(t *testing.T) { 214 p, err := NewCloudSSOCredentialsProviderBuilder(). 215 WithSignInUrl("https://signin-cn-shanghai.alibabacloudsso.com/a/login"). 216 WithAccountId("uid"). 217 WithAccessConfig("config"). 218 WithAccessToken("token"). 219 WithAccessTokenExpire(time.Now().Unix() + 1000). 220 WithHttpOptions(&HttpOptions{ 221 ConnectTimeout: 1000, 222 ReadTimeout: 1000, 223 Proxy: "localhost:3999", 224 }). 225 Build() 226 227 assert.Nil(t, err) 228 _, err = p.GetCredentials() 229 assert.NotNil(t, err) 230 assert.Contains(t, err.Error(), "proxyconnect tcp:") 231 }