github.com/aliyun/credentials-go@v1.4.7/credentials/providers/default_test.go (about) 1 package providers 2 3 import ( 4 "errors" 5 "os" 6 "path" 7 "testing" 8 9 httputil "github.com/aliyun/credentials-go/credentials/internal/http" 10 "github.com/aliyun/credentials-go/credentials/internal/utils" 11 "github.com/stretchr/testify/assert" 12 ) 13 14 func TestDefaultCredentialsProvider(t *testing.T) { 15 provider := NewDefaultCredentialsProvider() 16 assert.NotNil(t, provider) 17 assert.Len(t, provider.providerChain, 4) 18 _, ok := provider.providerChain[0].(*EnvironmentVariableCredentialsProvider) 19 assert.True(t, ok) 20 21 _, ok = provider.providerChain[1].(*CLIProfileCredentialsProvider) 22 assert.True(t, ok) 23 24 _, ok = provider.providerChain[2].(*ProfileCredentialsProvider) 25 assert.True(t, ok) 26 27 _, ok = provider.providerChain[3].(*ECSRAMRoleCredentialsProvider) 28 assert.True(t, ok) 29 30 // Add oidc provider 31 rollback := utils.Memory("ALIBABA_CLOUD_OIDC_TOKEN_FILE", 32 "ALIBABA_CLOUD_OIDC_PROVIDER_ARN", 33 "ALIBABA_CLOUD_ROLE_ARN", 34 "ALIBABA_CLOUD_ECS_METADATA", 35 "ALIBABA_CLOUD_CREDENTIALS_URI") 36 37 defer rollback() 38 os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "/path/to/oidc.token") 39 os.Setenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "oidcproviderarn") 40 os.Setenv("ALIBABA_CLOUD_ROLE_ARN", "rolearn") 41 42 provider = NewDefaultCredentialsProvider() 43 assert.NotNil(t, provider) 44 assert.Len(t, provider.providerChain, 5) 45 _, ok = provider.providerChain[0].(*EnvironmentVariableCredentialsProvider) 46 assert.True(t, ok) 47 48 _, ok = provider.providerChain[1].(*OIDCCredentialsProvider) 49 assert.True(t, ok) 50 51 _, ok = provider.providerChain[2].(*CLIProfileCredentialsProvider) 52 assert.True(t, ok) 53 54 _, ok = provider.providerChain[3].(*ProfileCredentialsProvider) 55 assert.True(t, ok) 56 57 _, ok = provider.providerChain[4].(*ECSRAMRoleCredentialsProvider) 58 assert.True(t, ok) 59 60 // Add ecs ram role name 61 os.Setenv("ALIBABA_CLOUD_ECS_METADATA", "rolename") 62 provider = NewDefaultCredentialsProvider() 63 assert.NotNil(t, provider) 64 assert.Len(t, provider.providerChain, 5) 65 _, ok = provider.providerChain[0].(*EnvironmentVariableCredentialsProvider) 66 assert.True(t, ok) 67 68 _, ok = provider.providerChain[1].(*OIDCCredentialsProvider) 69 assert.True(t, ok) 70 71 _, ok = provider.providerChain[2].(*CLIProfileCredentialsProvider) 72 assert.True(t, ok) 73 74 _, ok = provider.providerChain[3].(*ProfileCredentialsProvider) 75 assert.True(t, ok) 76 77 _, ok = provider.providerChain[4].(*ECSRAMRoleCredentialsProvider) 78 assert.True(t, ok) 79 80 // Add ecs ram role 81 os.Setenv("ALIBABA_CLOUD_CREDENTIALS_URI", "http://") 82 provider = NewDefaultCredentialsProvider() 83 assert.NotNil(t, provider) 84 assert.Len(t, provider.providerChain, 6) 85 _, ok = provider.providerChain[0].(*EnvironmentVariableCredentialsProvider) 86 assert.True(t, ok) 87 88 _, ok = provider.providerChain[1].(*OIDCCredentialsProvider) 89 assert.True(t, ok) 90 91 _, ok = provider.providerChain[2].(*CLIProfileCredentialsProvider) 92 assert.True(t, ok) 93 94 _, ok = provider.providerChain[3].(*ProfileCredentialsProvider) 95 assert.True(t, ok) 96 97 _, ok = provider.providerChain[4].(*ECSRAMRoleCredentialsProvider) 98 assert.True(t, ok) 99 100 _, ok = provider.providerChain[5].(*URLCredentialsProvider) 101 assert.True(t, ok) 102 } 103 104 func TestDefaultCredentialsProvider_GetCredentials(t *testing.T) { 105 rollback := utils.Memory("ALIBABA_CLOUD_ACCESS_KEY_ID", 106 "ALIBABA_CLOUD_ACCESS_KEY_SECRET", 107 "ALIBABA_CLOUD_SECURITY_TOKEN", 108 "ALIBABA_CLOUD_ECS_METADATA_DISABLED", 109 "ALIBABA_CLOUD_PROFILE") 110 111 defer func() { 112 getHomePath = utils.GetHomePath 113 rollback() 114 }() 115 originHttpDo := httpDo 116 defer func() { httpDo = originHttpDo }() 117 118 // testcase: empty home 119 getHomePath = func() string { 120 return "" 121 } 122 123 os.Setenv("ALIBABA_CLOUD_ECS_METADATA_DISABLED", "true") 124 provider := NewDefaultCredentialsProvider() 125 assert.Len(t, provider.providerChain, 3) 126 _, err := provider.GetCredentials() 127 assert.EqualError(t, err, "unable to get credentials from any of the providers in the chain: unable to get credentials from enviroment variables, Access key ID must be specified via environment variable (ALIBABA_CLOUD_ACCESS_KEY_ID), cannot found home dir, cannot found home dir") 128 129 os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_ID", "akid") 130 os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET", "aksecret") 131 provider = NewDefaultCredentialsProvider() 132 assert.Len(t, provider.providerChain, 3) 133 cc, err := provider.GetCredentials() 134 assert.Nil(t, err) 135 assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "", ProviderName: "default/env"}, cc) 136 // get again 137 cc, err = provider.GetCredentials() 138 assert.Nil(t, err) 139 assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "", ProviderName: "default/env"}, cc) 140 141 getHomePath = func() string { 142 wd, _ := os.Getwd() 143 return path.Join(wd, "fixtures") 144 } 145 os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_ID", "") 146 os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET", "") 147 os.Setenv("ALIBABA_CLOUD_PROFILE", "ChainableRamRoleArn") 148 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 149 res = &httputil.Response{ 150 StatusCode: 200, 151 Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), 152 } 153 return 154 } 155 provider = NewDefaultCredentialsProvider() 156 cc, err = provider.GetCredentials() 157 assert.Nil(t, err) 158 assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "ststoken", ProviderName: "default/cli_profile/ram_role_arn/ram_role_arn/static_ak"}, cc) 159 160 provider.lastUsedProvider = new(testProvider) 161 cc, err = provider.GetCredentials() 162 assert.Nil(t, err) 163 assert.Equal(t, "test", cc.AccessKeyId) 164 assert.Equal(t, "test", cc.AccessKeySecret) 165 assert.Equal(t, "default/test", cc.ProviderName) 166 167 provider.lastUsedProvider = new(testErrorProvider) 168 _, err = provider.GetCredentials() 169 assert.Equal(t, "error", err.Error()) 170 } 171 172 type testProvider struct { 173 } 174 175 func (provider *testProvider) GetCredentials() (cc *Credentials, err error) { 176 cc = &Credentials{ 177 AccessKeyId: "test", 178 AccessKeySecret: "test", 179 ProviderName: "", 180 } 181 return 182 } 183 184 func (provider *testProvider) GetProviderName() string { 185 return "test" 186 } 187 188 type testErrorProvider struct { 189 } 190 191 func (provider *testErrorProvider) GetCredentials() (cc *Credentials, err error) { 192 err = errors.New("error") 193 return 194 } 195 196 func (provider *testErrorProvider) GetProviderName() string { 197 return "test" 198 }