github.com/aliyun/credentials-go@v1.4.7/credentials/providers/profile_test.go (about) 1 package providers 2 3 import ( 4 "os" 5 "path" 6 "testing" 7 8 httputil "github.com/aliyun/credentials-go/credentials/internal/http" 9 "github.com/aliyun/credentials-go/credentials/internal/utils" 10 "github.com/stretchr/testify/assert" 11 "gopkg.in/ini.v1" 12 ) 13 14 var inistr = ` 15 [default] 16 enable = true 17 type = access_key 18 access_key_id = foo 19 access_key_secret = bar 20 21 [notype] 22 access_key_id = foo 23 access_key_secret = bar 24 25 [noak] 26 type = access_key 27 access_key_secret = bar 28 29 [emptyak] 30 type = access_key 31 access_key_id = 32 access_key_secret = bar 33 34 [ecs] 35 type = ecs_ram_role 36 role_name = EcsRamRoleTest 37 38 [noecs] 39 type = ecs_ram_role 40 41 [emptyecs] 42 type = ecs_ram_role 43 role_name = 44 45 [ram] 46 type = ram_role_arn 47 access_key_id = foo 48 access_key_secret = bar 49 role_arn = role_arn 50 role_session_name = session_name 51 policy = {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"} 52 53 [noram] 54 type = ram_role_arn 55 access_key_secret = bar 56 role_arn = role_arn 57 role_session_name = session_name 58 59 [emptyram] 60 type = ram_role_arn 61 access_key_id = 62 access_key_secret = bar 63 role_arn = role_arn 64 role_session_name = session_name 65 66 [rsa] 67 type = rsa_key_pair 68 public_key_id = publicKeyId 69 private_key_file = ./pk.pem 70 71 [norsa] 72 type = rsa_key_pair 73 public_key_id = publicKeyId 74 75 [emptyrsa] 76 type = rsa_key_pair 77 public_key_id = publicKeyId 78 private_key_file = 79 80 [error_rsa] 81 type = rsa_key_pair 82 public_key_id = publicKeyId 83 private_key_file = ./pk_error.pem 84 85 [error_type] 86 type = error_type 87 public_key_id = publicKeyId 88 private_key_file = ./pk_error.pem 89 ` 90 91 func TestProfileCredentialsProviderBuilder(t *testing.T) { 92 rollback := utils.Memory("ALIBABA_CLOUD_PROFILE") 93 defer rollback() 94 95 // profile name from specified 96 provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 97 assert.Nil(t, err) 98 assert.Equal(t, "custom", provider.profileName) 99 100 // profile name from env 101 os.Setenv("ALIBABA_CLOUD_PROFILE", "profile_from_env") 102 provider, err = NewProfileCredentialsProviderBuilder().Build() 103 assert.Nil(t, err) 104 105 assert.Equal(t, "profile_from_env", provider.profileName) 106 107 // profile name from default 108 os.Setenv("ALIBABA_CLOUD_PROFILE", "") 109 provider, err = NewProfileCredentialsProviderBuilder().Build() 110 assert.Nil(t, err) 111 assert.Equal(t, "default", provider.profileName) 112 } 113 114 func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) { 115 provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 116 assert.Nil(t, err) 117 _, err = provider.getCredentialsProvider(ini.Empty()) 118 assert.NotNil(t, err) 119 assert.EqualError(t, err, "ERROR: Can not load sectionsection \"custom\" does not exist") 120 121 file, err := ini.Load([]byte(inistr)) 122 assert.Nil(t, err) 123 assert.NotNil(t, file) 124 125 // no type 126 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("notype").Build() 127 assert.Nil(t, err) 128 _, err = provider.getCredentialsProvider(file) 129 assert.NotNil(t, err) 130 assert.EqualError(t, err, "ERROR: Can not find credential typeerror when getting key of section \"notype\": key \"type\" not exists") 131 132 // no ak 133 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noak").Build() 134 assert.Nil(t, err) 135 _, err = provider.getCredentialsProvider(file) 136 assert.NotNil(t, err) 137 assert.EqualError(t, err, "ERROR: Failed to get value") 138 139 // value is empty 140 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("emptyak").Build() 141 assert.Nil(t, err) 142 _, err = provider.getCredentialsProvider(file) 143 assert.NotNil(t, err) 144 assert.EqualError(t, err, "ERROR: Value can't be empty") 145 146 // static ak provider 147 provider, err = NewProfileCredentialsProviderBuilder().Build() 148 assert.Nil(t, err) 149 cp, err := provider.getCredentialsProvider(file) 150 assert.Nil(t, err) 151 akcp, ok := cp.(*StaticAKCredentialsProvider) 152 assert.True(t, ok) 153 cc, err := akcp.GetCredentials() 154 assert.Nil(t, err) 155 assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "static_ak"}, cc) 156 157 // ecs_ram_role without rolename 158 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noecs").Build() 159 assert.Nil(t, err) 160 _, err = provider.getCredentialsProvider(file) 161 assert.EqualError(t, err, "ERROR: Failed to get value") 162 163 // ecs_ram_role with rolename 164 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ecs").Build() 165 assert.Nil(t, err) 166 cp, err = provider.getCredentialsProvider(file) 167 assert.Nil(t, err) 168 _, ok = cp.(*ECSRAMRoleCredentialsProvider) 169 assert.True(t, ok) 170 171 // ram role arn without keys 172 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noram").Build() 173 assert.Nil(t, err) 174 _, err = provider.getCredentialsProvider(file) 175 assert.EqualError(t, err, "ERROR: Failed to get value") 176 177 // ram role arn without values 178 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("emptyram").Build() 179 assert.Nil(t, err) 180 _, err = provider.getCredentialsProvider(file) 181 assert.EqualError(t, err, "ERROR: Value can't be empty") 182 183 // normal ram role arn 184 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build() 185 assert.Nil(t, err) 186 cp, err = provider.getCredentialsProvider(file) 187 assert.Nil(t, err) 188 _, ok = cp.(*RAMRoleARNCredentialsProvider) 189 assert.True(t, ok) 190 191 // unsupported type 192 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("error_type").Build() 193 assert.Nil(t, err) 194 _, err = provider.getCredentialsProvider(file) 195 assert.EqualError(t, err, "ERROR: Failed to get credential") 196 } 197 198 func TestProfileCredentialsProviderGetCredentials(t *testing.T) { 199 originHttpDo := httpDo 200 defer func() { httpDo = originHttpDo }() 201 rollback := utils.Memory("ALIBABA_CLOUD_CREDENTIALS_FILE") 202 defer func() { 203 getHomePath = utils.GetHomePath 204 rollback() 205 }() 206 207 // testcase: empty home 208 getHomePath = func() string { 209 return "" 210 } 211 provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 212 assert.Nil(t, err) 213 _, err = provider.GetCredentials() 214 assert.EqualError(t, err, "cannot found home dir") 215 216 // testcase: invalid home 217 getHomePath = func() string { 218 return "/path/invalid/home/dir" 219 } 220 221 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 222 assert.Nil(t, err) 223 _, err = provider.GetCredentials() 224 assert.EqualError(t, err, "ERROR: Can not open fileopen /path/invalid/home/dir/.alibabacloud/credentials: no such file or directory") 225 226 // testcase: specify credentials file with env 227 os.Setenv("ALIBABA_CLOUD_CREDENTIALS_FILE", "/path/to/credentials.invalid") 228 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 229 assert.Nil(t, err) 230 _, err = provider.GetCredentials() 231 assert.EqualError(t, err, "ERROR: Can not open fileopen /path/to/credentials.invalid: no such file or directory") 232 os.Unsetenv("ALIBABA_CLOUD_CREDENTIALS_FILE") 233 234 // get from credentials file 235 getHomePath = func() string { 236 wd, _ := os.Getwd() 237 return path.Join(wd, "fixtures") 238 } 239 240 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build() 241 assert.Nil(t, err) 242 _, err = provider.GetCredentials() 243 assert.EqualError(t, err, "ERROR: Can not load sectionsection \"custom\" does not exist") 244 245 provider, err = NewProfileCredentialsProviderBuilder().Build() 246 assert.Nil(t, err) 247 cc, err := provider.GetCredentials() 248 assert.Nil(t, err) 249 assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "profile/static_ak"}, cc) 250 251 // get credentials again 252 cc, err = provider.GetCredentials() 253 assert.Nil(t, err) 254 assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "profile/static_ak"}, cc) 255 256 httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { 257 res = &httputil.Response{ 258 StatusCode: 200, 259 Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), 260 } 261 return 262 } 263 provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build() 264 assert.Nil(t, err) 265 cc, err = provider.GetCredentials() 266 assert.Nil(t, err) 267 assert.Equal(t, "akid", cc.AccessKeyId) 268 assert.Equal(t, "aksecret", cc.AccessKeySecret) 269 assert.Equal(t, "ststoken", cc.SecurityToken) 270 assert.Equal(t, "profile/ram_role_arn/static_ak", cc.ProviderName) 271 272 provider.innerProvider = new(testProvider) 273 cc, err = provider.GetCredentials() 274 assert.Nil(t, err) 275 assert.Equal(t, "test", cc.AccessKeyId) 276 assert.Equal(t, "test", cc.AccessKeySecret) 277 assert.Equal(t, "profile/test", cc.ProviderName) 278 279 provider.innerProvider = new(testErrorProvider) 280 _, err = provider.GetCredentials() 281 assert.Equal(t, "error", err.Error()) 282 }