github.com/aliyun/credentials-go@v1.4.7/credentials/ram_role_arn_credentials_provider_test.go (about) 1 package credentials 2 3 import ( 4 "bytes" 5 "errors" 6 "io/ioutil" 7 "net/http" 8 "strconv" 9 "testing" 10 11 "github.com/aliyun/credentials-go/credentials/internal/utils" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 func mockResponse(statusCode int, content string, mockerr error) (res *http.Response, err error) { 16 status := strconv.Itoa(statusCode) 17 res = &http.Response{ 18 Proto: "HTTP/1.1", 19 ProtoMajor: 1, 20 Header: map[string][]string{"sdk": {"test"}}, 21 StatusCode: statusCode, 22 Status: status + " " + http.StatusText(statusCode), 23 } 24 res.Body = ioutil.NopCloser(bytes.NewReader([]byte(content))) 25 err = mockerr 26 return 27 } 28 29 func Test_RoleArnCredential(t *testing.T) { 30 auth := newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 300, nil) 31 origTestHookDo := hookDo 32 defer func() { hookDo = origTestHookDo }() 33 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 34 return func(req *http.Request) (*http.Response, error) { 35 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, errors.New("Internal error")) 36 } 37 } 38 accesskeyId, err := auth.GetAccessKeyId() 39 assert.NotNil(t, err) 40 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error()) 41 assert.Nil(t, accesskeyId) 42 43 accesskeySecret, err := auth.GetAccessKeySecret() 44 assert.NotNil(t, err) 45 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error()) 46 assert.Nil(t, accesskeySecret) 47 48 ststoken, err := auth.GetSecurityToken() 49 assert.NotNil(t, err) 50 assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error()) 51 assert.Nil(t, ststoken) 52 53 assert.Equal(t, "", *auth.GetBearerToken()) 54 assert.Equal(t, "ram_role_arn", *auth.GetType()) 55 56 auth.RoleSessionExpiration = 1000 57 accesskeyId, err = auth.GetAccessKeyId() 58 assert.NotNil(t, err) 59 assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error()) 60 assert.Nil(t, accesskeyId) 61 62 auth.RoleSessionExpiration = 0 63 accesskeyId, err = auth.GetAccessKeyId() 64 assert.NotNil(t, err) 65 assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error()) 66 assert.Nil(t, accesskeyId) 67 68 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 69 return func(req *http.Request) (*http.Response, error) { 70 return mockResponse(300, ``, nil) 71 } 72 } 73 accesskeyId, err = auth.GetAccessKeyId() 74 assert.NotNil(t, err) 75 assert.Equal(t, "refresh RoleArn sts token err: httpStatus: 300, message = ", err.Error()) 76 assert.Nil(t, accesskeyId) 77 78 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 79 return func(req *http.Request) (*http.Response, error) { 80 return mockResponse(200, `"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil) 81 } 82 } 83 accesskeyId, err = auth.GetAccessKeyId() 84 assert.NotNil(t, err) 85 assert.Equal(t, "refresh RoleArn sts token err: Json.Unmarshal fail: invalid character ':' after top-level value", err.Error()) 86 assert.Nil(t, accesskeyId) 87 88 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 89 return func(req *http.Request) (*http.Response, error) { 90 return mockResponse(200, `{"Credentials":{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil) 91 } 92 } 93 accesskeyId, err = auth.GetAccessKeyId() 94 assert.NotNil(t, err) 95 assert.Equal(t, "refresh RoleArn sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error()) 96 assert.Nil(t, accesskeyId) 97 98 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 99 return func(req *http.Request) (*http.Response, error) { 100 return mockResponse(200, `{}`, nil) 101 } 102 } 103 accesskeyId, err = auth.GetAccessKeyId() 104 assert.NotNil(t, err) 105 assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error()) 106 assert.Nil(t, accesskeyId) 107 108 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 109 return func(req *http.Request) (*http.Response, error) { 110 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil) 111 } 112 } 113 accesskeyId, err = auth.GetAccessKeyId() 114 assert.Nil(t, err) 115 assert.Equal(t, "accessKeyId", *accesskeyId) 116 117 accesskeySecret, err = auth.GetAccessKeySecret() 118 assert.Nil(t, err) 119 assert.Equal(t, "accessKeySecret", *accesskeySecret) 120 121 ststoken, err = auth.GetSecurityToken() 122 assert.Nil(t, err) 123 assert.Equal(t, "securitytoken", *ststoken) 124 125 cred, err := auth.GetCredential() 126 assert.Nil(t, err) 127 assert.Equal(t, "accessKeyId", *cred.AccessKeyId) 128 assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret) 129 assert.Equal(t, "securitytoken", *cred.SecurityToken) 130 assert.Nil(t, cred.BearerToken) 131 assert.Equal(t, "ram_role_arn", *cred.Type) 132 133 auth = newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, &utils.Runtime{STSEndpoint: "www.aliyun.com"}) 134 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 135 return func(req *http.Request) (*http.Response, error) { 136 assert.Equal(t, "www.aliyun.com", req.Host) 137 return mockResponse(200, `{}`, nil) 138 } 139 } 140 accesskeyId, err = auth.GetAccessKeyId() 141 assert.NotNil(t, err) 142 assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error()) 143 assert.Nil(t, accesskeyId) 144 145 auth = newRAMRoleArnWithExternalIdCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil) 146 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 147 return func(req *http.Request) (*http.Response, error) { 148 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil) 149 } 150 } 151 accesskeyId, err = auth.GetAccessKeyId() 152 assert.Nil(t, err) 153 assert.Equal(t, "accessKeyId", *accesskeyId) 154 155 accesskeySecret, err = auth.GetAccessKeySecret() 156 assert.Nil(t, err) 157 assert.Equal(t, "accessKeySecret", *accesskeySecret) 158 159 ststoken, err = auth.GetSecurityToken() 160 assert.Nil(t, err) 161 assert.Equal(t, "securitytoken", *ststoken) 162 } 163 164 func TestStsRoleARNCredentialsProviderWithSecurityToken(t *testing.T) { 165 auth := newRAMRoleArnl("accessKeyId", "accessKeySecret", "securityToken", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil) 166 hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { 167 return func(req *http.Request) (*http.Response, error) { 168 assert.Equal(t, "securityToken", req.URL.Query().Get("SecurityToken")) 169 return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil) 170 } 171 } 172 173 _, err := auth.GetCredential() 174 assert.Nil(t, err) 175 }