github.com/aliyun/credentials-go@v1.4.7/integration/auth_test.go (about)

     1  package integeration
     2  
     3  import (
     4  	"os"
     5  	"strconv"
     6  	"testing"
     7  
     8  	"github.com/alibabacloud-go/tea/tea"
     9  	"github.com/aliyun/credentials-go/credentials"
    10  	"github.com/stretchr/testify/assert"
    11  )
    12  
    13  const (
    14  	EnvVarSubAccessKeyId        = "SUB_ALICLOUD_ACCESS_KEY"
    15  	EnvVarSubAccessKeySecret    = "SUB_ALICLOUD_SECRET_KEY"
    16  	EnvVarRoleArn               = "ALICLOUD_ROLE_ARN"
    17  	EnvVarRoleSessionName       = "ALICLOUD_ROLE_SESSION_NAME"
    18  	EnvVarRoleSessionExpiration = "ALICLOUD_ROLE_SESSION_EXPIRATION"
    19  )
    20  
    21  func TestRAMRoleArn(t *testing.T) {
    22  	rawexpiration := os.Getenv(EnvVarRoleSessionExpiration)
    23  	expiration := 0
    24  	if rawexpiration != "" {
    25  		expiration, _ = strconv.Atoi(rawexpiration)
    26  	}
    27  	// assume role fisrt time
    28  	config := &credentials.Config{
    29  		Type:                  tea.String("ram_role_arn"),
    30  		AccessKeyId:           tea.String(os.Getenv(EnvVarSubAccessKeyId)),
    31  		AccessKeySecret:       tea.String(os.Getenv(EnvVarSubAccessKeySecret)),
    32  		RoleArn:               tea.String(os.Getenv(EnvVarRoleArn)),
    33  		RoleSessionName:       tea.String(os.Getenv(EnvVarRoleSessionName)),
    34  		RoleSessionExpiration: tea.Int(expiration),
    35  	}
    36  	cred, err := credentials.NewCredential(config)
    37  	assert.Nil(t, err)
    38  	assert.NotNil(t, cred)
    39  	c, err := cred.GetCredential()
    40  	assert.Nil(t, err)
    41  	assert.NotNil(t, c.AccessKeyId)
    42  	assert.NotNil(t, c.AccessKeySecret)
    43  	assert.NotNil(t, c.SecurityToken)
    44  
    45  	// asume role second time with pre sts
    46  	config2 := &credentials.Config{
    47  		Type:                  tea.String("ram_role_arn"),
    48  		AccessKeyId:           c.AccessKeyId,
    49  		AccessKeySecret:       c.AccessKeySecret,
    50  		SecurityToken:         c.SecurityToken,
    51  		RoleArn:               tea.String(os.Getenv(EnvVarRoleArn)),
    52  		RoleSessionName:       tea.String(os.Getenv(EnvVarRoleSessionName)),
    53  		RoleSessionExpiration: tea.Int(expiration),
    54  	}
    55  	cred2, err := credentials.NewCredential(config2)
    56  	assert.Nil(t, err)
    57  	assert.NotNil(t, cred2)
    58  	c2, err := cred.GetCredential()
    59  	assert.Nil(t, err)
    60  	assert.NotNil(t, c2.AccessKeyId)
    61  	assert.NotNil(t, c2.AccessKeySecret)
    62  	assert.NotNil(t, c2.SecurityToken)
    63  }
    64  
    65  func TestOidc(t *testing.T) {
    66  	config := &credentials.Config{
    67  		Type:              tea.String("oidc_role_arn"),
    68  		RoleArn:           tea.String(os.Getenv("ALIBABA_CLOUD_ROLE_ARN")),
    69  		OIDCProviderArn:   tea.String(os.Getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN")),
    70  		OIDCTokenFilePath: tea.String(os.Getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE")),
    71  		RoleSessionName:   tea.String("credentials-go-test"),
    72  	}
    73  	cred, err := credentials.NewCredential(config)
    74  	assert.Nil(t, err)
    75  	assert.NotNil(t, cred)
    76  	c, err := cred.GetCredential()
    77  	assert.Nil(t, err)
    78  	assert.NotNil(t, c.AccessKeyId)
    79  	assert.NotNil(t, c.AccessKeySecret)
    80  	assert.NotNil(t, c.SecurityToken)
    81  	assert.Equal(t, "oidc_role_arn", *c.Type)
    82  	assert.Equal(t, "oidc_role_arn", *c.ProviderName)
    83  }
    84  
    85  func TestDefaultProvider(t *testing.T) {
    86  	cred, err := credentials.NewCredential(nil)
    87  	assert.Nil(t, err)
    88  	assert.NotNil(t, cred)
    89  	c, err := cred.GetCredential()
    90  	assert.Nil(t, err)
    91  	assert.NotNil(t, c.AccessKeyId)
    92  	assert.NotNil(t, c.AccessKeySecret)
    93  	assert.NotNil(t, c.SecurityToken)
    94  	assert.Equal(t, "default", *c.Type)
    95  	assert.Equal(t, "default/oidc_role_arn", *c.ProviderName)
    96  }