github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/pkg/datastore/credentials_test.go (about) 1 package datastore 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/stretchr/testify/require" 8 ) 9 10 func TestUnknownCredentialsProvider(t *testing.T) { 11 unknownCredentialsProviders := []string{"", " ", "some-unknown-credentials-provider"} 12 for _, unknownCredentialsProvider := range unknownCredentialsProviders { 13 t.Run(unknownCredentialsProvider, func(t *testing.T) { 14 credentialsProvider, err := NewCredentialsProvider(context.Background(), unknownCredentialsProvider) 15 require.Nil(t, credentialsProvider) 16 require.Error(t, err) 17 }) 18 } 19 } 20 21 func TestAWSIAMCredentialsProvider(t *testing.T) { 22 // set up the environment, so we don't make any external calls to AWS 23 t.Setenv("AWS_CONFIG_FILE", "file_not_exists") 24 t.Setenv("AWS_SHARED_CREDENTIALS_FILE", "file_not_exists") 25 t.Setenv("AWS_ENDPOINT_URL", "http://169.254.169.254/aws") 26 t.Setenv("AWS_ACCESS_KEY", "access_key") 27 t.Setenv("AWS_SECRET_KEY", "secret_key") 28 t.Setenv("AWS_REGION", "us-east-1") 29 30 credentialsProvider, err := NewCredentialsProvider(context.Background(), AWSIAMCredentialProvider) 31 require.NotNil(t, credentialsProvider) 32 require.NoError(t, err) 33 34 require.True(t, credentialsProvider.IsCleartextToken(), "AWS IAM tokens should be communicated in cleartext") 35 36 username, password, err := credentialsProvider.Get(context.Background(), "some-hostname:5432", "some-user") 37 require.NoError(t, err) 38 require.Equal(t, "some-user", username) 39 require.Containsf(t, password, "X-Amz-Algorithm", "signed token should contain algorithm attribute") 40 }