github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/provider/gce/credentials_test.go

github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/provider/gce/credentials_test.go (about)

     1  // Copyright 2016 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package gce_test
     5  
     6  import (
     7  	"os"
     8  	"path/filepath"
     9  
    10  	"github.com/juju/testing"
    11  	jc "github.com/juju/testing/checkers"
    12  	"github.com/juju/utils/v3"
    13  	gc "gopkg.in/check.v1"
    14  
    15  	"github.com/juju/juju/cloud"
    16  	"github.com/juju/juju/environs"
    17  	envtesting "github.com/juju/juju/environs/testing"
    18  	"github.com/juju/juju/provider/gce/google"
    19  )
    20  
    21  type credentialsSuite struct {
    22  	testing.IsolationSuite
    23  	provider environs.EnvironProvider
    24  }
    25  
    26  var _ = gc.Suite(&credentialsSuite{})
    27  
    28  func (s *credentialsSuite) SetUpTest(c *gc.C) {
    29  	s.IsolationSuite.SetUpTest(c)
    30  
    31  	var err error
    32  	s.provider, err = environs.Provider("gce")
    33  	c.Assert(err, jc.ErrorIsNil)
    34  }
    35  
    36  func (s *credentialsSuite) TestCredentialSchemas(c *gc.C) {
    37  	envtesting.AssertProviderAuthTypes(c, s.provider, "oauth2", "jsonfile")
    38  }
    39  
    40  var sampleCredentialAttributes = map[string]string{
    41  	"GCE_CLIENT_ID":    "123",
    42  	"GCE_CLIENT_EMAIL": "test@example.com",
    43  	"GCE_PROJECT_ID":   "fourfivesix",
    44  	"GCE_PRIVATE_KEY":  "sewen",
    45  }
    46  
    47  func (s *credentialsSuite) TestOAuth2CredentialsValid(c *gc.C) {
    48  	envtesting.AssertProviderCredentialsValid(c, s.provider, "oauth2", map[string]string{
    49  		"client-id":    "123",
    50  		"client-email": "test@example.com",
    51  		"project-id":   "fourfivesix",
    52  		"private-key":  "sewen",
    53  	})
    54  }
    55  
    56  func (s *credentialsSuite) TestOAuth2HiddenAttributes(c *gc.C) {
    57  	envtesting.AssertProviderCredentialsAttributesHidden(c, s.provider, "oauth2", "private-key")
    58  }
    59  
    60  func (s *credentialsSuite) TestJSONFileCredentialsValid(c *gc.C) {
    61  	dir := c.MkDir()
    62  	filename := filepath.Join(dir, "somefile")
    63  	err := os.WriteFile(filename, []byte("contents"), 0600)
    64  	c.Assert(err, jc.ErrorIsNil)
    65  	envtesting.AssertProviderCredentialsValid(c, s.provider, "jsonfile", map[string]string{
    66  		// For now at least, the contents of the file are not validated
    67  		// by the credentials schema. That is left to the provider.
    68  		// The file does need to be an absolute path though and exist.
    69  		"file": filename,
    70  	})
    71  }
    72  
    73  func createCredsFile(c *gc.C, path string) string {
    74  	if path == "" {
    75  		dir := c.MkDir()
    76  		path = filepath.Join(dir, "creds.json")
    77  	}
    78  	creds, err := google.NewCredentials(sampleCredentialAttributes)
    79  	c.Assert(err, jc.ErrorIsNil)
    80  	err = os.WriteFile(path, creds.JSONKey, 0644)
    81  	c.Assert(err, jc.ErrorIsNil)
    82  	return path
    83  }
    84  
    85  func (s *credentialsSuite) TestDetectCredentialsFromEnvVar(c *gc.C) {
    86  	jsonpath := createCredsFile(c, "")
    87  	s.PatchEnvironment("USER", "fred")
    88  	s.PatchEnvironment("GOOGLE_APPLICATION_CREDENTIALS", jsonpath)
    89  	s.PatchEnvironment("CLOUDSDK_COMPUTE_REGION", "region")
    90  	credentials, err := s.provider.DetectCredentials("")
    91  	c.Assert(err, jc.ErrorIsNil)
    92  	c.Assert(credentials.DefaultRegion, gc.Equals, "region")
    93  	expected := cloud.NewCredential(cloud.JSONFileAuthType, map[string]string{"file": jsonpath})
    94  	expected.Label = `google credential "test@example.com"`
    95  	c.Assert(credentials.AuthCredentials["fred"], jc.DeepEquals, expected)
    96  }
    97  
    98  func (s *credentialsSuite) assertDetectCredentialsKnownLocation(c *gc.C, jsonpath string) {
    99  	s.PatchEnvironment("USER", "fred")
   100  	s.PatchEnvironment("CLOUDSDK_COMPUTE_REGION", "region")
   101  	credentials, err := s.provider.DetectCredentials("")
   102  	c.Assert(err, jc.ErrorIsNil)
   103  	c.Assert(credentials.DefaultRegion, gc.Equals, "region")
   104  	expected := cloud.NewCredential(cloud.JSONFileAuthType, map[string]string{"file": jsonpath})
   105  	expected.Label = `google credential "test@example.com"`
   106  	c.Assert(credentials.AuthCredentials["fred"], jc.DeepEquals, expected)
   107  }
   108  
   109  func (s *credentialsSuite) TestDetectCredentialsKnownLocationUnix(c *gc.C) {
   110  	home := utils.Home()
   111  	dir := c.MkDir()
   112  	err := utils.SetHome(dir)
   113  	c.Assert(err, jc.ErrorIsNil)
   114  	s.AddCleanup(func(c *gc.C) {
   115  		err := utils.SetHome(home)
   116  		c.Assert(err, jc.ErrorIsNil)
   117  	})
   118  	path := filepath.Join(dir, ".config", "gcloud")
   119  	err = os.MkdirAll(path, 0700)
   120  	c.Assert(err, jc.ErrorIsNil)
   121  	jsonpath := createCredsFile(c, filepath.Join(path, "application_default_credentials.json"))
   122  	s.assertDetectCredentialsKnownLocation(c, jsonpath)
   123  }