github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/gce/credentials_test.go

github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/gce/credentials_test.go (about)

     1  // Copyright 2016 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package gce_test
     5  
     6  import (
     7  	"io/ioutil"
     8  	"os"
     9  	"path/filepath"
    10  	"runtime"
    11  
    12  	"github.com/juju/testing"
    13  	jc "github.com/juju/testing/checkers"
    14  	"github.com/juju/utils"
    15  	gc "gopkg.in/check.v1"
    16  
    17  	"github.com/juju/juju/cloud"
    18  	"github.com/juju/juju/environs"
    19  	envtesting "github.com/juju/juju/environs/testing"
    20  	"github.com/juju/juju/provider/gce/google"
    21  )
    22  
    23  type credentialsSuite struct {
    24  	testing.IsolationSuite
    25  	provider environs.EnvironProvider
    26  }
    27  
    28  var _ = gc.Suite(&credentialsSuite{})
    29  
    30  func (s *credentialsSuite) SetUpTest(c *gc.C) {
    31  	s.IsolationSuite.SetUpTest(c)
    32  
    33  	var err error
    34  	s.provider, err = environs.Provider("gce")
    35  	c.Assert(err, jc.ErrorIsNil)
    36  }
    37  
    38  func (s *credentialsSuite) TestCredentialSchemas(c *gc.C) {
    39  	envtesting.AssertProviderAuthTypes(c, s.provider, "oauth2", "jsonfile")
    40  }
    41  
    42  var sampleCredentialAttributes = map[string]string{
    43  	"GCE_CLIENT_ID":    "123",
    44  	"GCE_CLIENT_EMAIL": "test@example.com",
    45  	"GCE_PROJECT_ID":   "fourfivesix",
    46  	"GCE_PRIVATE_KEY":  "sewen",
    47  }
    48  
    49  func (s *credentialsSuite) TestOAuth2CredentialsValid(c *gc.C) {
    50  	envtesting.AssertProviderCredentialsValid(c, s.provider, "oauth2", map[string]string{
    51  		"client-id":    "123",
    52  		"client-email": "test@example.com",
    53  		"project-id":   "fourfivesix",
    54  		"private-key":  "sewen",
    55  	})
    56  }
    57  
    58  func (s *credentialsSuite) TestOAuth2HiddenAttributes(c *gc.C) {
    59  	envtesting.AssertProviderCredentialsAttributesHidden(c, s.provider, "oauth2", "private-key")
    60  }
    61  
    62  func (s *credentialsSuite) TestJSONFileCredentialsValid(c *gc.C) {
    63  	dir := c.MkDir()
    64  	filename := filepath.Join(dir, "somefile")
    65  	err := ioutil.WriteFile(filename, []byte("contents"), 0600)
    66  	c.Assert(err, jc.ErrorIsNil)
    67  	envtesting.AssertProviderCredentialsValid(c, s.provider, "jsonfile", map[string]string{
    68  		// For now at least, the contents of the file are not validated
    69  		// by the credentials schema. That is left to the provider.
    70  		// The file does need to be an absolute path though and exist.
    71  		"file": filename,
    72  	})
    73  }
    74  
    75  func createCredsFile(c *gc.C, path string) string {
    76  	if path == "" {
    77  		dir := c.MkDir()
    78  		path = filepath.Join(dir, "creds.json")
    79  	}
    80  	creds, err := google.NewCredentials(sampleCredentialAttributes)
    81  	c.Assert(err, jc.ErrorIsNil)
    82  	err = ioutil.WriteFile(path, creds.JSONKey, 0644)
    83  	c.Assert(err, jc.ErrorIsNil)
    84  	return path
    85  }
    86  
    87  func (s *credentialsSuite) TestDetectCredentialsFromEnvVar(c *gc.C) {
    88  	jsonpath := createCredsFile(c, "")
    89  	s.PatchEnvironment("USER", "fred")
    90  	s.PatchEnvironment("GOOGLE_APPLICATION_CREDENTIALS", jsonpath)
    91  	s.PatchEnvironment("CLOUDSDK_COMPUTE_REGION", "region")
    92  	credentials, err := s.provider.DetectCredentials()
    93  	c.Assert(err, jc.ErrorIsNil)
    94  	c.Assert(credentials.DefaultRegion, gc.Equals, "region")
    95  	expected := cloud.NewCredential(cloud.JSONFileAuthType, map[string]string{"file": jsonpath})
    96  	expected.Label = `google credential "test@example.com"`
    97  	c.Assert(credentials.AuthCredentials["fred"], jc.DeepEquals, expected)
    98  }
    99  
   100  func (s *credentialsSuite) assertDetectCredentialsKnownLocation(c *gc.C, jsonpath string) {
   101  	s.PatchEnvironment("USER", "fred")
   102  	s.PatchEnvironment("CLOUDSDK_COMPUTE_REGION", "region")
   103  	credentials, err := s.provider.DetectCredentials()
   104  	c.Assert(err, jc.ErrorIsNil)
   105  	c.Assert(credentials.DefaultRegion, gc.Equals, "region")
   106  	expected := cloud.NewCredential(cloud.JSONFileAuthType, map[string]string{"file": jsonpath})
   107  	expected.Label = `google credential "test@example.com"`
   108  	c.Assert(credentials.AuthCredentials["fred"], jc.DeepEquals, expected)
   109  }
   110  
   111  func (s *credentialsSuite) TestDetectCredentialsKnownLocationUnix(c *gc.C) {
   112  	if runtime.GOOS == "windows" {
   113  		c.Skip("skipping on Windows")
   114  	}
   115  	home := utils.Home()
   116  	dir := c.MkDir()
   117  	err := utils.SetHome(dir)
   118  	c.Assert(err, jc.ErrorIsNil)
   119  	s.AddCleanup(func(*gc.C) {
   120  		err := utils.SetHome(home)
   121  		c.Assert(err, jc.ErrorIsNil)
   122  	})
   123  	path := filepath.Join(dir, ".config", "gcloud")
   124  	err = os.MkdirAll(path, 0700)
   125  	c.Assert(err, jc.ErrorIsNil)
   126  	jsonpath := createCredsFile(c, filepath.Join(path, "application_default_credentials.json"))
   127  	s.assertDetectCredentialsKnownLocation(c, jsonpath)
   128  }
   129  
   130  func (s *credentialsSuite) TestDetectCredentialsKnownLocationWindows(c *gc.C) {
   131  	if runtime.GOOS != "windows" {
   132  		c.Skip("skipping on non-Windows platform")
   133  	}
   134  	dir := c.MkDir()
   135  	s.PatchEnvironment("APPDATA", dir)
   136  	path := filepath.Join(dir, "gcloud")
   137  	err := os.MkdirAll(path, 0700)
   138  	c.Assert(err, jc.ErrorIsNil)
   139  	jsonpath := createCredsFile(c, filepath.Join(path, "application_default_credentials.json"))
   140  	s.assertDetectCredentialsKnownLocation(c, jsonpath)
   141  }