github.com/secure-build/gitlab-runner@v12.5.0+incompatible/cache/gcs/credentials_resolver_test.go (about) 1 package gcs 2 3 import ( 4 "encoding/json" 5 "io/ioutil" 6 "os" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 12 "gitlab.com/gitlab-org/gitlab-runner/common" 13 ) 14 15 var accessID2 = "test-access-id-2@X.iam.gserviceaccount.com" 16 17 type credentialsResolverTestCase struct { 18 config *common.CacheGCSConfig 19 credentialsFileContent *credentialsFile 20 credentialsFileDoesNotExist bool 21 credentialsFileWithInvalidJSON bool 22 errorExpectedOnInitialization bool 23 errorExpectedOnResolve bool 24 expectedCredentials *common.CacheGCSCredentials 25 } 26 27 func prepareStubbedCredentialsFile(t *testing.T, testCase credentialsResolverTestCase) func() { 28 cleanup := func() {} 29 30 if testCase.credentialsFileContent != nil { 31 file, err := ioutil.TempFile("", "gcp-credentials-file") 32 require.NoError(t, err) 33 34 cleanup = func() { 35 os.Remove(file.Name()) 36 } 37 38 testCase.config.CredentialsFile = file.Name() 39 40 switch { 41 case testCase.credentialsFileDoesNotExist: 42 os.Remove(file.Name()) 43 case testCase.credentialsFileWithInvalidJSON: 44 _, err = file.Write([]byte("a")) 45 require.NoError(t, err) 46 47 err = file.Close() 48 require.NoError(t, err) 49 default: 50 data, err := json.Marshal(testCase.credentialsFileContent) 51 require.NoError(t, err) 52 53 _, err = file.Write(data) 54 require.NoError(t, err) 55 56 err = file.Close() 57 require.NoError(t, err) 58 } 59 } 60 61 return cleanup 62 } 63 64 func getCredentialsConfig(accessID string, privateKey string) *common.CacheGCSConfig { 65 return &common.CacheGCSConfig{ 66 CacheGCSCredentials: common.CacheGCSCredentials{ 67 AccessID: accessID, 68 PrivateKey: privateKey, 69 }, 70 } 71 } 72 73 func getCredentialsFileContent(fileType string, clientEmail string, privateKey string) *credentialsFile { 74 return &credentialsFile{ 75 Type: fileType, 76 ClientEmail: clientEmail, 77 PrivateKey: privateKey, 78 } 79 } 80 81 func getExpectedCredentials(accessID string, privateKey string) *common.CacheGCSCredentials { 82 return &common.CacheGCSCredentials{ 83 AccessID: accessID, 84 PrivateKey: privateKey, 85 } 86 } 87 88 func TestDefaultCredentialsResolver(t *testing.T) { 89 cases := map[string]credentialsResolverTestCase{ 90 "config is nil": { 91 config: nil, 92 credentialsFileContent: nil, 93 errorExpectedOnInitialization: true, 94 }, 95 "credentials not set": { 96 config: &common.CacheGCSConfig{}, 97 errorExpectedOnResolve: true, 98 }, 99 "credentials direct in config": { 100 config: getCredentialsConfig(accessID, privateKey), 101 errorExpectedOnResolve: false, 102 expectedCredentials: getExpectedCredentials(accessID, privateKey), 103 }, 104 "credentials in credentials file - service account file": { 105 config: &common.CacheGCSConfig{}, 106 credentialsFileContent: getCredentialsFileContent(TypeServiceAccount, accessID, privateKey), 107 errorExpectedOnResolve: false, 108 expectedCredentials: getExpectedCredentials(accessID, privateKey), 109 }, 110 "credentials in credentials file - unsupported type credentials file": { 111 config: &common.CacheGCSConfig{}, 112 credentialsFileContent: getCredentialsFileContent("unknown_type", "", ""), 113 errorExpectedOnResolve: true, 114 }, 115 "credentials in both places - credentials file takes precedence": { 116 config: getCredentialsConfig(accessID, privateKey), 117 credentialsFileContent: getCredentialsFileContent(TypeServiceAccount, accessID2, privateKey), 118 errorExpectedOnResolve: false, 119 expectedCredentials: getExpectedCredentials(accessID2, privateKey), 120 }, 121 "credentials in non-existing credentials file": { 122 config: &common.CacheGCSConfig{}, 123 credentialsFileContent: getCredentialsFileContent(TypeServiceAccount, accessID, privateKey), 124 credentialsFileDoesNotExist: true, 125 errorExpectedOnResolve: true, 126 }, 127 "credentials in credentials file - invalid JSON": { 128 config: &common.CacheGCSConfig{}, 129 credentialsFileContent: getCredentialsFileContent(TypeServiceAccount, accessID, privateKey), 130 credentialsFileWithInvalidJSON: true, 131 errorExpectedOnResolve: true, 132 }, 133 } 134 135 for name, testCase := range cases { 136 t.Run(name, func(t *testing.T) { 137 cleanupCredentialsFileMock := prepareStubbedCredentialsFile(t, testCase) 138 defer cleanupCredentialsFileMock() 139 140 cr, err := newDefaultCredentialsResolver(testCase.config) 141 142 if testCase.errorExpectedOnInitialization { 143 assert.Error(t, err) 144 return 145 } 146 147 require.NoError(t, err, "Error on resolver initialization is not expected") 148 149 err = cr.Resolve() 150 151 if testCase.errorExpectedOnResolve { 152 assert.Error(t, err) 153 return 154 } 155 156 require.NoError(t, err, "Error on credentials resolving is not expected") 157 assert.Equal(t, testCase.expectedCredentials, cr.Credentials()) 158 }) 159 } 160 }