github.com/wesleimp/goreleaser@v0.92.0/internal/pipe/s3/awssession_test.go (about) 1 package s3 2 3 import ( 4 "testing" 5 6 "fmt" 7 "net/http" 8 "net/http/httptest" 9 "os" 10 "path/filepath" 11 "time" 12 13 "github.com/aws/aws-sdk-go/aws" 14 "github.com/aws/aws-sdk-go/aws/session" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func setEnv() { 19 os.Setenv("AWS_ACCESS_KEY_ID", "accessKey") 20 os.Setenv("AWS_SECRET_ACCESS_KEY", "secret") 21 } 22 23 func clearnEnv() { 24 os.Unsetenv("AWS_ACCESS_KEY_ID") 25 os.Unsetenv("AWS_SECRET_ACCESS_KEY") 26 os.Unsetenv("AWS_SHARED_CREDENTIALS_FILE") 27 os.Unsetenv("AWS_CONFIG_FILE") 28 } 29 30 func Test_awsSession(t *testing.T) { 31 type args struct { 32 profile string 33 } 34 35 tests := []struct { 36 name string 37 args args 38 wantValidSession bool 39 want *session.Session 40 before func() 41 after func() 42 expectToken string 43 endpoint string 44 S3ForcePathStyle bool 45 }{ 46 { 47 name: "test endpoint", 48 before: setEnv, 49 endpoint: "test", 50 }, 51 { 52 name: "test S3ForcePathStyle", 53 before: setEnv, 54 S3ForcePathStyle: true, 55 }, 56 { 57 name: "test env provider", 58 args: args{ 59 profile: "test1", 60 }, 61 before: setEnv, 62 }, 63 { 64 name: "test default shared credentials provider", 65 before: func() { 66 clearnEnv() 67 os.Setenv("AWS_SHARED_CREDENTIALS_FILE", filepath.Join("testdata", "credentials.ini")) 68 }, 69 expectToken: "token", 70 }, 71 { 72 name: "test default shared credentials provider", 73 before: func() { 74 clearnEnv() 75 os.Setenv("AWS_SHARED_CREDENTIALS_FILE", filepath.Join("testdata", "credentials.ini")) 76 }, 77 expectToken: "token", 78 }, 79 { 80 name: "test profile with shared credentials provider", 81 before: func() { 82 clearnEnv() 83 os.Setenv("AWS_SHARED_CREDENTIALS_FILE", filepath.Join("testdata", "credentials.ini")) 84 }, 85 args: args{ 86 profile: "no_token", 87 }, 88 expectToken: "", 89 }, 90 } 91 92 for _, tt := range tests { 93 t.Run(tt.name, func(t *testing.T) { 94 clearnEnv() 95 defer clearnEnv() 96 if tt.before != nil { 97 tt.before() 98 } 99 100 builder := newSessionBuilder() 101 builder.Profile(tt.args.profile) 102 builder.Endpoint(tt.endpoint) 103 builder.S3ForcePathStyle(tt.S3ForcePathStyle) 104 sess := builder.Build() 105 assert.NotNil(t, sess) 106 107 creds, err := sess.Config.Credentials.Get() 108 assert.Nil(t, err) 109 110 assert.Equal(t, "accessKey", creds.AccessKeyID, "Expect access key ID to match") 111 assert.Equal(t, "secret", creds.SecretAccessKey, "Expect secret access key to match") 112 assert.Equal(t, tt.expectToken, creds.SessionToken, "Expect token to match") 113 114 assert.Equal(t, aws.String(tt.endpoint), sess.Config.Endpoint, "Expect endpoint to match") 115 assert.Equal(t, aws.Bool(tt.S3ForcePathStyle), sess.Config.S3ForcePathStyle, "Expect S3ForcePathStyle to match") 116 }) 117 } 118 } 119 120 const assumeRoleRespMsg = ` 121 <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> 122 <AssumeRoleResult> 123 <AssumedRoleUser> 124 <Arn>arn:aws:sts::account_id:assumed-role/role/session_name</Arn> 125 <AssumedRoleId>AKID:session_name</AssumedRoleId> 126 </AssumedRoleUser> 127 <Credentials> 128 <AccessKeyId>AKID</AccessKeyId> 129 <SecretAccessKey>SECRET</SecretAccessKey> 130 <SessionToken>SESSION_TOKEN</SessionToken> 131 <Expiration>%s</Expiration> 132 </Credentials> 133 </AssumeRoleResult> 134 <ResponseMetadata> 135 <RequestId>request-id</RequestId> 136 </ResponseMetadata> 137 </AssumeRoleResponse> 138 ` 139 140 func Test_awsSession_mfa(t *testing.T) { 141 clearnEnv() 142 defer clearnEnv() 143 os.Setenv("AWS_SHARED_CREDENTIALS_FILE", filepath.Join("testdata", "credentials.ini")) 144 os.Setenv("AWS_CONFIG_FILE", filepath.Join("testdata", "config.ini")) 145 146 server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 147 assert.Equal(t, r.FormValue("SerialNumber"), "arn:aws:iam::1111111111:mfa/test") 148 assert.Equal(t, r.FormValue("TokenCode"), "tokencode") 149 150 w.Write([]byte(fmt.Sprintf(assumeRoleRespMsg, time.Now().Add(15*time.Minute).Format("2006-01-02T15:04:05Z")))) 151 })) 152 153 customProviderCalled := false 154 155 options := &session.Options{ 156 Profile: "cloudformation@flowlab-dev", 157 Config: aws.Config{ 158 Region: aws.String("eu-west-1"), 159 Endpoint: aws.String(server.URL), 160 DisableSSL: aws.Bool(true), 161 }, 162 SharedConfigState: session.SharedConfigEnable, 163 AssumeRoleTokenProvider: func() (string, error) { 164 customProviderCalled = true 165 return "tokencode", nil 166 }, 167 } 168 169 builder := newSessionBuilder() 170 builder.Profile("cloudformation@flowlab-dev") 171 builder.Options(options) 172 sess := builder.Build() 173 174 creds, err := sess.Config.Credentials.Get() 175 assert.NoError(t, err) 176 assert.True(t, customProviderCalled) 177 assert.Contains(t, creds.ProviderName, "AssumeRoleProvider") 178 } 179 180 func Test_awsSession_fail(t *testing.T) { 181 tests := []struct { 182 name string 183 }{ 184 { 185 name: "should fail with no credentials", 186 }, 187 } 188 189 for _, tt := range tests { 190 t.Run(tt.name, func(t *testing.T) { 191 clearnEnv() 192 defer clearnEnv() 193 194 builder := newSessionBuilder() 195 sess := builder.Build() 196 assert.NotNil(t, sess) 197 198 _, err := sess.Config.Credentials.Get() 199 assert.NotNil(t, err) 200 }) 201 } 202 }