go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/id/awsec2/metadata_local_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package awsec2 5 6 import ( 7 "bytes" 8 "io" 9 "net/http" 10 "os" 11 "strings" 12 "testing" 13 14 "github.com/aws/aws-sdk-go-v2/aws" 15 "github.com/aws/aws-sdk-go-v2/credentials" 16 smithyhttp "github.com/aws/smithy-go/transport/http" 17 "github.com/stretchr/testify/assert" 18 ) 19 20 func fakeConfig() aws.Config { 21 conf := aws.Config{} 22 conf.Region = "mock-region" 23 localResolverFn := func(service, region string) (aws.Endpoint, error) { 24 return aws.Endpoint{ 25 URL: "https://endpoint", 26 }, nil 27 } 28 conf.EndpointResolver = aws.EndpointResolverFunc(localResolverFn) 29 conf.Credentials = credentials.StaticCredentialsProvider{ 30 Value: aws.Credentials{ 31 AccessKeyID: "AKID", SecretAccessKey: "SECRET", SessionToken: "SESSION", 32 Source: "unit test credentials", 33 }, 34 } 35 return conf 36 } 37 38 func TestEC2RoleProviderInstanceIdentityLocal(t *testing.T) { 39 instanceIdentityDocument, err := os.ReadFile("./testdata/instance-identity-document.json") 40 if err != nil { 41 t.Fatal(err) 42 } 43 44 cfg := fakeConfig() 45 cfg.HTTPClient = smithyhttp.ClientDoFunc(func(r *http.Request) (*http.Response, error) { 46 url := r.URL.String() 47 if strings.Contains(url, "latest/api/token") { 48 return &http.Response{ 49 StatusCode: 200, 50 Header: http.Header{}, 51 Body: io.NopCloser(bytes.NewBufferString("mock-token")), 52 }, nil 53 } 54 if strings.Contains(url, "tags/instance/Name") { 55 return &http.Response{ 56 StatusCode: 200, 57 Header: http.Header{}, 58 Body: io.NopCloser(bytes.NewBufferString("ec2-name")), 59 }, nil 60 } 61 return &http.Response{ 62 StatusCode: 200, 63 Header: http.Header{}, 64 Body: io.NopCloser(bytes.NewReader(instanceIdentityDocument)), 65 }, nil 66 }) 67 68 metadata := NewLocal(cfg) 69 ident, err := metadata.Identify() 70 assert.Nil(t, err) 71 assert.Equal(t, "ec2-name", ident.InstanceName) 72 assert.Equal(t, "//platformid.api.mondoo.app/runtime/aws/ec2/v1/accounts/123456789012/regions/us-west-2/instances/i-1234567890abcdef0", ident.InstanceID) 73 assert.Equal(t, "//platformid.api.mondoo.app/runtime/aws/accounts/123456789012", ident.AccountID) 74 } 75 76 func TestEC2RoleProviderInstanceIdentityLocalDisabledTagsService(t *testing.T) { 77 instanceIdentityDocument, err := os.ReadFile("./testdata/instance-identity-document.json") 78 if err != nil { 79 t.Fatal(err) 80 } 81 82 cfg := fakeConfig() 83 cfg.HTTPClient = smithyhttp.ClientDoFunc(func(r *http.Request) (*http.Response, error) { 84 url := r.URL.String() 85 if strings.Contains(url, "latest/api/token") { 86 return &http.Response{ 87 StatusCode: 200, 88 Header: http.Header{}, 89 Body: io.NopCloser(bytes.NewBufferString("mock-token")), 90 }, nil 91 } 92 if strings.Contains(url, "tags/instance/Name") { 93 return &http.Response{ 94 StatusCode: 404, 95 Header: http.Header{}, 96 Body: io.NopCloser(bytes.NewBufferString("not enabled")), 97 }, nil 98 } 99 return &http.Response{ 100 StatusCode: 200, 101 Header: http.Header{}, 102 Body: io.NopCloser(bytes.NewReader(instanceIdentityDocument)), 103 }, nil 104 }) 105 106 metadata := NewLocal(cfg) 107 ident, err := metadata.Identify() 108 assert.Nil(t, err) 109 assert.Equal(t, "", ident.InstanceName) 110 assert.Equal(t, "//platformid.api.mondoo.app/runtime/aws/ec2/v1/accounts/123456789012/regions/us-west-2/instances/i-1234567890abcdef0", ident.InstanceID) 111 assert.Equal(t, "//platformid.api.mondoo.app/runtime/aws/accounts/123456789012", ident.AccountID) 112 }