credentials/internal/providers/ram_role_arn_test.go - Code Metrics - Inspection of "refine ram role arn provider" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( cde461...24f869 )

unknown

created 2024-08-24 08:23 UTC

credentials/internal/providers/ram_role_arn_test.go A

↳ Parent: Project

Size/Duplication

Total Lines	379
Duplicated Lines	0 %

Importance

Changes

Metric	Value
cc	21
eloc	291
dl	0
loc	379
rs	10
c	0
b	0
f	0

8 Methods

Rating	Name	Size	Complexity
A	providers.*errorCredentialsProvider.GetCredentials	3	1
A	providers.TestRAMRoleARNCredentialsProvider_getCredentialsWithRequestCheck	39	3
A	providers.TestRAMRoleARNCredentialsProviderGetCredentialsWithError	16	1
B	providers.TestNewRAMRoleARNCredentialsProvider	96	1
C	providers.TestRAMRoleARNCredentialsProvider_getCredentials	100	8
A	providers.*errorCredentialsProvider.GetProviderName	2	1
B	providers.TestRAMRoleARNCredentialsProviderGetCredentials	73	5
A	providers.TestRAMRoleARNCredentialsProviderWithHttpOptions	21	1

package providers

import (
	"errors"
	"strings"
	"testing"
	"time"

	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
	"github.com/stretchr/testify/assert"
)

func TestNewRAMRoleARNCredentialsProvider(t *testing.T) {
	// case 1: no credentials provider
	_, err := NewRAMRoleARNCredentialsProviderBuilder().
		Build()
	assert.EqualError(t, err, "must specify a previous credentials provider to asssume role")

	// case 2: no role arn
	akProvider, err := NewStaticAKCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		Build()
	assert.Nil(t, err)
	_, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		Build()
	assert.EqualError(t, err, "the RoleArn is empty")

	// case 3: check default role session name
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		Build()
	assert.Nil(t, err)
	assert.True(t, strings.HasPrefix(p.roleSessionName, "credentials-go-"))

	// case 4: check default duration seconds
	p, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").Build()
	assert.Nil(t, err)
	assert.Equal(t, 3600, p.durationSeconds)

	// case 5: check invalid duration seconds
	_, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithDurationSeconds(100).
		Build()
	assert.EqualError(t, err, "session duration should be in the range of 900s - max session duration")

	// case 6: check all duration seconds
	p, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithStsRegionId("cn-hangzhou").
		WithPolicy("policy").
		WithExternalId("externalId").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)
	assert.Equal(t, "rsn", p.roleSessionName)
	assert.Equal(t, "roleArn", p.roleArn)
	assert.Equal(t, "policy", p.policy)
	assert.Equal(t, "externalId", p.externalId)
	assert.Equal(t, "cn-hangzhou", p.stsRegionId)
	assert.Equal(t, 1000, p.durationSeconds)
	// sts endpoint with sts region
	assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", p.stsEndpoint)

	// sts endpoint with sts endpoint
	p, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithStsEndpoint("sts.cn-shanghai.aliyuncs.com").
		WithPolicy("policy").
		WithExternalId("externalId").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)
	assert.Equal(t, "rsn", p.roleSessionName)
	assert.Equal(t, "roleArn", p.roleArn)
	assert.Equal(t, "policy", p.policy)
	assert.Equal(t, "externalId", p.externalId)
	assert.Equal(t, "", p.stsRegionId)
	assert.Equal(t, 1000, p.durationSeconds)
	assert.Equal(t, "sts.cn-shanghai.aliyuncs.com", p.stsEndpoint)

	// default sts endpoint
	p, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithPolicy("policy").
		WithExternalId("externalId").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)
	assert.Equal(t, "rsn", p.roleSessionName)
	assert.Equal(t, "roleArn", p.roleArn)
	assert.Equal(t, "policy", p.policy)
	assert.Equal(t, "externalId", p.externalId)
	assert.Equal(t, "", p.stsRegionId)
	assert.Equal(t, 1000, p.durationSeconds)
	assert.Equal(t, "sts.aliyuncs.com", p.stsEndpoint)
}

func TestRAMRoleARNCredentialsProvider_getCredentials(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	akProvider, err := NewStaticAKCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		Build()
	assert.Nil(t, err)
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)

	cc, err := akProvider.GetCredentials()
	assert.Nil(t, err)

	// case 1: server error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		err = errors.New("mock server error")
		return
	}
	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())

	// case 2: 4xx error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 400,
			Body:       []byte("4xx error"),
		}
		return
	}

	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "refresh session token failed: 4xx error", err.Error())

	// case 3: invalid json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte("invalid json"),
		}
		return
	}
	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "refresh RoleArn sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())

	// case 4: empty response json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte("null"),
		}
		return
	}
	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())

	// case 5: empty session ak response json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {}}`),
		}
		return
	}
	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())

	// case 6: mock ok value
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"saki","AccessKeySecret":"saks","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"token"}}`),
		}
		return
	}
	creds, err := p.getCredentials(cc)
	assert.Nil(t, err)
	assert.Equal(t, "saki", creds.AccessKeyId)
	assert.Equal(t, "saks", creds.AccessKeySecret)
	assert.Equal(t, "token", creds.SecurityToken)
	assert.Equal(t, "2021-10-20T04:27:09Z", creds.Expiration)

	// needUpdateCredential
	assert.True(t, p.needUpdateCredential())
	p.expirationTimestamp = time.Now().Unix()
	assert.True(t, p.needUpdateCredential())

	p.expirationTimestamp = time.Now().Unix() + 300
	assert.False(t, p.needUpdateCredential())
}

func TestRAMRoleARNCredentialsProvider_getCredentialsWithRequestCheck(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	stsProvider, err := NewStaticSTSCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		WithSecurityToken("ststoken").
		Build()
	assert.Nil(t, err)
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(stsProvider).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		WithPolicy("policy").
		WithStsRegionId("cn-beijing").
		WithExternalId("externalId").
		Build()
	assert.Nil(t, err)

	// case 1: server error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		assert.Equal(t, "sts.cn-beijing.aliyuncs.com", req.Host)
		assert.Equal(t, "ststoken", req.Queries["SecurityToken"])
		assert.Equal(t, "policy", req.Form["Policy"])
		assert.Equal(t, "roleArn", req.Form["RoleArn"])
		assert.Equal(t, "rsn", req.Form["RoleSessionName"])
		assert.Equal(t, "1000", req.Form["DurationSeconds"])

		err = errors.New("mock server error")
		return
	}

	cc, err := stsProvider.GetCredentials()
	assert.Nil(t, err)
	_, err = p.getCredentials(cc)
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())
}

type errorCredentialsProvider struct {
}

func (p *errorCredentialsProvider) GetCredentials() (cc *Credentials, err error) {
	err = errors.New("get credentials failed")
	return
}

func (p *errorCredentialsProvider) GetProviderName() string {
	return "error_credentials_provider"
}

func TestRAMRoleARNCredentialsProviderGetCredentials(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	// case 0: get previous credentials failed
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(&errorCredentialsProvider{}).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)
	_, err = p.GetCredentials()
	assert.Equal(t, "get credentials failed", err.Error())

	akProvider, err := NewStaticAKCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		Build()
	assert.Nil(t, err)

	p, err = NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)

	// case 1: get credentials failed
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		err = errors.New("mock server error")
		return
	}
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())

	// case 2: get invalid expiration
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"invalidexpiration","SecurityToken":"ststoken"}}`),
		}
		return
	}
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "parsing time \"invalidexpiration\" as \"2006-01-02T15:04:05Z\": cannot parse \"invalidexpiration\" as \"2006\"", err.Error())

	// case 3: happy result
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
		}
		return
	}
	cc, err := p.GetCredentials()
	assert.Nil(t, err)
	assert.Equal(t, "akid", cc.AccessKeyId)
	assert.Equal(t, "aksecret", cc.AccessKeySecret)
	assert.Equal(t, "ststoken", cc.SecurityToken)
	assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName)
	assert.True(t, p.needUpdateCredential())
	// get credentials again
	cc, err = p.GetCredentials()
	assert.Nil(t, err)
	assert.Equal(t, "akid", cc.AccessKeyId)
	assert.Equal(t, "aksecret", cc.AccessKeySecret)
	assert.Equal(t, "ststoken", cc.SecurityToken)
	assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName)
	assert.True(t, p.needUpdateCredential())
}

func TestRAMRoleARNCredentialsProviderGetCredentialsWithError(t *testing.T) {
	akProvider, err := NewStaticAKCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		Build()
	assert.Nil(t, err)
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		Build()
	assert.Nil(t, err)
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound")
}

func TestRAMRoleARNCredentialsProviderWithHttpOptions(t *testing.T) {
	akProvider, err := NewStaticAKCredentialsProviderBuilder().
		WithAccessKeyId("akid").
		WithAccessKeySecret("aksecret").
		Build()
	assert.Nil(t, err)
	p, err := NewRAMRoleARNCredentialsProviderBuilder().
		WithCredentialsProvider(akProvider).
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithDurationSeconds(1000).
		WithHttpOptions(&HttpOptions{
			ConnectTimeout: 1,
			ReadTimeout:    1,
			Proxy:          "localhost:3999",
		}).
		Build()
	assert.Nil(t, err)
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Contains(t, err.Error(), "proxyconnect tcp:")
}


1			package providers
2
3			import (
4			"errors"
5			"strings"
6			"testing"
7			"time"
8
9			httputil "github.com/aliyun/credentials-go/credentials/internal/http"
10			"github.com/stretchr/testify/assert"
11			)
12
13			func TestNewRAMRoleARNCredentialsProvider(t *testing.T) {
14			// case 1: no credentials provider
15			_, err := NewRAMRoleARNCredentialsProviderBuilder().
16			Build()
17			assert.EqualError(t, err, "must specify a previous credentials provider to asssume role")
18
19			// case 2: no role arn
20			akProvider, err := NewStaticAKCredentialsProviderBuilder().
21			WithAccessKeyId("akid").
22			WithAccessKeySecret("aksecret").
23			Build()
24			assert.Nil(t, err)
25			_, err = NewRAMRoleARNCredentialsProviderBuilder().
26			WithCredentialsProvider(akProvider).
27			Build()
28			assert.EqualError(t, err, "the RoleArn is empty")
29
30			// case 3: check default role session name
31			p, err := NewRAMRoleARNCredentialsProviderBuilder().
32			WithCredentialsProvider(akProvider).
33			WithRoleArn("roleArn").
34			Build()
35			assert.Nil(t, err)
36			assert.True(t, strings.HasPrefix(p.roleSessionName, "credentials-go-"))
37
38			// case 4: check default duration seconds
39			p, err = NewRAMRoleARNCredentialsProviderBuilder().
40			WithCredentialsProvider(akProvider).
41			WithRoleArn("roleArn").Build()
42			assert.Nil(t, err)
43			assert.Equal(t, 3600, p.durationSeconds)
44
45			// case 5: check invalid duration seconds
46			_, err = NewRAMRoleARNCredentialsProviderBuilder().
47			WithCredentialsProvider(akProvider).
48			WithRoleArn("roleArn").
49			WithDurationSeconds(100).
50			Build()
51			assert.EqualError(t, err, "session duration should be in the range of 900s - max session duration")
52
53			// case 6: check all duration seconds
54			p, err = NewRAMRoleARNCredentialsProviderBuilder().
55			WithCredentialsProvider(akProvider).
56			WithRoleArn("roleArn").
57			WithStsRegionId("cn-hangzhou").
58			WithPolicy("policy").
59			WithExternalId("externalId").
60			WithRoleSessionName("rsn").
61			WithDurationSeconds(1000).
62			Build()
63			assert.Nil(t, err)
64			assert.Equal(t, "rsn", p.roleSessionName)
65			assert.Equal(t, "roleArn", p.roleArn)
66			assert.Equal(t, "policy", p.policy)
67			assert.Equal(t, "externalId", p.externalId)
68			assert.Equal(t, "cn-hangzhou", p.stsRegionId)
69			assert.Equal(t, 1000, p.durationSeconds)
70			// sts endpoint with sts region
71			assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", p.stsEndpoint)
72
73			// sts endpoint with sts endpoint
74			p, err = NewRAMRoleARNCredentialsProviderBuilder().
75			WithCredentialsProvider(akProvider).
76			WithRoleArn("roleArn").
77			WithStsEndpoint("sts.cn-shanghai.aliyuncs.com").
78			WithPolicy("policy").
79			WithExternalId("externalId").
80			WithRoleSessionName("rsn").
81			WithDurationSeconds(1000).
82			Build()
83			assert.Nil(t, err)
84			assert.Equal(t, "rsn", p.roleSessionName)
85			assert.Equal(t, "roleArn", p.roleArn)
86			assert.Equal(t, "policy", p.policy)
87			assert.Equal(t, "externalId", p.externalId)
88			assert.Equal(t, "", p.stsRegionId)
89			assert.Equal(t, 1000, p.durationSeconds)
90			assert.Equal(t, "sts.cn-shanghai.aliyuncs.com", p.stsEndpoint)
91
92			// default sts endpoint
93			p, err = NewRAMRoleARNCredentialsProviderBuilder().
94			WithCredentialsProvider(akProvider).
95			WithRoleArn("roleArn").
96			WithPolicy("policy").
97			WithExternalId("externalId").
98			WithRoleSessionName("rsn").
99			WithDurationSeconds(1000).
100			Build()
101			assert.Nil(t, err)
102			assert.Equal(t, "rsn", p.roleSessionName)
103			assert.Equal(t, "roleArn", p.roleArn)
104			assert.Equal(t, "policy", p.policy)
105			assert.Equal(t, "externalId", p.externalId)
106			assert.Equal(t, "", p.stsRegionId)
107			assert.Equal(t, 1000, p.durationSeconds)
108			assert.Equal(t, "sts.aliyuncs.com", p.stsEndpoint)
109			}
110
111			func TestRAMRoleARNCredentialsProvider_getCredentials(t *testing.T) {
112			originHttpDo := httpDo
113			defer func() { httpDo = originHttpDo }()
114
115			akProvider, err := NewStaticAKCredentialsProviderBuilder().
116			WithAccessKeyId("akid").
117			WithAccessKeySecret("aksecret").
118			Build()
119			assert.Nil(t, err)
120			p, err := NewRAMRoleARNCredentialsProviderBuilder().
121			WithCredentialsProvider(akProvider).
122			WithRoleArn("roleArn").
123			WithRoleSessionName("rsn").
124			WithDurationSeconds(1000).
125			Build()
126			assert.Nil(t, err)
127
128			cc, err := akProvider.GetCredentials()
129			assert.Nil(t, err)
130
131			// case 1: server error
132			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
133			err = errors.New("mock server error")
134			return
135			}
136			_, err = p.getCredentials(cc)
137			assert.NotNil(t, err)
138			assert.Equal(t, "mock server error", err.Error())
139
140			// case 2: 4xx error
141			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
142			res = &httputil.Response{
143			StatusCode: 400,
144			Body: []byte("4xx error"),
145			}
146			return
147			}
148
149			_, err = p.getCredentials(cc)
150			assert.NotNil(t, err)
151			assert.Equal(t, "refresh session token failed: 4xx error", err.Error())
152
153			// case 3: invalid json
154			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
155			res = &httputil.Response{
156			StatusCode: 200,
157			Body: []byte("invalid json"),
158			}
159			return
160			}
161			_, err = p.getCredentials(cc)
162			assert.NotNil(t, err)
163			assert.Equal(t, "refresh RoleArn sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())
164
165			// case 4: empty response json
166			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
167			res = &httputil.Response{
168			StatusCode: 200,
169			Body: []byte("null"),
170			}
171			return
172			}
173			_, err = p.getCredentials(cc)
174			assert.NotNil(t, err)
175			assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())
176
177			// case 5: empty session ak response json
178			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
179			res = &httputil.Response{
180			StatusCode: 200,
181			Body: []byte(`{"Credentials": {}}`),
182			}
183			return
184			}
185			_, err = p.getCredentials(cc)
186			assert.NotNil(t, err)
187			assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())
188
189			// case 6: mock ok value
190			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
191			res = &httputil.Response{
192			StatusCode: 200,
193			Body: []byte(`{"Credentials": {"AccessKeyId":"saki","AccessKeySecret":"saks","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"token"}}`),
194			}
195			return
196			}
197			creds, err := p.getCredentials(cc)
198			assert.Nil(t, err)
199			assert.Equal(t, "saki", creds.AccessKeyId)
200			assert.Equal(t, "saks", creds.AccessKeySecret)
201			assert.Equal(t, "token", creds.SecurityToken)
202			assert.Equal(t, "2021-10-20T04:27:09Z", creds.Expiration)
203
204			// needUpdateCredential
205			assert.True(t, p.needUpdateCredential())
206			p.expirationTimestamp = time.Now().Unix()
207			assert.True(t, p.needUpdateCredential())
208
209			p.expirationTimestamp = time.Now().Unix() + 300
210			assert.False(t, p.needUpdateCredential())
211			}
212
213			func TestRAMRoleARNCredentialsProvider_getCredentialsWithRequestCheck(t *testing.T) {
214			originHttpDo := httpDo
215			defer func() { httpDo = originHttpDo }()
216
217			stsProvider, err := NewStaticSTSCredentialsProviderBuilder().
218			WithAccessKeyId("akid").
219			WithAccessKeySecret("aksecret").
220			WithSecurityToken("ststoken").
221			Build()
222			assert.Nil(t, err)
223			p, err := NewRAMRoleARNCredentialsProviderBuilder().
224			WithCredentialsProvider(stsProvider).
225			WithRoleArn("roleArn").
226			WithRoleSessionName("rsn").
227			WithDurationSeconds(1000).
228			WithPolicy("policy").
229			WithStsRegionId("cn-beijing").
230			WithExternalId("externalId").
231			Build()
232			assert.Nil(t, err)
233
234			// case 1: server error
235			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
236			assert.Equal(t, "sts.cn-beijing.aliyuncs.com", req.Host)
237			assert.Equal(t, "ststoken", req.Queries["SecurityToken"])
238			assert.Equal(t, "policy", req.Form["Policy"])
239			assert.Equal(t, "roleArn", req.Form["RoleArn"])
240			assert.Equal(t, "rsn", req.Form["RoleSessionName"])
241			assert.Equal(t, "1000", req.Form["DurationSeconds"])
242
243			err = errors.New("mock server error")
244			return
245			}
246
247			cc, err := stsProvider.GetCredentials()
248			assert.Nil(t, err)
249			_, err = p.getCredentials(cc)
250			assert.NotNil(t, err)
251			assert.Equal(t, "mock server error", err.Error())
252			}
253
254			type errorCredentialsProvider struct {
255			}
256
257			func (p errorCredentialsProvider) GetCredentials() (cc Credentials, err error) {
258			err = errors.New("get credentials failed")
259			return
260			}
261
262			func (p *errorCredentialsProvider) GetProviderName() string {
263			return "error_credentials_provider"
264			}
265
266			func TestRAMRoleARNCredentialsProviderGetCredentials(t *testing.T) {
267			originHttpDo := httpDo
268			defer func() { httpDo = originHttpDo }()
269
270			// case 0: get previous credentials failed
271			p, err := NewRAMRoleARNCredentialsProviderBuilder().
272			WithCredentialsProvider(&errorCredentialsProvider{}).
273			WithRoleArn("roleArn").
274			WithRoleSessionName("rsn").
275			WithDurationSeconds(1000).
276			Build()
277			assert.Nil(t, err)
278			_, err = p.GetCredentials()
279			assert.Equal(t, "get credentials failed", err.Error())
280
281			akProvider, err := NewStaticAKCredentialsProviderBuilder().
282			WithAccessKeyId("akid").
283			WithAccessKeySecret("aksecret").
284			Build()
285			assert.Nil(t, err)
286
287			p, err = NewRAMRoleARNCredentialsProviderBuilder().
288			WithCredentialsProvider(akProvider).
289			WithRoleArn("roleArn").
290			WithRoleSessionName("rsn").
291			WithDurationSeconds(1000).
292			Build()
293			assert.Nil(t, err)
294
295			// case 1: get credentials failed
296			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
297			err = errors.New("mock server error")
298			return
299			}
300			_, err = p.GetCredentials()
301			assert.NotNil(t, err)
302			assert.Equal(t, "mock server error", err.Error())
303
304			// case 2: get invalid expiration
305			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
306			res = &httputil.Response{
307			StatusCode: 200,
308			Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"invalidexpiration","SecurityToken":"ststoken"}}`),
309			}
310			return
311			}
312			_, err = p.GetCredentials()
313			assert.NotNil(t, err)
314			assert.Equal(t, "parsing time \"invalidexpiration\" as \"2006-01-02T15:04:05Z\": cannot parse \"invalidexpiration\" as \"2006\"", err.Error())
315
316			// case 3: happy result
317			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
318			res = &httputil.Response{
319			StatusCode: 200,
320			Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
321			}
322			return
323			}
324			cc, err := p.GetCredentials()
325			assert.Nil(t, err)
326			assert.Equal(t, "akid", cc.AccessKeyId)
327			assert.Equal(t, "aksecret", cc.AccessKeySecret)
328			assert.Equal(t, "ststoken", cc.SecurityToken)
329			assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName)
330			assert.True(t, p.needUpdateCredential())
331			// get credentials again
332			cc, err = p.GetCredentials()
333			assert.Nil(t, err)
334			assert.Equal(t, "akid", cc.AccessKeyId)
335			assert.Equal(t, "aksecret", cc.AccessKeySecret)
336			assert.Equal(t, "ststoken", cc.SecurityToken)
337			assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName)
338			assert.True(t, p.needUpdateCredential())
339			}
340
341			func TestRAMRoleARNCredentialsProviderGetCredentialsWithError(t *testing.T) {
342			akProvider, err := NewStaticAKCredentialsProviderBuilder().
343			WithAccessKeyId("akid").
344			WithAccessKeySecret("aksecret").
345			Build()
346			assert.Nil(t, err)
347			p, err := NewRAMRoleARNCredentialsProviderBuilder().
348			WithCredentialsProvider(akProvider).
349			WithRoleArn("roleArn").
350			WithRoleSessionName("rsn").
351			WithDurationSeconds(1000).
352			Build()
353			assert.Nil(t, err)
354			_, err = p.GetCredentials()
355			assert.NotNil(t, err)
356			assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound")
357			}
358
359			func TestRAMRoleARNCredentialsProviderWithHttpOptions(t *testing.T) {
360			akProvider, err := NewStaticAKCredentialsProviderBuilder().
361			WithAccessKeyId("akid").
362			WithAccessKeySecret("aksecret").
363			Build()
364			assert.Nil(t, err)
365			p, err := NewRAMRoleARNCredentialsProviderBuilder().
366			WithCredentialsProvider(akProvider).
367			WithRoleArn("roleArn").
368			WithRoleSessionName("rsn").
369			WithDurationSeconds(1000).
370			WithHttpOptions(&HttpOptions{
371			ConnectTimeout: 1,
372			ReadTimeout: 1,
373			Proxy: "localhost:3999",
374			}).
375			Build()
376			assert.Nil(t, err)
377			_, err = p.GetCredentials()
378			assert.NotNil(t, err)
379			assert.Contains(t, err.Error(), "proxyconnect tcp:")
380			}
381

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( cde461...24f869 )

credentials/internal/providers/ram_role_arn_test.go A

Size/Duplication

Importance

8 Methods

Duplication Side-by-Side

Filter issues like