|
1
|
|
|
package credentials |
|
2
|
|
|
|
|
3
|
|
|
import ( |
|
4
|
|
|
"os" |
|
5
|
|
|
"testing" |
|
6
|
|
|
|
|
7
|
|
|
"github.com/alibabacloud-go/tea/tea" |
|
8
|
|
|
"github.com/aliyun/credentials-go/credentials/request" |
|
9
|
|
|
"github.com/aliyun/credentials-go/credentials/utils" |
|
10
|
|
|
"github.com/stretchr/testify/assert" |
|
11
|
|
|
) |
|
12
|
|
|
|
|
13
|
|
|
var privatekey = `---- |
|
14
|
|
|
this is privatekey` |
|
15
|
|
|
|
|
16
|
|
|
func TestConfig(t *testing.T) { |
|
17
|
|
|
config := new(Config) |
|
18
|
|
|
assert.Equal(t, "{\n \"type\": null,\n \"access_key_id\": null,\n \"access_key_secret\": null,\n \"oidc_provider_arn\": null,\n \"oidc_token\": null,\n \"role_arn\": null,\n \"role_session_name\": null,\n \"public_key_id\": null,\n \"role_name\": null,\n \"session_expiration\": null,\n \"private_key_file\": null,\n \"bearer_token\": null,\n \"security_token\": null,\n \"role_session_expiratioon\": null,\n \"policy\": null,\n \"host\": null,\n \"timeout\": null,\n \"connect_timeout\": null,\n \"proxy\": null,\n \"inAdvanceScale\": null,\n \"url\": null,\n \"sts_endpoint\": null,\n \"external_id\": null\n}", config.String()) |
|
19
|
|
|
assert.Equal(t, "{\n \"type\": null,\n \"access_key_id\": null,\n \"access_key_secret\": null,\n \"oidc_provider_arn\": null,\n \"oidc_token\": null,\n \"role_arn\": null,\n \"role_session_name\": null,\n \"public_key_id\": null,\n \"role_name\": null,\n \"session_expiration\": null,\n \"private_key_file\": null,\n \"bearer_token\": null,\n \"security_token\": null,\n \"role_session_expiratioon\": null,\n \"policy\": null,\n \"host\": null,\n \"timeout\": null,\n \"connect_timeout\": null,\n \"proxy\": null,\n \"inAdvanceScale\": null,\n \"url\": null,\n \"sts_endpoint\": null,\n \"external_id\": null\n}", config.GoString()) |
|
20
|
|
|
|
|
21
|
|
|
config.SetSTSEndpoint("sts.cn-hangzhou.aliyuncs.com") |
|
22
|
|
|
assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", *config.STSEndpoint) |
|
23
|
|
|
} |
|
24
|
|
|
|
|
25
|
|
|
func TestNewCredentialWithNil(t *testing.T) { |
|
26
|
|
|
originAccessKey := os.Getenv(EnvVarAccessKeyId) |
|
27
|
|
|
originAccessSecret := os.Getenv(EnvVarAccessKeySecret) |
|
28
|
|
|
os.Setenv(EnvVarAccessKeyId, "accesskey") |
|
29
|
|
|
os.Setenv(EnvVarAccessKeySecret, "accesssecret") |
|
30
|
|
|
defer func() { |
|
31
|
|
|
os.Setenv(EnvVarAccessKeyId, originAccessKey) |
|
32
|
|
|
os.Setenv(EnvVarAccessKeySecret, originAccessSecret) |
|
33
|
|
|
}() |
|
34
|
|
|
cred, err := NewCredential(nil) |
|
35
|
|
|
assert.Nil(t, err) |
|
36
|
|
|
assert.NotNil(t, cred) |
|
37
|
|
|
os.Unsetenv(EnvVarAccessKeyId) |
|
38
|
|
|
os.Unsetenv(EnvVarAccessKeySecret) |
|
39
|
|
|
cred, err = NewCredential(nil) |
|
40
|
|
|
assert.NotNil(t, err) |
|
41
|
|
|
assert.Equal(t, "No credential found", err.Error()) |
|
42
|
|
|
assert.Nil(t, cred) |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
func TestNewCredentialWithAK(t *testing.T) { |
|
46
|
|
|
config := new(Config) |
|
47
|
|
|
config.SetType("access_key") |
|
48
|
|
|
cred, err := NewCredential(config) |
|
49
|
|
|
assert.NotNil(t, err) |
|
50
|
|
|
assert.Equal(t, "AccessKeyId cannot be empty", err.Error()) |
|
51
|
|
|
assert.Nil(t, cred) |
|
52
|
|
|
|
|
53
|
|
|
config.SetAccessKeyId("AccessKeyId") |
|
54
|
|
|
cred, err = NewCredential(config) |
|
55
|
|
|
assert.NotNil(t, err) |
|
56
|
|
|
assert.Equal(t, "AccessKeySecret cannot be empty", err.Error()) |
|
57
|
|
|
assert.Nil(t, cred) |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
func TestNewCredentialWithSts(t *testing.T) { |
|
61
|
|
|
config := new(Config) |
|
62
|
|
|
config.SetType("sts") |
|
63
|
|
|
|
|
64
|
|
|
config.SetAccessKeyId("") |
|
65
|
|
|
cred, err := NewCredential(config) |
|
66
|
|
|
assert.NotNil(t, err) |
|
67
|
|
|
assert.Equal(t, "AccessKeyId cannot be empty", err.Error()) |
|
68
|
|
|
assert.Nil(t, cred) |
|
69
|
|
|
|
|
70
|
|
|
config.SetAccessKeyId("akid") |
|
71
|
|
|
cred, err = NewCredential(config) |
|
72
|
|
|
assert.NotNil(t, err) |
|
73
|
|
|
assert.Equal(t, "AccessKeySecret cannot be empty", err.Error()) |
|
74
|
|
|
assert.Nil(t, cred) |
|
75
|
|
|
|
|
76
|
|
|
config.SetAccessKeySecret("aksecret") |
|
77
|
|
|
cred, err = NewCredential(config) |
|
78
|
|
|
assert.NotNil(t, err) |
|
79
|
|
|
assert.Equal(t, "SecurityToken cannot be empty", err.Error()) |
|
80
|
|
|
assert.Nil(t, cred) |
|
81
|
|
|
|
|
82
|
|
|
config.SetSecurityToken("SecurityToken") |
|
83
|
|
|
cred, err = NewCredential(config) |
|
84
|
|
|
assert.Nil(t, err) |
|
85
|
|
|
assert.NotNil(t, cred) |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
func TestNewCredentialWithECSRAMRole(t *testing.T) { |
|
89
|
|
|
config := new(Config) |
|
90
|
|
|
config.SetType("ecs_ram_role") |
|
91
|
|
|
cred, err := NewCredential(config) |
|
92
|
|
|
assert.Nil(t, err) |
|
93
|
|
|
assert.NotNil(t, cred) |
|
94
|
|
|
|
|
95
|
|
|
config.SetRoleName("AccessKeyId") |
|
96
|
|
|
cred, err = NewCredential(config) |
|
97
|
|
|
assert.Nil(t, err) |
|
98
|
|
|
assert.NotNil(t, cred) |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
func TestNewCredentialWithRSAKeyPair(t *testing.T) { |
|
102
|
|
|
config := new(Config) |
|
103
|
|
|
config.SetType("rsa_key_pair") |
|
104
|
|
|
cred, err := NewCredential(config) |
|
105
|
|
|
assert.NotNil(t, err) |
|
106
|
|
|
assert.Equal(t, "PrivateKeyFile cannot be empty", err.Error()) |
|
107
|
|
|
assert.Nil(t, cred) |
|
108
|
|
|
|
|
109
|
|
|
config.SetPrivateKeyFile("test") |
|
110
|
|
|
cred, err = NewCredential(config) |
|
111
|
|
|
assert.NotNil(t, err) |
|
112
|
|
|
assert.Equal(t, "PublicKeyId cannot be empty", err.Error()) |
|
113
|
|
|
assert.Nil(t, cred) |
|
114
|
|
|
|
|
115
|
|
|
config. |
|
116
|
|
|
SetPublicKeyId("resource"). |
|
117
|
|
|
SetPrivateKeyFile("nofile"). |
|
118
|
|
|
SetSessionExpiration(10). |
|
119
|
|
|
SetRoleSessionExpiration(10). |
|
120
|
|
|
SetPolicy(""). |
|
121
|
|
|
SetHost(""). |
|
122
|
|
|
SetTimeout(10). |
|
123
|
|
|
SetConnectTimeout(10). |
|
124
|
|
|
SetProxy("") |
|
125
|
|
|
cred, err = NewCredential(config) |
|
126
|
|
|
assert.NotNil(t, err) |
|
127
|
|
|
assert.Contains(t, err.Error(), "InvalidPath: Can not open PrivateKeyFile, err is open nofile:") |
|
128
|
|
|
assert.Nil(t, cred) |
|
129
|
|
|
|
|
130
|
|
|
file, err := os.Create("./pk.pem") |
|
131
|
|
|
assert.Nil(t, err) |
|
132
|
|
|
file.WriteString(privatekey) |
|
133
|
|
|
file.Close() |
|
134
|
|
|
|
|
135
|
|
|
config.SetType("rsa_key_pair"). |
|
136
|
|
|
SetPublicKeyId("resource"). |
|
137
|
|
|
SetPrivateKeyFile("./pk.pem") |
|
138
|
|
|
cred, err = NewCredential(config) |
|
139
|
|
|
assert.Nil(t, err) |
|
140
|
|
|
assert.NotNil(t, cred) |
|
141
|
|
|
} |
|
142
|
|
|
|
|
143
|
|
|
func TestNewCredentialWithRAMRoleARN(t *testing.T) { |
|
144
|
|
|
config := new(Config) |
|
145
|
|
|
config.SetType("ram_role_arn") |
|
146
|
|
|
config.SetAccessKeyId("") |
|
147
|
|
|
cred, err := NewCredential(config) |
|
148
|
|
|
assert.NotNil(t, err) |
|
149
|
|
|
assert.Equal(t, "AccessKeyId cannot be empty", err.Error()) |
|
150
|
|
|
assert.Nil(t, cred) |
|
151
|
|
|
|
|
152
|
|
|
config.SetAccessKeyId("akid") |
|
153
|
|
|
config.SetAccessKeySecret("") |
|
154
|
|
|
cred, err = NewCredential(config) |
|
155
|
|
|
assert.NotNil(t, err) |
|
156
|
|
|
assert.Equal(t, "AccessKeySecret cannot be empty", err.Error()) |
|
157
|
|
|
assert.Nil(t, cred) |
|
158
|
|
|
|
|
159
|
|
|
config.SetAccessKeySecret("AccessKeySecret") |
|
160
|
|
|
cred, err = NewCredential(config) |
|
161
|
|
|
assert.NotNil(t, err) |
|
162
|
|
|
assert.Equal(t, "RoleArn cannot be empty", err.Error()) |
|
163
|
|
|
assert.Nil(t, cred) |
|
164
|
|
|
|
|
165
|
|
|
config.SetRoleArn("roleArn") |
|
166
|
|
|
cred, err = NewCredential(config) |
|
167
|
|
|
assert.NotNil(t, err) |
|
168
|
|
|
assert.Equal(t, "RoleSessionName cannot be empty", err.Error()) |
|
169
|
|
|
assert.Nil(t, cred) |
|
170
|
|
|
|
|
171
|
|
|
config.SetRoleSessionName("RoleSessionName") |
|
172
|
|
|
cred, err = NewCredential(config) |
|
173
|
|
|
assert.Nil(t, err) |
|
174
|
|
|
assert.NotNil(t, cred) |
|
175
|
|
|
} |
|
176
|
|
|
|
|
177
|
|
|
func TestNewCredentialWithBearerToken(t *testing.T) { |
|
178
|
|
|
config := new(Config) |
|
179
|
|
|
config.SetType("bearer") |
|
180
|
|
|
cred, err := NewCredential(config) |
|
181
|
|
|
assert.NotNil(t, err) |
|
182
|
|
|
assert.Equal(t, "BearerToken cannot be empty", err.Error()) |
|
183
|
|
|
assert.Nil(t, cred) |
|
184
|
|
|
|
|
185
|
|
|
config.SetBearerToken("BearerToken") |
|
186
|
|
|
cred, err = NewCredential(config) |
|
187
|
|
|
assert.Nil(t, err) |
|
188
|
|
|
assert.NotNil(t, cred) |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
func TestNewCredentialWithOIDC(t *testing.T) { |
|
192
|
|
|
config := new(Config) |
|
193
|
|
|
// oidc role arn |
|
194
|
|
|
config.SetType("oidc_role_arn") |
|
195
|
|
|
cred, err := NewCredential(config) |
|
196
|
|
|
assert.NotNil(t, err) |
|
197
|
|
|
assert.Equal(t, "RoleArn cannot be empty", err.Error()) |
|
198
|
|
|
assert.Nil(t, cred) |
|
199
|
|
|
|
|
200
|
|
|
config.SetRoleArn("role_arn") |
|
201
|
|
|
cred, err = NewCredential(config) |
|
202
|
|
|
assert.NotNil(t, err) |
|
203
|
|
|
assert.Equal(t, "OIDCProviderArn cannot be empty", err.Error()) |
|
204
|
|
|
assert.Nil(t, cred) |
|
205
|
|
|
|
|
206
|
|
|
config.SetOIDCProviderArn("oidc_provider_arn_test"). |
|
207
|
|
|
SetOIDCTokenFilePath("oidc_token_file_path_test"). |
|
208
|
|
|
SetRoleArn("role_arn_test") |
|
209
|
|
|
cred, err = NewCredential(config) |
|
210
|
|
|
assert.Nil(t, err) |
|
211
|
|
|
assert.NotNil(t, cred) |
|
212
|
|
|
assert.Equal(t, "oidc_provider_arn_test", tea.StringValue(config.OIDCProviderArn)) |
|
213
|
|
|
assert.Equal(t, "oidc_token_file_path_test", tea.StringValue(config.OIDCTokenFilePath)) |
|
214
|
|
|
assert.Equal(t, "role_arn_test", tea.StringValue(config.RoleArn)) |
|
215
|
|
|
} |
|
216
|
|
|
|
|
217
|
|
|
func TestNewCredentialWithCredentialsURI(t *testing.T) { |
|
218
|
|
|
config := new(Config) |
|
219
|
|
|
|
|
220
|
|
|
config.SetType("credentials_uri"). |
|
221
|
|
|
SetURLCredential("http://test/") |
|
222
|
|
|
cred, err := NewCredential(config) |
|
223
|
|
|
assert.Nil(t, err) |
|
224
|
|
|
assert.NotNil(t, cred) |
|
225
|
|
|
assert.Equal(t, "http://test/", tea.StringValue(config.Url)) |
|
226
|
|
|
|
|
227
|
|
|
config.SetURLCredential("") |
|
228
|
|
|
cred, err = NewCredential(config) |
|
229
|
|
|
assert.Nil(t, err) |
|
230
|
|
|
assert.NotNil(t, cred) |
|
231
|
|
|
assert.Equal(t, "", tea.StringValue(config.Url)) |
|
232
|
|
|
} |
|
233
|
|
|
|
|
234
|
|
|
func TestNewCredentialWithInvalidType(t *testing.T) { |
|
235
|
|
|
config := new(Config) |
|
236
|
|
|
config.SetType("sdk") |
|
237
|
|
|
cred, err := NewCredential(config) |
|
238
|
|
|
assert.NotNil(t, err) |
|
239
|
|
|
assert.Equal(t, "Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair", err.Error()) |
|
240
|
|
|
assert.Nil(t, cred) |
|
241
|
|
|
} |
|
242
|
|
|
|
|
243
|
|
|
func Test_doaction(t *testing.T) { |
|
244
|
|
|
request := request.NewCommonRequest() |
|
245
|
|
|
request.Method = "credential test" |
|
246
|
|
|
content, err := doAction(request, nil) |
|
247
|
|
|
assert.NotNil(t, err) |
|
248
|
|
|
assert.Equal(t, `net/http: invalid method "credential test"`, err.Error()) |
|
249
|
|
|
assert.Nil(t, content) |
|
250
|
|
|
request.Method = "GET" |
|
251
|
|
|
request.URL = "http://www.aliyun.com" |
|
252
|
|
|
runtime := &utils.Runtime{ |
|
253
|
|
|
Proxy: "# #%gfdf", |
|
254
|
|
|
} |
|
255
|
|
|
content, err = doAction(request, runtime) |
|
256
|
|
|
assert.Contains(t, err.Error(), `invalid URL escape`) |
|
257
|
|
|
assert.NotNil(t, err) |
|
258
|
|
|
assert.Nil(t, content) |
|
259
|
|
|
} |
|
260
|
|
|
|
aliyun /
credentials-go
