providers.TestOIDCCredentialsProvider_getCredentials - Code Metrics - Inspection of "refine test cases for OIDC" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 3bd38f...cde461 )

unknown

created 2024-08-23 09:55 UTC

edentials C

↳ Parent: credentials/internal/providers/oidc_test.go

Complexity

Conditions

Size

Total Lines	111
Code Lines	79

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	8
eloc	79
nop	1
dl	0
loc	111
rs	5.8206
c	0
b	0
f	0

How to fix Long Method

package providers

import (
	"errors"
	"os"
	"path"
	"strings"
	"testing"
	"time"

	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
	"github.com/aliyun/credentials-go/credentials/internal/utils"
	"github.com/stretchr/testify/assert"
)

func TestOIDCCredentialsProviderGetCredentialsWithError(t *testing.T) {
	wd, _ := os.Getwd()
	p, err := NewOIDCCredentialsProviderBuilder().
		// read a normal token
		WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithPolicy("policy").
		WithDurationSeconds(1000).
		WithHttpOptions(&HttpOptions{
			ConnectTimeout: 10,
		}).
		Build()

	assert.Nil(t, err)
	assert.Equal(t, 10, p.httpOptions.ConnectTimeout)
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Contains(t, err.Error(), "AuthenticationFail.NoPermission")
}

func TestNewOIDCCredentialsProvider(t *testing.T) {
	rollback := utils.Memory("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "ALIBABA_CLOUD_ROLE_ARN")
	defer func() {
		rollback()
	}()

	_, err := NewOIDCCredentialsProviderBuilder().Build()
	assert.NotNil(t, err)
	assert.Equal(t, "the OIDCTokenFilePath is empty", err.Error())

	_, err = NewOIDCCredentialsProviderBuilder().WithOIDCTokenFilePath("/path/to/invalid/oidc.token").Build()
	assert.NotNil(t, err)
	assert.Equal(t, "the OIDCProviderARN is empty", err.Error())

	_, err = NewOIDCCredentialsProviderBuilder().
		WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
		WithOIDCProviderARN("provider-arn").
		Build()
	assert.NotNil(t, err)
	assert.Equal(t, "the RoleArn is empty", err.Error())

	p, err := NewOIDCCredentialsProviderBuilder().
		WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		Build()
	assert.Nil(t, err)

	assert.Equal(t, "/path/to/invalid/oidc.token", p.oidcTokenFilePath)
	assert.True(t, strings.HasPrefix(p.roleSessionName, "credentials-go-"))
	assert.Equal(t, 3600, p.durationSeconds)

	_, err = NewOIDCCredentialsProviderBuilder().
		WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithDurationSeconds(100).
		Build()
	assert.NotNil(t, err)
	assert.Equal(t, "the Assume Role session duration should be in the range of 15min - max duration seconds", err.Error())

	os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "/path/from/env")
	os.Setenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "provider_arn_from_env")
	os.Setenv("ALIBABA_CLOUD_ROLE_ARN", "role_arn_from_env")

	p, err = NewOIDCCredentialsProviderBuilder().
		Build()
	assert.Nil(t, err)

	assert.Equal(t, "/path/from/env", p.oidcTokenFilePath)
	assert.Equal(t, "provider_arn_from_env", p.oidcProviderARN)
	assert.Equal(t, "role_arn_from_env", p.roleArn)
	// sts endpoint: default
	assert.Equal(t, "sts.aliyuncs.com", p.stsEndpoint)
	// sts endpoint: with sts endpoint
	p, err = NewOIDCCredentialsProviderBuilder().
		WithSTSEndpoint("sts.cn-shanghai.aliyuncs.com").
		Build()
	assert.Nil(t, err)
	assert.Equal(t, "sts.cn-shanghai.aliyuncs.com", p.stsEndpoint)

	// sts endpoint: with sts regionId
	p, err = NewOIDCCredentialsProviderBuilder().
		WithStsRegionId("cn-beijing").
		Build()
	assert.Nil(t, err)
	assert.Equal(t, "sts.cn-beijing.aliyuncs.com", p.stsEndpoint)

	p, err = NewOIDCCredentialsProviderBuilder().
		WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithStsRegionId("cn-hangzhou").
		WithPolicy("policy").
		Build()
	assert.Nil(t, err)

	assert.Equal(t, "/path/to/invalid/oidc.token", p.oidcTokenFilePath)
	assert.Equal(t, "provider-arn", p.oidcProviderARN)
	assert.Equal(t, "roleArn", p.roleArn)
	assert.Equal(t, "rsn", p.roleSessionName)
	assert.Equal(t, "cn-hangzhou", p.stsRegionId)
	assert.Equal(t, "policy", p.policy)
	assert.Equal(t, 3600, p.durationSeconds)
	assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", p.stsEndpoint)
}

func TestOIDCCredentialsProvider_getCredentials(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	// case 0: invalid oidc token file path
	p, err := NewOIDCCredentialsProviderBuilder().
		WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithStsRegionId("cn-hangzhou").
		WithPolicy("policy").
		Build()
	assert.Nil(t, err)

	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "open /path/to/invalid/oidc.token: no such file or directory", err.Error())

	// case 1: mock new http request failed
	wd, _ := os.Getwd()
	p, err = NewOIDCCredentialsProviderBuilder().
		// read a normal token
		WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithStsRegionId("cn-hangzhou").
		WithPolicy("policy").
		Build()
	assert.Nil(t, err)

	// case 2: server error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		err = errors.New("mock server error")
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())

	// case 3: 4xx error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 400,
			Body:       []byte("4xx error"),
		}
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "get session token failed: 4xx error", err.Error())

	// case 4: invalid json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte("invalid json"),
		}
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "get oidc sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())

	// case 5: empty response json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte("null"),
		}
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "get oidc sts token err, fail to get credentials", err.Error())

	// case 6: empty session ak response json
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {}}`),
		}
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())

	// case 7: mock ok value
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"saki","AccessKeySecret":"saks","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"token"}}`),
		}
		return
	}
	creds, err := p.getCredentials()
	assert.Nil(t, err)
	assert.Equal(t, "saki", creds.AccessKeyId)
	assert.Equal(t, "saks", creds.AccessKeySecret)
	assert.Equal(t, "token", creds.SecurityToken)
	assert.Equal(t, "2021-10-20T04:27:09Z", creds.Expiration)

	// needUpdateCredential
	assert.True(t, p.needUpdateCredential())
	p.expirationTimestamp = time.Now().Unix()
	assert.True(t, p.needUpdateCredential())

	p.expirationTimestamp = time.Now().Unix() + 300
	assert.False(t, p.needUpdateCredential())
}

func TestOIDCCredentialsProvider_getCredentialsWithRequestCheck(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	// case 1: mock new http request failed
	wd, _ := os.Getwd()
	p, err := NewOIDCCredentialsProviderBuilder().
		// read a normal token
		WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithPolicy("policy").
		WithDurationSeconds(1000).
		Build()

	assert.Nil(t, err)

	// case 1: server error
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		assert.Equal(t, "sts.aliyuncs.com", req.Host)
		assert.Equal(t, "AssumeRoleWithOIDC", req.Queries["Action"])
		assert.Equal(t, "policy", req.Form["Policy"])
		assert.Equal(t, "roleArn", req.Form["RoleArn"])
		assert.Equal(t, "rsn", req.Form["RoleSessionName"])
		assert.Equal(t, "1000", req.Form["DurationSeconds"])

		err = errors.New("mock server error")
		return
	}
	_, err = p.getCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())
}

func TestOIDCCredentialsProviderGetCredentials(t *testing.T) {
	originHttpDo := httpDo
	defer func() { httpDo = originHttpDo }()

	// case 1: mock new http request failed
	wd, _ := os.Getwd()
	p, err := NewOIDCCredentialsProviderBuilder().
		// read a normal token
		WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
		WithOIDCProviderARN("provider-arn").
		WithRoleArn("roleArn").
		WithRoleSessionName("rsn").
		WithPolicy("policy").
		WithDurationSeconds(1000).
		Build()

	assert.Nil(t, err)

	// case 2: get credentials failed
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		err = errors.New("mock server error")
		return
	}
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "mock server error", err.Error())

	// case 2: get invalid expiration
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"invalidexpiration","SecurityToken":"ststoken"}}`),
		}
		return
	}
	_, err = p.GetCredentials()
	assert.NotNil(t, err)
	assert.Equal(t, "parsing time \"invalidexpiration\" as \"2006-01-02T15:04:05Z\": cannot parse \"invalidexpiration\" as \"2006\"", err.Error())

	// case 3: happy result
	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
		res = &httputil.Response{
			StatusCode: 200,
			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
		}
		return
	}
	cc, err := p.GetCredentials()
	assert.Nil(t, err)
	assert.Equal(t, "akid", cc.AccessKeyId)
	assert.Equal(t, "aksecret", cc.AccessKeySecret)
	assert.Equal(t, "ststoken", cc.SecurityToken)
	assert.Equal(t, "oidc_role_arn", cc.ProviderName)
	assert.True(t, p.needUpdateCredential())
}


1			package providers
2
3			import (
4			"errors"
5			"os"
6			"path"
7			"strings"
8			"testing"
9			"time"
10
11			httputil "github.com/aliyun/credentials-go/credentials/internal/http"
12			"github.com/aliyun/credentials-go/credentials/internal/utils"
13			"github.com/stretchr/testify/assert"
14			)
15
16			func TestOIDCCredentialsProviderGetCredentialsWithError(t *testing.T) {
17			wd, _ := os.Getwd()
18			p, err := NewOIDCCredentialsProviderBuilder().
19			// read a normal token
20			WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
21			WithOIDCProviderARN("provider-arn").
22			WithRoleArn("roleArn").
23			WithRoleSessionName("rsn").
24			WithPolicy("policy").
25			WithDurationSeconds(1000).
26			WithHttpOptions(&HttpOptions{
27			ConnectTimeout: 10,
28			}).
29			Build()
30
31			assert.Nil(t, err)
32			assert.Equal(t, 10, p.httpOptions.ConnectTimeout)
33			_, err = p.GetCredentials()
34			assert.NotNil(t, err)
35			assert.Contains(t, err.Error(), "AuthenticationFail.NoPermission")
36			}
37
38			func TestNewOIDCCredentialsProvider(t *testing.T) {
39			rollback := utils.Memory("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "ALIBABA_CLOUD_ROLE_ARN")
40			defer func() {
41			rollback()
42			}()
43
44			_, err := NewOIDCCredentialsProviderBuilder().Build()
45			assert.NotNil(t, err)
46			assert.Equal(t, "the OIDCTokenFilePath is empty", err.Error())
47
48			_, err = NewOIDCCredentialsProviderBuilder().WithOIDCTokenFilePath("/path/to/invalid/oidc.token").Build()
49			assert.NotNil(t, err)
50			assert.Equal(t, "the OIDCProviderARN is empty", err.Error())
51
52			_, err = NewOIDCCredentialsProviderBuilder().
53			WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
54			WithOIDCProviderARN("provider-arn").
55			Build()
56			assert.NotNil(t, err)
57			assert.Equal(t, "the RoleArn is empty", err.Error())
58
59			p, err := NewOIDCCredentialsProviderBuilder().
60			WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
61			WithOIDCProviderARN("provider-arn").
62			WithRoleArn("roleArn").
63			Build()
64			assert.Nil(t, err)
65
66			assert.Equal(t, "/path/to/invalid/oidc.token", p.oidcTokenFilePath)
67			assert.True(t, strings.HasPrefix(p.roleSessionName, "credentials-go-"))
68			assert.Equal(t, 3600, p.durationSeconds)
69
70			_, err = NewOIDCCredentialsProviderBuilder().
71			WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
72			WithOIDCProviderARN("provider-arn").
73			WithRoleArn("roleArn").
74			WithDurationSeconds(100).
75			Build()
76			assert.NotNil(t, err)
77			assert.Equal(t, "the Assume Role session duration should be in the range of 15min - max duration seconds", err.Error())
78
79			os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "/path/from/env")
80			os.Setenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "provider_arn_from_env")
81			os.Setenv("ALIBABA_CLOUD_ROLE_ARN", "role_arn_from_env")
82
83			p, err = NewOIDCCredentialsProviderBuilder().
84			Build()
85			assert.Nil(t, err)
86
87			assert.Equal(t, "/path/from/env", p.oidcTokenFilePath)
88			assert.Equal(t, "provider_arn_from_env", p.oidcProviderARN)
89			assert.Equal(t, "role_arn_from_env", p.roleArn)
90			// sts endpoint: default
91			assert.Equal(t, "sts.aliyuncs.com", p.stsEndpoint)
92			// sts endpoint: with sts endpoint
93			p, err = NewOIDCCredentialsProviderBuilder().
94			WithSTSEndpoint("sts.cn-shanghai.aliyuncs.com").
95			Build()
96			assert.Nil(t, err)
97			assert.Equal(t, "sts.cn-shanghai.aliyuncs.com", p.stsEndpoint)
98
99			// sts endpoint: with sts regionId
100			p, err = NewOIDCCredentialsProviderBuilder().
101			WithStsRegionId("cn-beijing").
102			Build()
103			assert.Nil(t, err)
104			assert.Equal(t, "sts.cn-beijing.aliyuncs.com", p.stsEndpoint)
105
106			p, err = NewOIDCCredentialsProviderBuilder().
107			WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
108			WithOIDCProviderARN("provider-arn").
109			WithRoleArn("roleArn").
110			WithRoleSessionName("rsn").
111			WithStsRegionId("cn-hangzhou").
112			WithPolicy("policy").
113			Build()
114			assert.Nil(t, err)
115
116			assert.Equal(t, "/path/to/invalid/oidc.token", p.oidcTokenFilePath)
117			assert.Equal(t, "provider-arn", p.oidcProviderARN)
118			assert.Equal(t, "roleArn", p.roleArn)
119			assert.Equal(t, "rsn", p.roleSessionName)
120			assert.Equal(t, "cn-hangzhou", p.stsRegionId)
121			assert.Equal(t, "policy", p.policy)
122			assert.Equal(t, 3600, p.durationSeconds)
123			assert.Equal(t, "sts.cn-hangzhou.aliyuncs.com", p.stsEndpoint)
124			}
125
126			func TestOIDCCredentialsProvider_getCredentials(t *testing.T) {
127			originHttpDo := httpDo
128			defer func() { httpDo = originHttpDo }()
129
130			// case 0: invalid oidc token file path
131			p, err := NewOIDCCredentialsProviderBuilder().
132			WithOIDCTokenFilePath("/path/to/invalid/oidc.token").
133			WithOIDCProviderARN("provider-arn").
134			WithRoleArn("roleArn").
135			WithRoleSessionName("rsn").
136			WithStsRegionId("cn-hangzhou").
137			WithPolicy("policy").
138			Build()
139			assert.Nil(t, err)
140
141			_, err = p.getCredentials()
142			assert.NotNil(t, err)
143			assert.Equal(t, "open /path/to/invalid/oidc.token: no such file or directory", err.Error())
144
145			// case 1: mock new http request failed
146			wd, _ := os.Getwd()
147			p, err = NewOIDCCredentialsProviderBuilder().
148			// read a normal token
149			WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
150			WithOIDCProviderARN("provider-arn").
151			WithRoleArn("roleArn").
152			WithRoleSessionName("rsn").
153			WithStsRegionId("cn-hangzhou").
154			WithPolicy("policy").
155			Build()
156			assert.Nil(t, err)
157
158			// case 2: server error
159			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
160			err = errors.New("mock server error")
161			return
162			}
163			_, err = p.getCredentials()
164			assert.NotNil(t, err)
165			assert.Equal(t, "mock server error", err.Error())
166
167			// case 3: 4xx error
168			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
169			res = &httputil.Response{
170			StatusCode: 400,
171			Body: []byte("4xx error"),
172			}
173			return
174			}
175			_, err = p.getCredentials()
176			assert.NotNil(t, err)
177			assert.Equal(t, "get session token failed: 4xx error", err.Error())
178
179			// case 4: invalid json
180			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
181			res = &httputil.Response{
182			StatusCode: 200,
183			Body: []byte("invalid json"),
184			}
185			return
186			}
187			_, err = p.getCredentials()
188			assert.NotNil(t, err)
189			assert.Equal(t, "get oidc sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())
190
191			// case 5: empty response json
192			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
193			res = &httputil.Response{
194			StatusCode: 200,
195			Body: []byte("null"),
196			}
197			return
198			}
199			_, err = p.getCredentials()
200			assert.NotNil(t, err)
201			assert.Equal(t, "get oidc sts token err, fail to get credentials", err.Error())
202
203			// case 6: empty session ak response json
204			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
205			res = &httputil.Response{
206			StatusCode: 200,
207			Body: []byte(`{"Credentials": {}}`),
208			}
209			return
210			}
211			_, err = p.getCredentials()
212			assert.NotNil(t, err)
213			assert.Equal(t, "refresh RoleArn sts token err, fail to get credentials", err.Error())
214
215			// case 7: mock ok value
216			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
217			res = &httputil.Response{
218			StatusCode: 200,
219			Body: []byte(`{"Credentials": {"AccessKeyId":"saki","AccessKeySecret":"saks","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"token"}}`),
220			}
221			return
222			}
223			creds, err := p.getCredentials()
224			assert.Nil(t, err)
225			assert.Equal(t, "saki", creds.AccessKeyId)
226			assert.Equal(t, "saks", creds.AccessKeySecret)
227			assert.Equal(t, "token", creds.SecurityToken)
228			assert.Equal(t, "2021-10-20T04:27:09Z", creds.Expiration)
229
230			// needUpdateCredential
231			assert.True(t, p.needUpdateCredential())
232			p.expirationTimestamp = time.Now().Unix()
233			assert.True(t, p.needUpdateCredential())
234
235			p.expirationTimestamp = time.Now().Unix() + 300
236			assert.False(t, p.needUpdateCredential())
237			}
238
239			func TestOIDCCredentialsProvider_getCredentialsWithRequestCheck(t *testing.T) {
240			originHttpDo := httpDo
241			defer func() { httpDo = originHttpDo }()
242
243			// case 1: mock new http request failed
244			wd, _ := os.Getwd()
245			p, err := NewOIDCCredentialsProviderBuilder().
246			// read a normal token
247			WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
248			WithOIDCProviderARN("provider-arn").
249			WithRoleArn("roleArn").
250			WithRoleSessionName("rsn").
251			WithPolicy("policy").
252			WithDurationSeconds(1000).
253			Build()
254
255			assert.Nil(t, err)
256
257			// case 1: server error
258			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
259			assert.Equal(t, "sts.aliyuncs.com", req.Host)
260			assert.Equal(t, "AssumeRoleWithOIDC", req.Queries["Action"])
261			assert.Equal(t, "policy", req.Form["Policy"])
262			assert.Equal(t, "roleArn", req.Form["RoleArn"])
263			assert.Equal(t, "rsn", req.Form["RoleSessionName"])
264			assert.Equal(t, "1000", req.Form["DurationSeconds"])
265
266			err = errors.New("mock server error")
267			return
268			}
269			_, err = p.getCredentials()
270			assert.NotNil(t, err)
271			assert.Equal(t, "mock server error", err.Error())
272			}
273
274			func TestOIDCCredentialsProviderGetCredentials(t *testing.T) {
275			originHttpDo := httpDo
276			defer func() { httpDo = originHttpDo }()
277
278			// case 1: mock new http request failed
279			wd, _ := os.Getwd()
280			p, err := NewOIDCCredentialsProviderBuilder().
281			// read a normal token
282			WithOIDCTokenFilePath(path.Join(wd, "fixtures/mock_oidctoken")).
283			WithOIDCProviderARN("provider-arn").
284			WithRoleArn("roleArn").
285			WithRoleSessionName("rsn").
286			WithPolicy("policy").
287			WithDurationSeconds(1000).
288			Build()
289
290			assert.Nil(t, err)
291
292			// case 2: get credentials failed
293			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
294			err = errors.New("mock server error")
295			return
296			}
297			_, err = p.GetCredentials()
298			assert.NotNil(t, err)
299			assert.Equal(t, "mock server error", err.Error())
300
301			// case 2: get invalid expiration
302			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
303			res = &httputil.Response{
304			StatusCode: 200,
305			Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"invalidexpiration","SecurityToken":"ststoken"}}`),
306			}
307			return
308			}
309			_, err = p.GetCredentials()
310			assert.NotNil(t, err)
311			assert.Equal(t, "parsing time \"invalidexpiration\" as \"2006-01-02T15:04:05Z\": cannot parse \"invalidexpiration\" as \"2006\"", err.Error())
312
313			// case 3: happy result
314			httpDo = func(req httputil.Request) (res httputil.Response, err error) {
315			res = &httputil.Response{
316			StatusCode: 200,
317			Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
318			}
319			return
320			}
321			cc, err := p.GetCredentials()
322			assert.Nil(t, err)
323			assert.Equal(t, "akid", cc.AccessKeyId)
324			assert.Equal(t, "aksecret", cc.AccessKeySecret)
325			assert.Equal(t, "ststoken", cc.SecurityToken)
326			assert.Equal(t, "oidc_role_arn", cc.ProviderName)
327			assert.True(t, p.needUpdateCredential())
328			}
329

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( 3bd38f...cde461 )

edentials C

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like