refine the test cases

credentials/credential.go

@@ -197,11 +197,9 @@ func (s *Config) SetSTSEndpoint(v string) *Config {
 // please see README.md for detail.
 func NewCredential(config *Config) (credential Credential, err error) {
 	if config == nil {
-		config, err = defaultChain.resolve()
-		if err != nil {
-			return
-		}
-		return NewCredential(config)
+		provider := providers.NewDefaultCredentialsProvider()
+		credential = fromCredentialsProvider("default", provider)
+		return
 	}
 	switch tea.StringValue(config.Type) {
 	case "credentials_uri":

credentials/credential_test.go

@@ -23,23 +23,26 @@ func TestConfig(t *testing.T) {
 }
 
 func TestNewCredentialWithNil(t *testing.T) {
-	originAccessKey := os.Getenv(EnvVarAccessKeyId)
-	originAccessSecret := os.Getenv(EnvVarAccessKeySecret)
-	os.Setenv(EnvVarAccessKeyId, "accesskey")
-	os.Setenv(EnvVarAccessKeySecret, "accesssecret")
+	rollback := utils.Memory(EnvVarAccessKeyId, EnvVarAccessKeySecret, "ALIBABA_CLOUD_CLI_PROFILE_DISABLED")
 	defer func() {
-		os.Setenv(EnvVarAccessKeyId, originAccessKey)
-		os.Setenv(EnvVarAccessKeySecret, originAccessSecret)
+		rollback()
 	}()
+
+	os.Setenv(EnvVarAccessKeyId, "accesskey")
+	os.Setenv(EnvVarAccessKeySecret, "accesssecret")
+
 	cred, err := NewCredential(nil)
 	assert.Nil(t, err)
 	assert.NotNil(t, cred)
+
 	os.Unsetenv(EnvVarAccessKeyId)
 	os.Unsetenv(EnvVarAccessKeySecret)
+	os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "true")
+
 	cred, err = NewCredential(nil)
-	assert.NotNil(t, err)
-	assert.Equal(t, "no credential found", err.Error())
-	assert.Nil(t, cred)
+	assert.Nil(t, err)
+	_, err = cred.GetCredential()
+	assert.Contains(t, err.Error(), "unable to get credentials from any of the providers in the chain:")
 }
 
 func TestNewCredentialWithAK(t *testing.T) {

credentials/internal/providers/cli_profile.go

@@ -2,6 +2,7 @@ package providers
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -24,7 +25,7 @@ func (b *CLIProfileCredentialsProviderBuilder) WithProfileName(profileName strin
 	return b
 }
 
-func (b *CLIProfileCredentialsProviderBuilder) Build() *CLIProfileCredentialsProvider {
+func (b *CLIProfileCredentialsProviderBuilder) Build() (provider *CLIProfileCredentialsProvider, err error) {
 	// 优先级：
 	// 1. 使用显示指定的 profileName
 	// 2. 使用环境变量（ALIBABA_CLOUD_PROFILE）制定的 profileName
@@ -33,7 +34,13 @@ func (b *CLIProfileCredentialsProviderBuilder) Build() *CLIProfileCredentialsPro
 		b.provider.profileName = os.Getenv("ALIBABA_CLOUD_PROFILE")
 	}
 
-	return b.provider
+	if os.Getenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED") == "true" {
+		err = errors.New("the CLI profile is disabled")
+		return
+	}
+
+	provider = b.provider
+	return
 }
 
 func NewCLIProfileCredentialsProviderBuilder() *CLIProfileCredentialsProviderBuilder {

credentials/internal/providers/cli_profile_test.go

@@ -13,15 +13,23 @@ import (
 func TestCLIProfileCredentialsProvider(t *testing.T) {
 	rollback := utils.Memory("ALIBABA_CLOUD_PROFILE")
 	defer rollback()
-	b := NewCLIProfileCredentialsProviderBuilder().Build()
+
+	b, err := NewCLIProfileCredentialsProviderBuilder().
+		Build()
+	assert.Nil(t, err)
 	assert.Equal(t, "", b.profileName)
 
 	// get from env
 	os.Setenv("ALIBABA_CLOUD_PROFILE", "custom_profile")
-	b = NewCLIProfileCredentialsProviderBuilder().Build()
+	b, err = NewCLIProfileCredentialsProviderBuilder().
+		Build()
+	assert.Nil(t, err)
 	assert.Equal(t, "custom_profile", b.profileName)
 
-	b = NewCLIProfileCredentialsProviderBuilder().WithProfileName("profilename").Build()
+	b, err = NewCLIProfileCredentialsProviderBuilder().
+		WithProfileName("profilename").
+		Build()
+	assert.Nil(t, err)
 	assert.Equal(t, "profilename", b.profileName)
 }
 
@@ -118,8 +126,9 @@ func TestCLIProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
 		},
 	}
 
-	provider := NewCLIProfileCredentialsProviderBuilder().Build()
-	_, err := provider.getCredentialsProvider(conf, "inexist")
+	provider, err := NewCLIProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
+	_, err = provider.getCredentialsProvider(conf, "inexist")
 	assert.EqualError(t, err, "unable to get profile with 'inexist'")
 
 	// AK
@@ -172,14 +181,16 @@ func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) {
 	getHomePath = func() string {
 		return ""
 	}
-	provider := NewCLIProfileCredentialsProviderBuilder().Build()
-	_, err := provider.GetCredentials()
+	provider, err := NewCLIProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
+	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "cannot found home dir")
 
 	getHomePath = func() string {
 		return "/path/invalid/home/dir"
 	}
-	provider = NewCLIProfileCredentialsProviderBuilder().Build()
+	provider, err = NewCLIProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "reading aliyun cli config from '/path/invalid/home/dir/.aliyun/config.json' failed open /path/invalid/home/dir/.aliyun/config.json: no such file or directory")
 
@@ -189,17 +200,20 @@ func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) {
 	}
 
 	// get credentials by current profile
-	provider = NewCLIProfileCredentialsProviderBuilder().Build()
+	provider, err = NewCLIProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 	cc, err := provider.GetCredentials()
 	assert.Nil(t, err)
 	assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "secret", SecurityToken: "", ProviderName: "cli_profile/static_ak"}, cc)
 
-	provider = NewCLIProfileCredentialsProviderBuilder().WithProfileName("inexist").Build()
+	provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("inexist").Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "unable to get profile with 'inexist'")
 
 	// The get_credentials_error profile is invalid
-	provider = NewCLIProfileCredentialsProviderBuilder().WithProfileName("get_credentials_error").Build()
+	provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("get_credentials_error").Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound")
 }

credentials/internal/providers/default.go

@@ -27,11 +27,16 @@ func NewDefaultCredentialsProvider() (provider *DefaultCredentialsProvider) {
 	}
 
 	// cli credentials provider
-	providers = append(providers, NewCLIProfileCredentialsProviderBuilder().Build())
+	cliProfileProvider, err := NewCLIProfileCredentialsProviderBuilder().Build()
+	if err == nil {
+		providers = append(providers, cliProfileProvider)
+	}
 
 	// profile credentials provider
-	// providers = append(providers)
-	providers = append(providers, NewProfileCredentialsProviderBuilder().Build())
+	profileProvider, err := NewProfileCredentialsProviderBuilder().Build()
+	if err == nil {
+		providers = append(providers, profileProvider)
+	}
 
 	// Add IMDS
 	if os.Getenv("ALIBABA_CLOUD_ECS_METADATA") != "" {

credentials/internal/providers/profile.go

@@ -30,7 +30,7 @@ func (b *ProfileCredentialsProviderBuilder) WithProfileName(profileName string)
 	return b
 }
 
-func (b *ProfileCredentialsProviderBuilder) Build() (provider *ProfileCredentialsProvider) {
+func (b *ProfileCredentialsProviderBuilder) Build() (provider *ProfileCredentialsProvider, err error) {
 	// 优先级：
 	// 1. 使用显示指定的 profileName
 	// 2. 使用环境变量（ALIBABA_CLOUD_PROFILE）指定的 profileName

credentials/internal/providers/profile_test.go

@@ -91,24 +91,28 @@ func TestProfileCredentialsProviderBuilder(t *testing.T) {
 	defer rollback()
 
 	// profile name from specified
-	provider := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
 	assert.Equal(t, "custom", provider.profileName)
 
 	// profile name from env
 	os.Setenv("ALIBABA_CLOUD_PROFILE", "profile_from_env")
-	provider = NewProfileCredentialsProviderBuilder().Build()
+	provider, err = NewProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 
 	assert.Equal(t, "profile_from_env", provider.profileName)
 
 	// profile name from default
 	os.Setenv("ALIBABA_CLOUD_PROFILE", "")
-	provider = NewProfileCredentialsProviderBuilder().Build()
+	provider, err = NewProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 	assert.Equal(t, "default", provider.profileName)
 }
 
 func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
-	provider := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
-	_, err := provider.getCredentialsProvider(ini.Empty())
+	provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
+	_, err = provider.getCredentialsProvider(ini.Empty())
 	assert.NotNil(t, err)
 	assert.EqualError(t, err, "ERROR: Can not load sectionsection \"custom\" does not exist")
 
@@ -117,25 +121,29 @@ func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
 	assert.NotNil(t, file)
 
 	// no type
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("notype").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("notype").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.NotNil(t, err)
 	assert.EqualError(t, err, "ERROR: Can not find credential typeerror when getting key of section \"notype\": key \"type\" not exists")
 
 	// no ak
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("noak").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noak").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.NotNil(t, err)
 	assert.EqualError(t, err, "ERROR: Failed to get value")
 
 	// value is empty
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("emptyak").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("emptyak").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.NotNil(t, err)
 	assert.EqualError(t, err, "ERROR: Value can't be empty")
 
 	// static ak provider
-	provider = NewProfileCredentialsProviderBuilder().Build()
+	provider, err = NewProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 	cp, err := provider.getCredentialsProvider(file)
 	assert.Nil(t, err)
 	akcp, ok := cp.(*StaticAKCredentialsProvider)
@@ -145,36 +153,42 @@ func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
 	assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "static_ak"}, cc)
 
 	// ecs_ram_role without rolename
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("noecs").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noecs").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.EqualError(t, err, "ERROR: Failed to get value")
 
 	// ecs_ram_role with rolename
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("ecs").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ecs").Build()
+	assert.Nil(t, err)
 	cp, err = provider.getCredentialsProvider(file)
 	assert.Nil(t, err)
 	_, ok = cp.(*ECSRAMRoleCredentialsProvider)
 	assert.True(t, ok)
 
 	// ram role arn without keys
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("noram").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("noram").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.EqualError(t, err, "ERROR: Failed to get value")
 
 	// ram role arn without values
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("emptyram").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("emptyram").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.EqualError(t, err, "ERROR: Value can't be empty")
 
 	// normal ram role arn
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build()
+	assert.Nil(t, err)
 	cp, err = provider.getCredentialsProvider(file)
 	assert.Nil(t, err)
 	_, ok = cp.(*RAMRoleARNCredentialsProvider)
 	assert.True(t, ok)
 
 	// unsupported type
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("error_type").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("error_type").Build()
+	assert.Nil(t, err)
 	_, err = provider.getCredentialsProvider(file)
 	assert.EqualError(t, err, "ERROR: Failed to get credential")
 }
@@ -190,22 +204,25 @@ func TestProfileCredentialsProviderGetCredentials(t *testing.T) {
 	getHomePath = func() string {
 		return ""
 	}
-	provider := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
-	_, err := provider.GetCredentials()
+	provider, err := NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
+	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "cannot found home dir")
 
 	// testcase: invalid home
 	getHomePath = func() string {
 		return "/path/invalid/home/dir"
 	}
 
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "ERROR: Can not open fileopen /path/invalid/home/dir/.alibabacloud/credentials: no such file or directory")
 
 	// testcase: specify credentials file with env
 	os.Setenv("ALIBABA_CLOUD_CREDENTIALS_FILE", "/path/to/credentials.invalid")
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "ERROR: Can not open fileopen /path/to/credentials.invalid: no such file or directory")
 	os.Unsetenv("ALIBABA_CLOUD_CREDENTIALS_FILE")
@@ -216,11 +233,13 @@ func TestProfileCredentialsProviderGetCredentials(t *testing.T) {
 		return path.Join(wd, "fixtures")
 	}
 
-	provider = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("custom").Build()
+	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.EqualError(t, err, "ERROR: Can not load sectionsection \"custom\" does not exist")
 
-	provider = NewProfileCredentialsProviderBuilder().Build()
+	provider, err = NewProfileCredentialsProviderBuilder().Build()
+	assert.Nil(t, err)
 	cc, err := provider.GetCredentials()
 	assert.Nil(t, err)
 	assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "profile/static_ak"}, cc)

credentials/provider_chain_test.go

@@ -116,8 +116,9 @@ func TestDefaultChainHasCred(t *testing.T) {
 	assert.Equal(t, "roleSessionName", tea.StringValue(config.RoleSessionName))
 	assert.Equal(t, "oidc_role_arn", tea.StringValue(config.Type))
 
+	os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "true")
 	cred, err := NewCredential(nil)
 	assert.Nil(t, err)
 	assert.NotNil(t, cred)
-	assert.Contains(t, "oidc_role_arn", tea.StringValue(cred.GetType()))
+	assert.Equal(t, "default", *cred.GetType())
 }