Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refine RAMRoleArnCredential #86

Merged
merged 1 commit into from
Jul 29, 2024
Merged

refine RAMRoleArnCredential #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions credentials/sts_role_arn_credential.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,38 +100,38 @@ func (e *RAMRoleArnCredential) GetCredential() (*CredentialModel, error) {

// GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
// if AccessKeyId is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeyId() (*string, error) {
if r.sessionCredential == nil || r.needUpdateCredential() {
err := r.updateCredential()
if err != nil {
return tea.String(""), err
}
func (r *RAMRoleArnCredential) GetAccessKeyId() (accessKeyId *string, err error) {
c, err := r.GetCredential()
if err != nil {
return
}
return tea.String(r.sessionCredential.AccessKeyId), nil

accessKeyId = c.AccessKeyId
return
}

// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeySecret() (*string, error) {
if r.sessionCredential == nil || r.needUpdateCredential() {
err := r.updateCredential()
if err != nil {
return tea.String(""), err
}
func (r *RAMRoleArnCredential) GetAccessKeySecret() (accessKeySecret *string, err error) {
c, err := r.GetCredential()
if err != nil {
return
}
return tea.String(r.sessionCredential.AccessKeySecret), nil

accessKeySecret = c.AccessKeySecret
return
}

// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
// if SecurityToken is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetSecurityToken() (*string, error) {
if r.sessionCredential == nil || r.needUpdateCredential() {
err := r.updateCredential()
if err != nil {
return tea.String(""), err
}
func (r *RAMRoleArnCredential) GetSecurityToken() (securityToken *string, err error) {
c, err := r.GetCredential()
if err != nil {
return
}
return tea.String(r.sessionCredential.SecurityToken), nil

securityToken = c.SecurityToken
return
}

// GetBearerToken is useless RamRoleArnCredential
Expand Down
33 changes: 23 additions & 10 deletions credentials/sts_role_arn_credential_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err := auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

accesskeySecret, err := auth.GetAccessKeySecret()
assert.NotNil(t, err)
assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
assert.Equal(t, "", *accesskeySecret)
assert.Nil(t, accesskeySecret)

ststoken, err := auth.GetSecurityToken()
assert.NotNil(t, err)
assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
assert.Equal(t, "", *ststoken)
assert.Nil(t, ststoken)

assert.Equal(t, "", *auth.GetBearerToken())
assert.Equal(t, "ram_role_arn", *auth.GetType())
Expand All @@ -57,13 +57,13 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

auth.RoleSessionExpiration = 0
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -73,7 +73,7 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: httpStatus: 300, message = ", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -83,7 +83,7 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Json.Unmarshal fail: invalid character ':' after top-level value", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -93,7 +93,7 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -103,7 +103,7 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand Down Expand Up @@ -140,7 +140,7 @@ func Test_RoleArnCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

auth = newRAMRoleArnWithExternalIdCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
Expand All @@ -160,3 +160,16 @@ func Test_RoleArnCredential(t *testing.T) {
assert.Nil(t, err)
assert.Equal(t, "securitytoken", *ststoken)
}

func TestStsRoleARNCredentialsProviderWithSecurityToken(t *testing.T) {
auth := newRAMRoleArnl("accessKeyId", "accessKeySecret", "securityToken", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
assert.Equal(t, "securityToken", req.URL.Query().Get("SecurityToken"))
return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
}
}

_, err := auth.GetCredential()
assert.Nil(t, err)
}
Loading