Browse Source

add test cases for signer_ram_role_arn.go

tags/1.39.0
Jackson Tian 1 year ago
parent
commit
2bfaebf0dd
3 changed files with 191 additions and 10 deletions
  1. +1
    -1
      Makefile
  2. +10
    -9
      sdk/auth/signers/signer_ram_role_arn.go
  3. +180
    -0
      sdk/auth/signers/signer_ram_role_arn_test.go

+ 1
- 1
Makefile View File

@@ -5,5 +5,5 @@ fmt:
go fmt ./sdk ./integration ./services/...

test:
go test -v -race -coverprofile=coverage.txt -covermode=atomic ./sdk/...
go test -race -coverprofile=coverage.txt -covermode=atomic ./sdk/...
go tool cover -html=coverage.txt -o coverage.html

+ 10
- 9
sdk/auth/signers/signer_ram_role_arn.go View File

@@ -85,10 +85,15 @@ func (*RamRoleArnSigner) GetVersion() string {
func (signer *RamRoleArnSigner) GetAccessKeyId() (accessKeyId string, err error) {
if signer.sessionCredential == nil || signer.needUpdateCredential() {
err = signer.updateCredential()
if err != nil {
return
}
}
if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {

if signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0 {
return "", err
}

return signer.sessionCredential.AccessKeyId, nil
}

@@ -137,23 +142,19 @@ func (signer *RamRoleArnSigner) refreshCredential(response *responses.CommonResp
var data interface{}
err = json.Unmarshal(response.GetHttpContentBytes(), &data)
if err != nil {
fmt.Println("refresh RoleArn sts token err, json.Unmarshal fail", err)
return
return fmt.Errorf("refresh RoleArn sts token err, json.Unmarshal fail: %s", err.Error())
}
accessKeyId, err := jmespath.Search("Credentials.AccessKeyId", data)
if err != nil {
fmt.Println("refresh RoleArn sts token err, fail to get AccessKeyId", err)
return
return fmt.Errorf("refresh RoleArn sts token err, fail to get AccessKeyId: %s", err.Error())
}
accessKeySecret, err := jmespath.Search("Credentials.AccessKeySecret", data)
if err != nil {
fmt.Println("refresh RoleArn sts token err, fail to get AccessKeySecret", err)
return
return fmt.Errorf("refresh RoleArn sts token err, fail to get AccessKeySecret: %s", err.Error())
}
securityToken, err := jmespath.Search("Credentials.SecurityToken", data)
if err != nil {
fmt.Println("refresh RoleArn sts token err, fail to get SecurityToken", err)
return
return fmt.Errorf("refresh RoleArn sts token err, fail to get SecurityToken: %s", err.Error())
}
if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
return


+ 180
- 0
sdk/auth/signers/signer_ram_role_arn_test.go View File

@@ -0,0 +1,180 @@
package signers

import (
"bytes"
"fmt"
"io/ioutil"
"net/http"
"strconv"
"strings"
"testing"

"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
"github.com/stretchr/testify/assert"
)

func Test_NewRamRoleArnSigner(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3500)
signer, err := NewRamRoleArnSigner(c, nil)
assert.Nil(t, err)
assert.Equal(t, "roleSessionName", signer.roleSessionName)
assert.Equal(t, 3500, signer.credentialExpiration)

assert.Equal(t, "HMAC-SHA1", signer.GetName())
assert.Equal(t, "", signer.GetType())
assert.Equal(t, "1.0", signer.GetVersion())

c = credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "", 0)
signer, err = NewRamRoleArnSigner(c, nil)
assert.Nil(t, err)
assert.True(t, strings.HasPrefix(signer.roleSessionName, "aliyun-go-sdk-"))
assert.Equal(t, 3600, signer.credentialExpiration)

c = credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "", 100)
signer, err = NewRamRoleArnSigner(c, nil)
assert.NotNil(t, err)
assert.Equal(t, "[SDK.InvalidParam] Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
// nothing
signer.Shutdown()
}

func Test_RamRoleArn_buildCommonRequest(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
return nil, fmt.Errorf("common api fails")
})
assert.Nil(t, err)
request, err := s.buildCommonRequest()
assert.Nil(t, err)
assert.NotNil(t, request)
assert.Equal(t, "Sts", request.Product)
assert.Equal(t, "2015-04-01", request.Version)
assert.Equal(t, "AssumeRole", request.ApiName)
assert.Equal(t, "HTTPS", request.Scheme)
assert.Equal(t, "roleArn", request.QueryParams["RoleArn"])
assert.Equal(t, "roleSessionName", request.QueryParams["RoleSessionName"])
assert.Equal(t, "3600", request.QueryParams["DurationSeconds"])
assert.Nil(t, s.GetSessionCredential())
}

func Test_RamRoleArn_GetAccessKeyId(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
return nil, fmt.Errorf("common api fails")
})
assert.Nil(t, err)
assert.NotNil(t, s)
accessKeyId, err := s.GetAccessKeyId()
assert.Equal(t, "common api fails", err.Error())
assert.Equal(t, "", accessKeyId)
}

func Test_RamRoleArn_GetAccessKeyId2(t *testing.T) {
// default response is not OK
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
return responses.NewCommonResponse(), nil
})
assert.Nil(t, err)
assert.NotNil(t, s)
// s.lastUpdateTimestamp = time.Now().Unix() - 1000
accessKeyId, err := s.GetAccessKeyId()
assert.Equal(t, "SDK.ServerError\nErrorCode: \nRecommend: refresh session token failed\nRequestId: \nMessage: ", err.Error())
assert.Equal(t, "", accessKeyId)
}

func Test_RamRoleArn_GetAccessKeyId3(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
// Mock the 200 response and invalid json
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
res := responses.NewCommonResponse()
statusCode := 200
header := make(http.Header)
status := strconv.Itoa(statusCode)
httpresp := &http.Response{
Proto: "HTTP/1.1",
ProtoMajor: 1,
Header: header,
StatusCode: statusCode,
Status: status + " " + http.StatusText(statusCode),
}
httpresp.Header = make(http.Header)
httpresp.Body = ioutil.NopCloser(bytes.NewReader([]byte("invalid json")))
responses.Unmarshal(res, httpresp, "JSON")
return res, nil
})
assert.Nil(t, err)
assert.NotNil(t, s)
// s.lastUpdateTimestamp = time.Now().Unix() - 1000
accessKeyId, err := s.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())
assert.Equal(t, "", accessKeyId)
}

func Test_RamRoleArn_GetAccessKeyId4(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
// Mock the 200 response and invalid json
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
res := responses.NewCommonResponse()
statusCode := 200
header := make(http.Header)
status := strconv.Itoa(statusCode)
httpresp := &http.Response{
Proto: "HTTP/1.1",
ProtoMajor: 1,
Header: header,
StatusCode: statusCode,
Status: status + " " + http.StatusText(statusCode),
}
httpresp.Header = make(http.Header)
httpresp.Body = ioutil.NopCloser(bytes.NewReader([]byte("{}")))
responses.Unmarshal(res, httpresp, "JSON")
return res, nil
})
assert.Nil(t, err)
assert.NotNil(t, s)
// s.lastUpdateTimestamp = time.Now().Unix() - 1000
accessKeyId, err := s.GetAccessKeyId()
assert.Nil(t, err)
assert.Equal(t, "", accessKeyId)
}

func Test_RamRoleArn_GetAccessKeyIdAndSign(t *testing.T) {
c := credentials.NewRamRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", 3600)
// mock 200 response and valid json and valid result
s, err := NewRamRoleArnSigner(c, func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error) {
res := responses.NewCommonResponse()
statusCode := 200
header := make(http.Header)
status := strconv.Itoa(statusCode)
httpresp := &http.Response{
Proto: "HTTP/1.1",
ProtoMajor: 1,
Header: header,
StatusCode: statusCode,
Status: status + " " + http.StatusText(statusCode),
}

json := `{"Credentials":{"AccessKeyId":"access key id","AccessKeySecret": "access key secret","SecurityToken":"security token"}}`
httpresp.Body = ioutil.NopCloser(bytes.NewReader([]byte(json)))
responses.Unmarshal(res, httpresp, "JSON")
return res, nil
})
assert.Nil(t, err)
assert.NotNil(t, s)
// s.lastUpdateTimestamp = time.Now().Unix() - 1000
accessKeyId, err := s.GetAccessKeyId()
assert.Nil(t, err)
assert.Equal(t, "access key id", accessKeyId)

params := s.GetExtraParam()
assert.NotNil(t, params)
assert.Len(t, params, 1)
assert.Equal(t, "security token", params["SecurityToken"])
// assert.Nil(t, err)
signature := s.Sign("string to sign", "/")
assert.Equal(t, "dcM4bWGEoD5QUp9xhLW3SfcWfgs=", signature)
}

Loading…
Cancel
Save