add test cases for signer_ecs_ram_role.go

sdk/auth/credentials/providers/instance_metadata_test.go

@@ -59,7 +59,7 @@ func TestInstanceMetadataProvider_Retrieve_Success(t *testing.T) {
 func TestInstanceMetadataProvider_Retrieve_Fail1(t *testing.T) {
 	// Update our securityCredURL to point at our local test server.
 	originalSecurityCredURL := securityCredURL
-	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", "http://invalid", -1)
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", "http://invalid-domain-xxx", -1)
 	defer func() {
 		securityCredURL = originalSecurityCredURL
 	}()

sdk/auth/signers/signer_ecs_ram_role.go

@@ -27,6 +27,8 @@ import (
 	"github.com/jmespath/go-jmespath"
 )
 
+var securityCredURL = "http://100.100.100.200/latest/meta-data/ram/security-credentials/"
+
 type EcsRamRoleSigner struct {
 	*credentialUpdater
 	sessionCredential *SessionCredential
@@ -65,9 +67,12 @@ func (*EcsRamRoleSigner) GetVersion() string {
 func (signer *EcsRamRoleSigner) GetAccessKeyId() (accessKeyId string, err error) {
 	if signer.sessionCredential == nil || signer.needUpdateCredential() {
 		err = signer.updateCredential()
+		if err != nil {
+			return
+		}
 	}
-	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
-		return "", err
+	if signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0 {
+		return "", nil
 	}
 	return signer.sessionCredential.AccessKeyId, nil
 }
@@ -88,71 +93,61 @@ func (signer *EcsRamRoleSigner) Sign(stringToSign, secretSuffix string) string {
 }
 
 func (signer *EcsRamRoleSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {
-	request = requests.NewCommonRequest()
 	return
 }
 
 func (signer *EcsRamRoleSigner) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
-	requestUrl := "http://100.100.100.200/latest/meta-data/ram/security-credentials/" + signer.credential.RoleName
+	requestUrl := securityCredURL + signer.credential.RoleName
 	httpRequest, err := http.NewRequest(requests.GET, requestUrl, strings.NewReader(""))
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err", err)
+		err = fmt.Errorf("refresh Ecs sts token err: %s", err.Error())
 		return
 	}
 	httpClient := &http.Client{}
 	httpResponse, err := httpClient.Do(httpRequest)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err", err)
+		err = fmt.Errorf("refresh Ecs sts token err: %s", err.Error())
 		return
 	}
 
 	response = responses.NewCommonResponse()
 	err = responses.Unmarshal(response, httpResponse, "")
-
 	return
 }
 
 func (signer *EcsRamRoleSigner) refreshCredential(response *responses.CommonResponse) (err error) {
 	if response.GetHttpStatus() != http.StatusOK {
-		fmt.Println("refresh Ecs sts token err, httpStatus: " + string(response.GetHttpStatus()) + ", message = " + response.GetHttpContentString())
-		return
+		return fmt.Errorf("refresh Ecs sts token err, httpStatus: %d, message = %s", response.GetHttpStatus(), response.GetHttpContentString())
 	}
 	var data interface{}
 	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, json.Unmarshal fail", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, json.Unmarshal fail: %s", err.Error())
 	}
 	code, err := jmespath.Search("Code", data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, fail to get Code", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, fail to get Code: %s", err.Error())
 	}
 	if code.(string) != "Success" {
-		fmt.Println("refresh Ecs sts token err, Code is not Success", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, Code is not Success")
 	}
 	accessKeyId, err := jmespath.Search("AccessKeyId", data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, fail to get AccessKeyId", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, fail to get AccessKeyId: %s", err.Error())
 	}
 	accessKeySecret, err := jmespath.Search("AccessKeySecret", data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, fail to get AccessKeySecret", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, fail to get AccessKeySecret: %s", err.Error())
 	}
 	securityToken, err := jmespath.Search("SecurityToken", data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, fail to get SecurityToken", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, fail to get SecurityToken: %s", err.Error())
 	}
 	expiration, err := jmespath.Search("Expiration", data)
 	if err != nil {
-		fmt.Println("refresh Ecs sts token err, fail to get Expiration", err)
-		return
+		return fmt.Errorf("refresh Ecs sts token err, fail to get Expiration: %s", err.Error())
 	}
-	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
+	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil || expiration == nil {
 		return
 	}
 

sdk/auth/signers/signer_ecs_ram_role_test.go

@@ -0,0 +1,166 @@
+package signers
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ECSRamRole(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	singer := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, singer)
+	assert.Equal(t, "HMAC-SHA1", singer.GetName())
+	assert.Equal(t, "", singer.GetType())
+	assert.Equal(t, "1.0", singer.GetVersion())
+	// nothing
+	singer.Shutdown()
+}
+
+func Test_EcsRamRoleSigner_buildCommonRequest(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	request, err := s.buildCommonRequest()
+	assert.Nil(t, err)
+	assert.Nil(t, request)
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Update our securityCredURL to point at our local test server.
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", "http://invalid-domain-xxx", -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.True(t, strings.HasSuffix(err.Error(), "no such host"))
+	assert.Equal(t, "", accessKeyId)
+}
+
+func mockServer(status int, json string) (server *httptest.Server) {
+	// Start a test server locally.
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/latest/meta-data/ram/security-credentials/roleName":
+			w.WriteHeader(status)
+			w.Write([]byte(json))
+		}
+	}))
+	return ts
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId2(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Start a test server locally.
+	ts := mockServer(400, "{}")
+	defer ts.Close()
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.Equal(t, "SDK.ServerError\nErrorCode: \nRecommend: \nRequestId: \nMessage: {}", err.Error())
+	assert.Equal(t, "", accessKeyId)
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId3(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Start a test server locally.
+	ts := mockServer(200, "invalid json")
+	defer ts.Close()
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.Equal(t, "refresh Ecs sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())
+	assert.Equal(t, "", accessKeyId)
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId4(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Start a test server locally.
+	ts := mockServer(200, `{"Code":"Fails"}`)
+	defer ts.Close()
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.Equal(t, "refresh Ecs sts token err, Code is not Success", err.Error())
+	assert.Equal(t, "", accessKeyId)
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId5(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Start a test server locally.
+	ts := mockServer(200, `{"Code":"Success"}`)
+	defer ts.Close()
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.Nil(t, err)
+	assert.Equal(t, "", accessKeyId)
+}
+
+func Test_EcsRamRoleSigner_GetAccessKeyId_Success(t *testing.T) {
+	c := credentials.NewEcsRamRoleCredential("roleName")
+	s := NewEcsRamRoleSigner(c, nil)
+	assert.NotNil(t, s)
+	// Start a test server locally.
+	nextDay := time.Now().AddDate(0, 0, 1)
+	ts := mockServer(200, fmt.Sprintf(`{
+		"Code": "Success",
+		"AccessKeyId":"access key id",
+		"AccessKeySecret":"access key secret",
+		"SecurityToken":"security token",
+		"Expiration": "%s"
+	}`, nextDay.Format("2006-01-02T15:04:05Z")))
+	defer ts.Close()
+	originalSecurityCredURL := securityCredURL
+	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
+	defer func() {
+		securityCredURL = originalSecurityCredURL
+	}()
+	// sessionCredential should be nil
+	assert.Len(t, s.GetExtraParam(), 0)
+	assert.Nil(t, s.GetSessionCredential())
+	accessKeyId, err := s.GetAccessKeyId()
+	assert.Nil(t, err)
+	assert.Equal(t, "access key id", accessKeyId)
+	expiration := s.credentialExpiration
+	accessKeyId, err = s.GetAccessKeyId()
+	assert.NotNil(t, s.GetSessionCredential())
+	assert.Nil(t, err)
+	assert.Equal(t, "access key id", accessKeyId)
+	assert.Len(t, s.GetExtraParam(), 1)
+	assert.Equal(t, "security token", s.GetExtraParam()["SecurityToken"])
+	// the expiration should not changed. hit cache
+	assert.Equal(t, expiration, s.credentialExpiration)
+
+	assert.Equal(t, "1cZAkOls5YUecgvzbeEbfGy1wFw=", s.Sign("string to sign", "/"))
+}

sdk/responses/json_parser_test.go

@@ -707,3 +707,13 @@ func TestUnmarshal_float64(t *testing.T) {
 	assert.NotNil(t, err)
 	assert.Equal(t, "struct { FLOAT64 float64 }.FLOAT64: nullableFuzzyFloat64Decoder: not number or string, error found in #10 byte of ...|\"FLOAT64\":{}}|..., bigger context ...|{\"FLOAT64\":{}}|...", err.Error())
 }
+
+func TestUnmarshalWithArray(t *testing.T) {
+	initJsonParserOnce()
+	from := []byte(`[]`)
+	to := &struct{}{}
+	// TODO: Must support Array
+	// support auto json type trans
+	err := jsonParser.Unmarshal(from, to)
+	assert.NotNil(t, err)
+}