alibaba-cloud-sdk-go/sdk/auth/signers/signer_ecs_ram_role_test.go

package signers

import (
	"fmt"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
	"time"

	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
	"github.com/stretchr/testify/assert"
)

func Test_ECSRamRole(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	singer := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, singer)
	assert.Equal(t, "HMAC-SHA1", singer.GetName())
	assert.Equal(t, "", singer.GetType())
	assert.Equal(t, "1.0", singer.GetVersion())
	// nothing
	singer.Shutdown()
}

func Test_EcsRamRoleSigner_buildCommonRequest(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	request, err := s.buildCommonRequest()
	assert.Nil(t, err)
	assert.Nil(t, request)
}

func Test_EcsRamRoleSigner_GetAccessKeyId(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Update our securityCredURL to point at our local test server.
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", "http://invalid-domain-xxx", -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()

	accessKeyId, err := s.GetAccessKeyId()
	assert.True(t, strings.HasSuffix(err.Error(), "no such host"))
	assert.Equal(t, "", accessKeyId)
}

func mockServer(status int, json string) (server *httptest.Server) {
	// Start a test server locally.
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		switch r.URL.Path {
		case "/latest/meta-data/ram/security-credentials/roleName":
			w.WriteHeader(status)
			w.Write([]byte(json))
		}
	}))
	return ts
}

func Test_EcsRamRoleSigner_GetAccessKeyId2(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Start a test server locally.
	ts := mockServer(400, "{}")
	defer ts.Close()
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()
	accessKeyId, err := s.GetAccessKeyId()
	assert.Equal(t, "SDK.ServerError\nErrorCode: \nRecommend: \nRequestId: \nMessage: {}", err.Error())
	assert.Equal(t, "", accessKeyId)
}

func Test_EcsRamRoleSigner_GetAccessKeyId3(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Start a test server locally.
	ts := mockServer(200, "invalid json")
	defer ts.Close()
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()
	accessKeyId, err := s.GetAccessKeyId()
	assert.Equal(t, "refresh Ecs sts token err, json.Unmarshal fail: invalid character 'i' looking for beginning of value", err.Error())
	assert.Equal(t, "", accessKeyId)
}

func Test_EcsRamRoleSigner_GetAccessKeyId4(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Start a test server locally.
	ts := mockServer(200, `{"Code":"Fails"}`)
	defer ts.Close()
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()
	accessKeyId, err := s.GetAccessKeyId()
	assert.Equal(t, "refresh Ecs sts token err, Code is not Success", err.Error())
	assert.Equal(t, "", accessKeyId)
}

func Test_EcsRamRoleSigner_GetAccessKeyId5(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Start a test server locally.
	ts := mockServer(200, `{"Code":"Success"}`)
	defer ts.Close()
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()
	accessKeyId, err := s.GetAccessKeyId()
	assert.Nil(t, err)
	assert.Equal(t, "", accessKeyId)
}

func Test_EcsRamRoleSigner_GetAccessKeyId_Success(t *testing.T) {
	c := credentials.NewEcsRamRoleCredential("roleName")
	s := NewEcsRamRoleSigner(c, nil)
	assert.NotNil(t, s)
	// Start a test server locally.
	nextDay := time.Now().AddDate(0, 0, 1)
	ts := mockServer(200, fmt.Sprintf(`{
		"Code": "Success",
		"AccessKeyId":"access key id",
		"AccessKeySecret":"access key secret",
		"SecurityToken":"security token",
		"Expiration": "%s"
	}`, nextDay.Format("2006-01-02T15:04:05Z")))
	defer ts.Close()
	originalSecurityCredURL := securityCredURL
	securityCredURL = strings.Replace(securityCredURL, "http://100.100.100.200", ts.URL, -1)
	defer func() {
		securityCredURL = originalSecurityCredURL
	}()
	// sessionCredential should be nil
	assert.Len(t, s.GetExtraParam(), 0)
	assert.Nil(t, s.GetSessionCredential())
	accessKeyId, err := s.GetAccessKeyId()
	assert.Nil(t, err)
	assert.Equal(t, "access key id", accessKeyId)
	expiration := s.credentialExpiration
	accessKeyId, err = s.GetAccessKeyId()
	assert.NotNil(t, s.GetSessionCredential())
	assert.Nil(t, err)
	assert.Equal(t, "access key id", accessKeyId)
	assert.Len(t, s.GetExtraParam(), 1)
	assert.Equal(t, "security token", s.GetExtraParam()["SecurityToken"])
	// the expiration should not changed. hit cache
	assert.Equal(t, expiration, s.credentialExpiration)

	assert.Equal(t, "1cZAkOls5YUecgvzbeEbfGy1wFw=", s.Sign("string to sign", "/"))
}