func TestAfterRetryRefreshCreds(t *testing.T) { os.Clearenv() credProvider := &mockCredsProvider{} svc := awstesting.NewClient(&aws.Config{ Credentials: credentials.NewCredentials(credProvider), MaxRetries: aws.Int(1), }) svc.Handlers.Clear() svc.Handlers.ValidateResponse.PushBack(func(r *request.Request) { r.Error = awserr.New("UnknownError", "", nil) r.HTTPResponse = &http.Response{StatusCode: 400} }) svc.Handlers.UnmarshalError.PushBack(func(r *request.Request) { r.Error = awserr.New("ExpiredTokenException", "", nil) }) svc.Handlers.AfterRetry.PushBackNamed(corehandlers.AfterRetryHandler) assert.True(t, svc.Config.Credentials.IsExpired(), "Expect to start out expired") assert.False(t, credProvider.retrieveCalled) req := svc.NewRequest(&request.Operation{Name: "Operation"}, nil, nil) req.Send() assert.True(t, svc.Config.Credentials.IsExpired()) assert.False(t, credProvider.retrieveCalled) _, err := svc.Config.Credentials.Get() assert.NoError(t, err) assert.True(t, credProvider.retrieveCalled) }
func TestEC2RoleProviderExpiryWindowIsExpired(t *testing.T) { server := initTestServer("2014-12-16T01:51:37Z", false) defer server.Close() p := &ec2rolecreds.EC2RoleProvider{ Client: ec2metadata.New(session.New(), &aws.Config{Endpoint: aws.String(server.URL + "/latest")}), ExpiryWindow: time.Hour * 1, } p.CurrentTime = func() time.Time { return time.Date(2014, 12, 15, 0, 51, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve.") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error, %v", err) assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve.") p.CurrentTime = func() time.Time { return time.Date(2014, 12, 16, 0, 55, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired.") }
func TestChainProviderIsExpired(t *testing.T) { stubProvider := &stubProvider{expired: true} p := &ChainProvider{ Providers: []Provider{ stubProvider, }, } assert.True(t, p.IsExpired(), "Expect expired to be true before any Retrieve") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect not expired after retrieve") stubProvider.expired = true assert.True(t, p.IsExpired(), "Expect return of expired provider") _, err = p.Retrieve() assert.False(t, p.IsExpired(), "Expect not expired after retrieve") }
func TestStaticProviderIsExpired(t *testing.T) { s := StaticProvider{ Value: Value{ AccessKeyID: "AKID", SecretAccessKey: "SECRET", SessionToken: "", }, } assert.False(t, s.IsExpired(), "Expect static credentials to never expire") }
func TestSharedCredentialsProviderIsExpired(t *testing.T) { os.Clearenv() p := SharedCredentialsProvider{Filename: "example.ini", Profile: ""} assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve") }
func TestIsFalseWithUserDefinedStructs(t *testing.T) { assert := assert.New(t) type nilStructType struct { SliceOfPointers []*string } nilStruct := nilStructType{SliceOfPointers: nil} assert.True(isFalse(nilStruct.SliceOfPointers)) // A user defined struct will never be false though, // even if it's fields are the zero type. assert.False(isFalse(nilStruct)) }
// test that the request is retried after the credentials are expired. func TestRequestRecoverExpiredCreds(t *testing.T) { reqNum := 0 reqs := []http.Response{ {StatusCode: 400, Body: body(`{"__type":"ExpiredTokenException","message":"expired token"}`)}, {StatusCode: 200, Body: body(`{"data":"valid"}`)}, } s := awstesting.NewClient(&aws.Config{MaxRetries: aws.Int(10), Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "")}) s.Handlers.Validate.Clear() s.Handlers.Unmarshal.PushBack(unmarshal) s.Handlers.UnmarshalError.PushBack(unmarshalError) credExpiredBeforeRetry := false credExpiredAfterRetry := false s.Handlers.AfterRetry.PushBack(func(r *request.Request) { credExpiredAfterRetry = r.Config.Credentials.IsExpired() }) s.Handlers.Sign.Clear() s.Handlers.Sign.PushBack(func(r *request.Request) { r.Config.Credentials.Get() }) s.Handlers.Send.Clear() // mock sending s.Handlers.Send.PushBack(func(r *request.Request) { r.HTTPResponse = &reqs[reqNum] reqNum++ }) out := &testData{} r := s.NewRequest(&request.Operation{Name: "Operation"}, nil, out) err := r.Send() assert.Nil(t, err) assert.False(t, credExpiredBeforeRetry, "Expect valid creds before retry check") assert.True(t, credExpiredAfterRetry, "Expect expired creds after retry check") assert.False(t, s.Config.Credentials.IsExpired(), "Expect valid creds after cred expired recovery") assert.Equal(t, 1, int(r.RetryCount)) assert.Equal(t, "valid", out.Data) }
func TestCredentialsExpire(t *testing.T) { stub := &stubProvider{} c := NewCredentials(stub) stub.expired = false assert.True(t, c.IsExpired(), "Expected to start out expired") c.Expire() assert.True(t, c.IsExpired(), "Expected to be expired") c.forceRefresh = false assert.False(t, c.IsExpired(), "Expected not to be expired") stub.expired = true assert.True(t, c.IsExpired(), "Expected to be expired") }
func TestEnvProviderIsExpired(t *testing.T) { os.Clearenv() os.Setenv("AWS_ACCESS_KEY_ID", "access") os.Setenv("AWS_SECRET_ACCESS_KEY", "secret") os.Setenv("AWS_SESSION_TOKEN", "token") e := EnvProvider{} assert.True(t, e.IsExpired(), "Expect creds to be expired before retrieve.") _, err := e.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, e.IsExpired(), "Expect creds to not be expired after retrieve.") }
func TestMetadataNotAvailable(t *testing.T) { c := ec2metadata.New(session.New()) c.Handlers.Send.Clear() c.Handlers.Send.PushBack(func(r *request.Request) { r.HTTPResponse = &http.Response{ StatusCode: int(0), Status: http.StatusText(int(0)), Body: ioutil.NopCloser(bytes.NewReader([]byte{})), } r.Error = awserr.New("RequestError", "send request failed", nil) r.Retryable = aws.Bool(true) // network errors are retryable }) available := c.Available() assert.False(t, available) }
// Use DynamoDB methods for simplicity func TestPaginationEarlyExit(t *testing.T) { db := dynamodb.New(unit.Session) numPages, gotToEnd := 0, false reqNum := 0 resps := []*dynamodb.ListTablesOutput{ {TableNames: []*string{aws.String("Table1"), aws.String("Table2")}, LastEvaluatedTableName: aws.String("Table2")}, {TableNames: []*string{aws.String("Table3"), aws.String("Table4")}, LastEvaluatedTableName: aws.String("Table4")}, {TableNames: []*string{aws.String("Table5")}}, } db.Handlers.Send.Clear() // mock sending db.Handlers.Unmarshal.Clear() db.Handlers.UnmarshalMeta.Clear() db.Handlers.ValidateResponse.Clear() db.Handlers.Unmarshal.PushBack(func(r *request.Request) { r.Data = resps[reqNum] reqNum++ }) params := &dynamodb.ListTablesInput{Limit: aws.Int64(2)} err := db.ListTablesPages(params, func(p *dynamodb.ListTablesOutput, last bool) bool { numPages++ if numPages == 2 { return false } if last { if gotToEnd { assert.Fail(t, "last=true happened twice") } gotToEnd = true } return true }) assert.Equal(t, 2, numPages) assert.False(t, gotToEnd) assert.Nil(t, err) }