func TestEC2RoleProviderExpiryWindowIsExpired(t *testing.T) { server := initTestServer("2014-12-16T01:51:37Z", false) defer server.Close() p := &ec2rolecreds.EC2RoleProvider{ Client: ec2metadata.New(&ec2metadata.Config{Endpoint: aws.String(server.URL + "/latest")}), ExpiryWindow: time.Hour * 1, } p.CurrentTime = func() time.Time { return time.Date(2014, 12, 15, 0, 51, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve.") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve.") p.CurrentTime = func() time.Time { return time.Date(2014, 12, 16, 0, 55, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired.") }
func TestAfterRetryRefreshCreds(t *testing.T) { os.Clearenv() credProvider := &mockCredsProvider{} svc := service.New(&aws.Config{Credentials: credentials.NewCredentials(credProvider), MaxRetries: aws.Int(1)}) svc.Handlers.Clear() svc.Handlers.ValidateResponse.PushBack(func(r *request.Request) { r.Error = awserr.New("UnknownError", "", nil) r.HTTPResponse = &http.Response{StatusCode: 400} }) svc.Handlers.UnmarshalError.PushBack(func(r *request.Request) { r.Error = awserr.New("ExpiredTokenException", "", nil) }) svc.Handlers.AfterRetry.PushBackNamed(corehandlers.AfterRetryHandler) assert.True(t, svc.Config.Credentials.IsExpired(), "Expect to start out expired") assert.False(t, credProvider.retrieveCalled) req := svc.NewRequest(&request.Operation{Name: "Operation"}, nil, nil) req.Send() assert.True(t, svc.Config.Credentials.IsExpired()) assert.False(t, credProvider.retrieveCalled) _, err := svc.Config.Credentials.Get() assert.NoError(t, err) assert.True(t, credProvider.retrieveCalled) }
func TestEC2RoleProviderExpiryWindowIsExpired(t *testing.T) { server := initTestServer("2014-12-16T01:51:37Z") defer server.Close() p := &EC2RoleProvider{Client: http.DefaultClient, Endpoint: server.URL, ExpiryWindow: time.Hour * 1} defer func() { currentTime = time.Now }() currentTime = func() time.Time { return time.Date(2014, 12, 15, 0, 51, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve.") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve.") currentTime = func() time.Time { return time.Date(2014, 12, 16, 0, 55, 37, 0, time.UTC) } assert.True(t, p.IsExpired(), "Expect creds to be expired.") }
func TestCredentialsExpire(t *testing.T) { stub := &stubProvider{} c := NewCredentials(stub) stub.expired = false assert.True(t, c.IsExpired(), "Expected to start out expired") c.Expire() assert.True(t, c.IsExpired(), "Expected to be expired") c.forceRefresh = false assert.False(t, c.IsExpired(), "Expected not to be expired") stub.expired = true assert.True(t, c.IsExpired(), "Expected to be expired") }
func TestChainProviderWithNoProvider(t *testing.T) { p := &ChainProvider{ Providers: []Provider{}, } assert.True(t, p.IsExpired(), "Expect expired with no providers") _, err := p.Retrieve() assert.Equal(t, ErrNoValidProvidersFoundInChain, err, "Expect no providers error returned") }
func TestChainProviderIsExpired(t *testing.T) { stubProvider := &stubProvider{expired: true} p := &ChainProvider{ Providers: []Provider{ stubProvider, }, } assert.True(t, p.IsExpired(), "Expect expired to be true before any Retrieve") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect not expired after retrieve") stubProvider.expired = true assert.True(t, p.IsExpired(), "Expect return of expired provider") _, err = p.Retrieve() assert.False(t, p.IsExpired(), "Expect not expired after retrieve") }
func TestChainProviderWithNoValidProvider(t *testing.T) { p := &ChainProvider{ Providers: []Provider{ &stubProvider{err: awserr.New("FirstError", "first provider error", nil)}, &stubProvider{err: awserr.New("SecondError", "second provider error", nil)}, }, } assert.True(t, p.IsExpired(), "Expect expired with no providers") _, err := p.Retrieve() assert.Equal(t, ErrNoValidProvidersFoundInChain, err, "Expect no providers error returned") }
func TestMetadataAvailable(t *testing.T) { server := initTestServer( "/latest/meta-data/instance-id", "instance-id", ) defer server.Close() c := ec2metadata.New(&ec2metadata.Config{Endpoint: aws.String(server.URL + "/latest")}) available := c.Available() assert.True(t, available) }
func TestSharedCredentialsProviderIsExpired(t *testing.T) { os.Clearenv() p := SharedCredentialsProvider{Filename: "example.ini", Profile: ""} assert.True(t, p.IsExpired(), "Expect creds to be expired before retrieve") _, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, p.IsExpired(), "Expect creds to not be expired after retrieve") }
// Use DynamoDB methods for simplicity func TestPaginationEachPage(t *testing.T) { db := dynamodb.New(nil) tokens, pages, numPages, gotToEnd := []string{}, []string{}, 0, false reqNum := 0 resps := []*dynamodb.ListTablesOutput{ {TableNames: []*string{aws.String("Table1"), aws.String("Table2")}, LastEvaluatedTableName: aws.String("Table2")}, {TableNames: []*string{aws.String("Table3"), aws.String("Table4")}, LastEvaluatedTableName: aws.String("Table4")}, {TableNames: []*string{aws.String("Table5")}}, } db.Handlers.Send.Clear() // mock sending db.Handlers.Unmarshal.Clear() db.Handlers.UnmarshalMeta.Clear() db.Handlers.ValidateResponse.Clear() db.Handlers.Build.PushBack(func(r *request.Request) { in := r.Params.(*dynamodb.ListTablesInput) if in == nil { tokens = append(tokens, "") } else if in.ExclusiveStartTableName != nil { tokens = append(tokens, *in.ExclusiveStartTableName) } }) db.Handlers.Unmarshal.PushBack(func(r *request.Request) { r.Data = resps[reqNum] reqNum++ }) params := &dynamodb.ListTablesInput{Limit: aws.Int64(2)} req, _ := db.ListTablesRequest(params) err := req.EachPage(func(p interface{}, last bool) bool { numPages++ for _, t := range p.(*dynamodb.ListTablesOutput).TableNames { pages = append(pages, *t) } if last { if gotToEnd { assert.Fail(t, "last=true happened twice") } gotToEnd = true } return true }) assert.Equal(t, []string{"Table2", "Table4"}, tokens) assert.Equal(t, []string{"Table1", "Table2", "Table3", "Table4", "Table5"}, pages) assert.Equal(t, 3, numPages) assert.True(t, gotToEnd) assert.Nil(t, err) }
func TestEnvProviderIsExpired(t *testing.T) { os.Clearenv() os.Setenv("AWS_ACCESS_KEY_ID", "access") os.Setenv("AWS_SECRET_ACCESS_KEY", "secret") os.Setenv("AWS_SESSION_TOKEN", "token") e := EnvProvider{} assert.True(t, e.IsExpired(), "Expect creds to be expired before retrieve.") _, err := e.Retrieve() assert.Nil(t, err, "Expect no error") assert.False(t, e.IsExpired(), "Expect creds to not be expired after retrieve.") }
// test that the request is retried after the credentials are expired. func TestRequestRecoverExpiredCreds(t *testing.T) { reqNum := 0 reqs := []http.Response{ http.Response{StatusCode: 400, Body: body(`{"__type":"ExpiredTokenException","message":"expired token"}`)}, http.Response{StatusCode: 200, Body: body(`{"data":"valid"}`)}, } s := NewService(&Config{MaxRetries: 10, Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "")}) s.Handlers.Validate.Clear() s.Handlers.Unmarshal.PushBack(unmarshal) s.Handlers.UnmarshalError.PushBack(unmarshalError) credExpiredBeforeRetry := false credExpiredAfterRetry := false s.Handlers.Retry.PushBack(func(r *Request) { if r.Error != nil && r.Error.(awserr.Error).Code() == "ExpiredTokenException" { credExpiredBeforeRetry = r.Config.Credentials.IsExpired() } }) s.Handlers.AfterRetry.PushBack(func(r *Request) { credExpiredAfterRetry = r.Config.Credentials.IsExpired() }) s.Handlers.Sign.Clear() s.Handlers.Sign.PushBack(func(r *Request) { r.Config.Credentials.Get() }) s.Handlers.Send.Clear() // mock sending s.Handlers.Send.PushBack(func(r *Request) { r.HTTPResponse = &reqs[reqNum] reqNum++ }) out := &testData{} r := NewRequest(s, &Operation{Name: "Operation"}, nil, out) err := r.Send() assert.Nil(t, err) assert.False(t, credExpiredBeforeRetry, "Expect valid creds before retry check") assert.True(t, credExpiredAfterRetry, "Expect expired creds after retry check") assert.False(t, s.Config.Credentials.IsExpired(), "Expect valid creds after cred expired recovery") assert.Equal(t, 1, int(r.RetryCount)) assert.Equal(t, "valid", out.Data) }
func TestRequestExhaustRetries(t *testing.T) { delays := []time.Duration{} sleepDelay := func(delay time.Duration) { delays = append(delays, delay) } reqNum := 0 reqs := []http.Response{ {StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, {StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, {StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, {StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, } s := service.New(aws.NewConfig().WithMaxRetries(aws.DefaultRetries).WithSleepDelay(sleepDelay)) s.Handlers.Validate.Clear() s.Handlers.Unmarshal.PushBack(unmarshal) s.Handlers.UnmarshalError.PushBack(unmarshalError) s.Handlers.Send.Clear() // mock sending s.Handlers.Send.PushBack(func(r *request.Request) { r.HTTPResponse = &reqs[reqNum] reqNum++ }) r := s.NewRequest(&request.Operation{Name: "Operation"}, nil, nil) err := r.Send() assert.NotNil(t, err) if e, ok := err.(awserr.RequestFailure); ok { assert.Equal(t, 500, e.StatusCode()) } else { assert.Fail(t, "Expected error to be a service failure") } assert.Equal(t, "UnknownError", err.(awserr.Error).Code()) assert.Equal(t, "An error occurred.", err.(awserr.Error).Message()) assert.Equal(t, 3, int(r.RetryCount)) expectDelays := []struct{ min, max time.Duration }{{30, 59}, {60, 118}, {120, 236}} for i, v := range delays { min := expectDelays[i].min * time.Millisecond max := expectDelays[i].max * time.Millisecond assert.True(t, min <= v && v <= max, "Expect delay to be within range, i:%d, v:%s, min:%s, max:%s", i, v, min, max) } }
func TestSkipPagination(t *testing.T) { client := s3.New(nil) client.Handlers.Send.Clear() // mock sending client.Handlers.Unmarshal.Clear() client.Handlers.UnmarshalMeta.Clear() client.Handlers.ValidateResponse.Clear() client.Handlers.Unmarshal.PushBack(func(r *request.Request) { r.Data = &s3.HeadBucketOutput{} }) req, _ := client.HeadBucketRequest(&s3.HeadBucketInput{Bucket: aws.String("bucket")}) numPages, gotToEnd := 0, false req.EachPage(func(p interface{}, last bool) bool { numPages++ if last { gotToEnd = true } return true }) assert.Equal(t, 1, numPages) assert.True(t, gotToEnd) }
func TestRequestExhaustRetries(t *testing.T) { delays := []time.Duration{} sleepDelay = func(delay time.Duration) { delays = append(delays, delay) } reqNum := 0 reqs := []http.Response{ http.Response{StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, http.Response{StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, http.Response{StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, http.Response{StatusCode: 500, Body: body(`{"__type":"UnknownError","message":"An error occurred."}`)}, } s := NewService(&Config{MaxRetries: -1}) s.Handlers.Validate.Clear() s.Handlers.Unmarshal.PushBack(unmarshal) s.Handlers.UnmarshalError.PushBack(unmarshalError) s.Handlers.Send.Clear() // mock sending s.Handlers.Send.PushBack(func(r *Request) { r.HTTPResponse = &reqs[reqNum] reqNum++ }) r := NewRequest(s, &Operation{Name: "Operation"}, nil, nil) err := r.Send() assert.NotNil(t, err) if e, ok := err.(awserr.RequestFailure); ok { assert.Equal(t, 500, e.StatusCode()) } else { assert.Fail(t, "Expected error to be a service failure") } assert.Equal(t, "UnknownError", err.(awserr.Error).Code()) assert.Equal(t, "An error occurred.", err.(awserr.Error).Message()) assert.Equal(t, 3, int(r.RetryCount)) assert.True(t, reflect.DeepEqual([]time.Duration{30 * time.Millisecond, 60 * time.Millisecond, 120 * time.Millisecond}, delays)) }