Skip to content

Commit 2d49327

Browse files
PanPanZouPanPanZou
committed
feat: support cli provider and uri provider
1 parent 2d2204e commit 2d49327

24 files changed

+1804
-69
lines changed

aliyun-net-sdk-core.Tests/.aliyun/config.json

+76
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"current": "AK",
3+
"profiles": [
4+
{
5+
"name": "AK",
6+
"mode": "AK",
7+
"access_key_id": "akid",
8+
"access_key_secret": "secret"
9+
},
10+
{
11+
"name": "RamRoleArn",
12+
"mode": "RamRoleArn",
13+
"access_key_id": "akid",
14+
"access_key_secret": "secret",
15+
"ram_role_arn": "arn"
16+
},
17+
{
18+
"name": "RamRoleArnEnableVpc",
19+
"mode": "RamRoleArn",
20+
"access_key_id": "akid",
21+
"access_key_secret": "secret",
22+
"ram_role_arn": "arn",
23+
"sts_region": "cn-hangzhou",
24+
"enable_vpc": true,
25+
"policy": "policy",
26+
"external_id": "id"
27+
},
28+
{
29+
"name": "Invalid_RamRoleArn",
30+
"mode": "RamRoleArn"
31+
},
32+
{
33+
"name": "EcsRamRole",
34+
"mode": "EcsRamRole",
35+
"ram_role_name": "rolename"
36+
},
37+
{
38+
"name": "OIDC",
39+
"mode": "OIDC",
40+
"ram_role_arn": "role_arn",
41+
"oidc_token_file": "path/to/oidc/file",
42+
"oidc_provider_arn": "provider_arn"
43+
},
44+
{
45+
"name": "OIDCEnableVpc",
46+
"mode": "OIDC",
47+
"ram_role_arn": "role_arn",
48+
"oidc_token_file": "path/to/oidc/file",
49+
"oidc_provider_arn": "provider_arn",
50+
"sts_region": "cn-hangzhou",
51+
"enable_vpc": true,
52+
"policy": "policy"
53+
},
54+
{
55+
"name": "ChainableRamRoleArn",
56+
"mode": "ChainableRamRoleArn",
57+
"ram_role_arn": "arn",
58+
"source_profile": "AK"
59+
},
60+
{
61+
"name": "ChainableRamRoleArn1",
62+
"mode": "ChainableRamRoleArn",
63+
"ram_role_arn": "arn",
64+
"source_profile": "ChainableRamRoleArn1"
65+
},
66+
{
67+
"name": "ChainableRamRoleArn2",
68+
"mode": "ChainableRamRoleArn",
69+
"source_profile": "InvalidSource"
70+
},
71+
{
72+
"name": "Unsupported",
73+
"mode": "Unsupported"
74+
}
75+
]
76+
}

aliyun-net-sdk-core.Tests/Units/.aliyun/config.json

+76
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"current": "AK",
3+
"profiles": [
4+
{
5+
"name": "AK",
6+
"mode": "AK",
7+
"access_key_id": "akid",
8+
"access_key_secret": "secret"
9+
},
10+
{
11+
"name": "RamRoleArn",
12+
"mode": "RamRoleArn",
13+
"access_key_id": "akid",
14+
"access_key_secret": "secret",
15+
"ram_role_arn": "arn"
16+
},
17+
{
18+
"name": "RamRoleArnEnableVpc",
19+
"mode": "RamRoleArn",
20+
"access_key_id": "akid",
21+
"access_key_secret": "secret",
22+
"ram_role_arn": "arn",
23+
"sts_region": "cn-hangzhou",
24+
"enable_vpc": true,
25+
"policy": "policy",
26+
"external_id": "id"
27+
},
28+
{
29+
"name": "Invalid_RamRoleArn",
30+
"mode": "RamRoleArn"
31+
},
32+
{
33+
"name": "EcsRamRole",
34+
"mode": "EcsRamRole",
35+
"ram_role_name": "rolename"
36+
},
37+
{
38+
"name": "OIDC",
39+
"mode": "OIDC",
40+
"ram_role_arn": "role_arn",
41+
"oidc_token_file": "path/to/oidc/file",
42+
"oidc_provider_arn": "provider_arn"
43+
},
44+
{
45+
"name": "OIDCEnableVpc",
46+
"mode": "OIDC",
47+
"ram_role_arn": "role_arn",
48+
"oidc_token_file": "path/to/oidc/file",
49+
"oidc_provider_arn": "provider_arn",
50+
"sts_region": "cn-hangzhou",
51+
"enable_vpc": true,
52+
"policy": "policy"
53+
},
54+
{
55+
"name": "ChainableRamRoleArn",
56+
"mode": "ChainableRamRoleArn",
57+
"ram_role_arn": "arn",
58+
"source_profile": "AK"
59+
},
60+
{
61+
"name": "ChainableRamRoleArn1",
62+
"mode": "ChainableRamRoleArn",
63+
"ram_role_arn": "arn",
64+
"source_profile": "ChainableRamRoleArn1"
65+
},
66+
{
67+
"name": "ChainableRamRoleArn2",
68+
"mode": "ChainableRamRoleArn",
69+
"source_profile": "InvalidSource"
70+
},
71+
{
72+
"name": "Unsupported",
73+
"mode": "Unsupported"
74+
}
75+
]
76+
}

aliyun-net-sdk-core.Tests/Units/Auth/CLIProfileCredentialsProviderTest.cs

+142
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
using System;
2+
using System.IO;
3+
using System.Reflection;
4+
using Aliyun.Acs.Core.Auth;
5+
using Aliyun.Acs.Core.Auth.Provider;
6+
using Aliyun.Acs.Core.Exceptions;
7+
using Aliyun.Acs.Core.Utils;
8+
using Newtonsoft.Json;
9+
using Xunit;
10+
11+
12+
namespace Aliyun.Acs.Core.Tests.Units.Auth;
13+
14+
public class CLIProfileCredentialsProviderTest
15+
{
16+
[Fact]
17+
public void GetProfileNameTest()
18+
{
19+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
20+
Assert.Null(provider.GetProfileName());
21+
provider = new CLIProfileCredentialsProvider("AK");
22+
Assert.Equal("AK", provider.GetProfileName());
23+
24+
var cacheProfile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_PROFILE");
25+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "TEST");
26+
provider = new CLIProfileCredentialsProvider();
27+
Assert.Equal("TEST", provider.GetProfileName());
28+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);
29+
30+
var path = TestHelper.GetCLIConfigFilePath("aliyun");
31+
provider = new CLIProfileCredentialsProvider();
32+
var credential = provider.GetCredentials(path);
33+
34+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "AK");
35+
credential = provider.GetCredentials(path);
36+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);
37+
38+
path = TestHelper.GetCLIConfigFilePath("empty");
39+
var ex = Assert.Throws<ClientException>(() => provider.GetCredentials(path));
40+
Assert.Equal("Unable to get profile form empty CLI credentials file.", ex.Message);
41+
}
42+
43+
[Fact]
44+
public void ShouldReloadCredentialsProviderTest()
45+
{
46+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
47+
Assert.True(provider.ShouldReloadCredentialsProvider(""));
48+
}
49+
50+
[Fact]
51+
public void DisableCLIProfileTest()
52+
{
53+
bool isDisableCLIProfile = AuthUtils.EnvironmentDisableCLIProfile;
54+
AuthUtils.EnvironmentDisableCLIProfile = true;
55+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
56+
var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
57+
Assert.Contains("CLI credentials file is disabled.", ex.Message);
58+
AuthUtils.EnvironmentDisableCLIProfile = isDisableCLIProfile;
59+
}
60+
61+
[Fact]
62+
public void ParseProfileTest()
63+
{
64+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
65+
var ex = Assert.Throws<ClientException>(() => { provider.ParseProfile("./not_exist_config.json"); });
66+
Assert.Contains("Unable to open credentials file", ex.Message);
67+
68+
string configPath = TestHelper.GetCLIConfigFilePath("invalid");
69+
ex = Assert.Throws<ClientException>(() => { provider.ParseProfile(configPath); });
70+
Assert.Contains("Failed to parse credential from CLI credentials file", ex.Message);
71+
72+
configPath = TestHelper.GetCLIConfigFilePath("empty");
73+
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
74+
Assert.Null(config);
75+
76+
configPath = TestHelper.GetCLIConfigFilePath("mock_empty");
77+
config = provider.ParseProfile(configPath);
78+
Assert.NotNull(config);
79+
Assert.Null(config.GetCurrent());
80+
Assert.Null(config.GetProfiles());
81+
82+
configPath = TestHelper.GetCLIConfigFilePath("full");
83+
config = provider.ParseProfile(configPath);
84+
Assert.Equal("AK", config.GetCurrent());
85+
Assert.Equal(5, config.GetProfiles().Count);
86+
var settings = new JsonSerializerSettings
87+
{
88+
NullValueHandling = NullValueHandling.Ignore
89+
};
90+
Assert.Equal("[{\"name\":\"AK\",\"mode\":\"AK\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\"},{\"name\":\"RamRoleArn\",\"mode\":\"RamRoleArn\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"enable_vpc\":true},{\"name\":\"EcsRamRole\",\"mode\":\"EcsRamRole\",\"ram_role_name\":\"ram_role_name\"},{\"name\":\"OIDC\",\"mode\":\"OIDC\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"oidc_token_file\":\"path/to/oidc/file\",\"oidc_provider_arn\":\"oidc_provider_arn\"},{\"name\":\"ChainableRamRoleArn\",\"mode\":\"ChainableRamRoleArn\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"source_profile\":\"AK\"}]", JsonConvert.SerializeObject(config.GetProfiles(), settings));
91+
}
92+
93+
[Fact]
94+
public void ReloadCredentialsProviderTest()
95+
{
96+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
97+
var configPath = TestHelper.GetCLIConfigFilePath("aliyun");
98+
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
99+
var ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "notExist"); });
100+
Assert.Contains("Unable to get profile with 'notExist' form CLI credentials file.", ex.Message);
101+
102+
AlibabaCloudCredentialsProvider credentialsProvider = provider.ReloadCredentialsProvider(config, "AK");
103+
Assert.True(credentialsProvider is StaticCredentialsProvider);
104+
AlibabaCloudCredentials credential = credentialsProvider.GetCredentials();
105+
Assert.Equal("akid", credential.GetAccessKeyId());
106+
Assert.Equal("secret", credential.GetAccessKeySecret());
107+
108+
credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArn");
109+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
110+
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
111+
Assert.Contains("InvalidAccessKeyId.NotFound", ex.Message);
112+
113+
credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArnEnableVpc");
114+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
115+
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
116+
Assert.Contains("the request url is sts-vpc.cn-hangzhou.aliyuncs.com", ex.Message);
117+
118+
var ex1 = Assert.Throws<ArgumentOutOfRangeException>(() => { provider.ReloadCredentialsProvider(config, "Invalid_RamRoleArn"); });
119+
Assert.Contains("Access key ID cannot be null.", ex1.Message);
120+
121+
credentialsProvider = provider.ReloadCredentialsProvider(config, "EcsRamRole");
122+
Assert.True(credentialsProvider is InstanceProfileCredentialsProvider);
123+
124+
credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDC");
125+
Assert.True(credentialsProvider is OIDCCredentialsProvider);
126+
127+
credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDCEnableVpc");
128+
Assert.True(credentialsProvider is OIDCCredentialsProvider);
129+
130+
credentialsProvider = provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn");
131+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
132+
133+
ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn1"); });
134+
Assert.Equal("Source profile name can not be the same as profile name.", ex.Message);
135+
136+
ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn2"); });
137+
Assert.Contains("Unable to get profile with 'InvalidSource' form CLI credentials file.", ex.Message);
138+
139+
ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "Unsupported"); });
140+
Assert.Contains("Unsupported profile mode 'Unsupported' form CLI credentials file.", ex.Message);
141+
}
142+
}

aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

+23-3
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,22 @@ namespace Aliyun.Acs.Core.Tests.Units.Auth.Provider
3434
{
3535
public class DefaultCredentialProviderTest
3636
{
37+
[Fact]
38+
public void GetCredentials()
39+
{
40+
var provider = new DefaultCredentialProvider(false);
41+
Assert.NotNull(provider);
42+
Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
43+
44+
var testProvider = new STSAssumeRoleSessionCredentialsProvider.Builder()
45+
.AccessKeyId("accessKeyId2")
46+
.AccessKeySecret("accessKeySecret")
47+
.RoleArn("roleArn")
48+
.Build();
49+
50+
new DefaultCredentialProvider(null, testProvider);
51+
52+
}
3753
/*
3854
Case: Should throw ClientException("There is no credential chain can use")
3955
*/
@@ -62,7 +78,11 @@ public void GetCredentialWithException()
6278
var credential = defaultProvider.GetCredentials();
6379
});
6480

65-
Assert.Equal("There is no credential chain can use.", exception.Message);
81+
var mes = exception.Message;
82+
Assert.Contains("There is no credential chain can use: [EnvironmentVariableCredentialsProvider: Environment variable accessKeyId cannot be empty,", exception.Message);
83+
Assert.Contains("CLIProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
84+
Assert.Contains("ProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
85+
Assert.Contains("InstanceProfileCredentialsProvider: Failed to get RAM session credentials from ECS metadata service. Reason: Aliyun.Acs.Core.Exceptions.ClientException: SDK.WebException : HttpWebRequest WebException occured, ", exception.Message);
6686
}
6787

6888
/*
@@ -126,7 +146,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()
126146

127147
TestHelper.DeleteIniFile();
128148

129-
Assert.Equal("Access key ID cannot be null.", exception.Message);
149+
Assert.Contains("Access key ID cannot be null.", exception.Message);
130150
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
131151
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
132152
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
@@ -217,7 +237,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole()
217237
mockDefaultCredentialProvider.Setup(x => x.GetInstanceRamRoleAlibabaCloudCredential())
218238
.Returns(ecsRamRoleCredential);
219239
mockDefaultCredentialProvider.Setup(x => x.GetHomePath()).Returns(mockHomePath);
220-
240+
221241
var defaultCredentialProvider = mockDefaultCredentialProvider.Object;
222242
var credential = (InstanceProfileCredentials)defaultCredentialProvider.GetAlibabaCloudClientCredential();
223243

aliyun-net-sdk-core.Tests/Units/Auth/URLCredentialProviderTest.cs

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
using System;
2+
using Aliyun.Acs.Core.Auth.Provider;
3+
using Aliyun.Acs.Core.Exceptions;
4+
using Xunit;
5+
6+
namespace Aliyun.Acs.Core.Tests.Units.Auth;
7+
8+
public class URLCredentialProviderTest
9+
{
10+
[Fact]
11+
public void TestConstructor()
12+
{
13+
URLCredentialProvider provider;
14+
var ex = Assert.Throws<ArgumentNullException>(() =>
15+
provider = new URLCredentialProvider.Builder().CredentialsURI("").Build());
16+
Assert.Contains("Credential URI or environment variable ALIBABA_CLOUD_CREDENTIALS_URI cannot be empty.",
17+
ex.Message);
18+
var ex1 = Assert.Throws<ClientException>(() =>
19+
provider = new URLCredentialProvider.Builder().CredentialsURI("url").Build());
20+
Assert.Contains("Credential URI is not valid.", ex1.Message);
21+
provider = new URLCredentialProvider.Builder().CredentialsURI("http://test").Build();
22+
provider = new URLCredentialProvider.Builder().CredentialsURI(new Uri("http://test")).Build();
23+
}
24+
25+
[Fact]
26+
public void TestGetCredentials()
27+
{
28+
var provider = new URLCredentialProvider.Builder()
29+
.CredentialsURI("http://10.10.10.10")
30+
.ConnectTimeout(2000)
31+
.ReadTimeout(2000)
32+
.Build();
33+
34+
var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
35+
Assert.StartsWith("Failed to connect Server: http://10.10.10.10", ex.Message);
36+
}
37+
}

0 commit comments

Comments
 (0)