Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support cli provider and uri provider #433

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: support cli provider and uri provider #433

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions aliyun-net-sdk-core.Tests/.aliyun/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"current": "AK",
"profiles": [
{
"name": "AK",
"mode": "AK",
"access_key_id": "akid",
"access_key_secret": "secret"
},
{
"name": "RamRoleArn",
"mode": "RamRoleArn",
"access_key_id": "akid",
"access_key_secret": "secret",
"ram_role_arn": "arn"
},
{
"name": "RamRoleArnEnableVpc",
"mode": "RamRoleArn",
"access_key_id": "akid",
"access_key_secret": "secret",
"ram_role_arn": "arn",
"sts_region": "cn-hangzhou",
"enable_vpc": true,
"policy": "policy",
"external_id": "id"
},
{
"name": "Invalid_RamRoleArn",
"mode": "RamRoleArn"
},
{
"name": "EcsRamRole",
"mode": "EcsRamRole",
"ram_role_name": "rolename"
},
{
"name": "OIDC",
"mode": "OIDC",
"ram_role_arn": "role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "provider_arn"
},
{
"name": "OIDCEnableVpc",
"mode": "OIDC",
"ram_role_arn": "role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "provider_arn",
"sts_region": "cn-hangzhou",
"enable_vpc": true,
"policy": "policy"
},
{
"name": "ChainableRamRoleArn",
"mode": "ChainableRamRoleArn",
"ram_role_arn": "arn",
"source_profile": "AK"
},
{
"name": "ChainableRamRoleArn1",
"mode": "ChainableRamRoleArn",
"ram_role_arn": "arn",
"source_profile": "ChainableRamRoleArn1"
},
{
"name": "ChainableRamRoleArn2",
"mode": "ChainableRamRoleArn",
"source_profile": "InvalidSource"
},
{
"name": "Unsupported",
"mode": "Unsupported"
}
]
}
76 changes: 76 additions & 0 deletions aliyun-net-sdk-core.Tests/Units/.aliyun/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"current": "AK",
"profiles": [
{
"name": "AK",
"mode": "AK",
"access_key_id": "akid",
"access_key_secret": "secret"
},
{
"name": "RamRoleArn",
"mode": "RamRoleArn",
"access_key_id": "akid",
"access_key_secret": "secret",
"ram_role_arn": "arn"
},
{
"name": "RamRoleArnEnableVpc",
"mode": "RamRoleArn",
"access_key_id": "akid",
"access_key_secret": "secret",
"ram_role_arn": "arn",
"sts_region": "cn-hangzhou",
"enable_vpc": true,
"policy": "policy",
"external_id": "id"
},
{
"name": "Invalid_RamRoleArn",
"mode": "RamRoleArn"
},
{
"name": "EcsRamRole",
"mode": "EcsRamRole",
"ram_role_name": "rolename"
},
{
"name": "OIDC",
"mode": "OIDC",
"ram_role_arn": "role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "provider_arn"
},
{
"name": "OIDCEnableVpc",
"mode": "OIDC",
"ram_role_arn": "role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "provider_arn",
"sts_region": "cn-hangzhou",
"enable_vpc": true,
"policy": "policy"
},
{
"name": "ChainableRamRoleArn",
"mode": "ChainableRamRoleArn",
"ram_role_arn": "arn",
"source_profile": "AK"
},
{
"name": "ChainableRamRoleArn1",
"mode": "ChainableRamRoleArn",
"ram_role_arn": "arn",
"source_profile": "ChainableRamRoleArn1"
},
{
"name": "ChainableRamRoleArn2",
"mode": "ChainableRamRoleArn",
"source_profile": "InvalidSource"
},
{
"name": "Unsupported",
"mode": "Unsupported"
}
]
}
149 changes: 149 additions & 0 deletions aliyun-net-sdk-core.Tests/Units/Auth/CLIProfileCredentialsProviderTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
using System;
using Aliyun.Acs.Core.Auth;
using Aliyun.Acs.Core.Auth.Provider;
using Aliyun.Acs.Core.Exceptions;
using Aliyun.Acs.Core.Utils;
using Newtonsoft.Json;
using Xunit;


namespace Aliyun.Acs.Core.Tests.Units.Auth
{
public class CLIProfileCredentialsProviderTest
{
[Fact]
public void GetProfileNameTest()
{
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
Assert.Null(provider.GetProfileName());
provider = new CLIProfileCredentialsProvider("AK");
Assert.Equal("AK", provider.GetProfileName());

var cacheProfile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_PROFILE");
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "TEST");
provider = new CLIProfileCredentialsProvider();
Assert.Equal("TEST", provider.GetProfileName());
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);

var path = TestHelper.GetCLIConfigFilePath("aliyun");
provider = new CLIProfileCredentialsProvider();
var credential = provider.GetCredentials(path);

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "AK");
credential = provider.GetCredentials(path);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);

path = TestHelper.GetCLIConfigFilePath("empty");
var ex = Assert.Throws<ClientException>(() => provider.GetCredentials(path));
Assert.Equal("Unable to get profile form empty CLI credentials file.", ex.Message);
}

[Fact]
public void ShouldReloadCredentialsProviderTest()
{
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
Assert.True(provider.ShouldReloadCredentialsProvider(""));
}

[Fact]
public void DisableCLIProfileTest()
{
bool isDisableCLIProfile = AuthUtils.EnvironmentDisableCLIProfile;
AuthUtils.EnvironmentDisableCLIProfile = true;
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
Assert.Contains("CLI credentials file is disabled.", ex.Message);
AuthUtils.EnvironmentDisableCLIProfile = isDisableCLIProfile;
}

[Fact]
public void ParseProfileTest()
{
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
var ex = Assert.Throws<ClientException>(() => { provider.ParseProfile("./not_exist_config.json"); });
Assert.Contains("Unable to open credentials file", ex.Message);

string configPath = TestHelper.GetCLIConfigFilePath("invalid");
ex = Assert.Throws<ClientException>(() => { provider.ParseProfile(configPath); });
Assert.Contains("Failed to parse credential from CLI credentials file", ex.Message);

configPath = TestHelper.GetCLIConfigFilePath("empty");
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
Assert.Null(config);

configPath = TestHelper.GetCLIConfigFilePath("mock_empty");
config = provider.ParseProfile(configPath);
Assert.NotNull(config);
Assert.Null(config.GetCurrent());
Assert.Null(config.GetProfiles());

configPath = TestHelper.GetCLIConfigFilePath("full");
config = provider.ParseProfile(configPath);
Assert.Equal("AK", config.GetCurrent());
Assert.Equal(5, config.GetProfiles().Count);
var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore };
Assert.Equal(
"[{\"name\":\"AK\",\"mode\":\"AK\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\"},{\"name\":\"RamRoleArn\",\"mode\":\"RamRoleArn\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"enable_vpc\":true},{\"name\":\"EcsRamRole\",\"mode\":\"EcsRamRole\",\"ram_role_name\":\"ram_role_name\"},{\"name\":\"OIDC\",\"mode\":\"OIDC\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"oidc_token_file\":\"path/to/oidc/file\",\"oidc_provider_arn\":\"oidc_provider_arn\"},{\"name\":\"ChainableRamRoleArn\",\"mode\":\"ChainableRamRoleArn\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"source_profile\":\"AK\"}]",
JsonConvert.SerializeObject(config.GetProfiles(), settings));
}

[Fact]
public void ReloadCredentialsProviderTest()
{
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
var configPath = TestHelper.GetCLIConfigFilePath("aliyun");
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
var ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "notExist"); });
Assert.Contains("Unable to get profile with 'notExist' form CLI credentials file.", ex.Message);

AlibabaCloudCredentialsProvider credentialsProvider = provider.ReloadCredentialsProvider(config, "AK");
Assert.True(credentialsProvider is StaticCredentialsProvider);
AlibabaCloudCredentials credential = credentialsProvider.GetCredentials();
Assert.Equal("akid", credential.GetAccessKeyId());
Assert.Equal("secret", credential.GetAccessKeySecret());

credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArn");
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
Assert.Contains("InvalidAccessKeyId.NotFound", ex.Message);

credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArnEnableVpc");
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
Assert.Contains("the request url is sts-vpc.cn-hangzhou.aliyuncs.com", ex.Message);

var ex1 = Assert.Throws<ArgumentOutOfRangeException>(() =>
{
provider.ReloadCredentialsProvider(config, "Invalid_RamRoleArn");
});
Assert.Contains("Access key ID cannot be null.", ex1.Message);

credentialsProvider = provider.ReloadCredentialsProvider(config, "EcsRamRole");
Assert.True(credentialsProvider is InstanceProfileCredentialsProvider);

credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDC");
Assert.True(credentialsProvider is OIDCCredentialsProvider);

credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDCEnableVpc");
Assert.True(credentialsProvider is OIDCCredentialsProvider);

credentialsProvider = provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn");
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);

ex = Assert.Throws<ClientException>(() =>
{
provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn1");
});
Assert.Equal("Source profile name can not be the same as profile name.", ex.Message);

ex = Assert.Throws<ClientException>(() =>
{
provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn2");
});
Assert.Contains("Unable to get profile with 'InvalidSource' form CLI credentials file.", ex.Message);

ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "Unsupported"); });
Assert.Contains("Unsupported profile mode 'Unsupported' form CLI credentials file.", ex.Message);
}
}
}
26 changes: 23 additions & 3 deletions aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,22 @@ namespace Aliyun.Acs.Core.Tests.Units.Auth.Provider
{
public class DefaultCredentialProviderTest
{
[Fact]
public void GetCredentials()
{
var provider = new DefaultCredentialProvider(false);
Assert.NotNull(provider);
Assert.Throws<ClientException>(() => { provider.GetCredentials(); });

var testProvider = new STSAssumeRoleSessionCredentialsProvider.Builder()
.AccessKeyId("accessKeyId2")
.AccessKeySecret("accessKeySecret")
.RoleArn("roleArn")
.Build();

new DefaultCredentialProvider(null, testProvider);

}
/*
Case: Should throw ClientException("There is no credential chain can use")
*/
Expand Down Expand Up @@ -62,7 +78,11 @@ public void GetCredentialWithException()
var credential = defaultProvider.GetCredentials();
});

Assert.Equal("There is no credential chain can use.", exception.Message);
var mes = exception.Message;
Assert.Contains("There is no credential chain can use: [EnvironmentVariableCredentialsProvider: Environment variable accessKeyId cannot be empty,", exception.Message);
Assert.Contains("CLIProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
Assert.Contains("ProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
Assert.Contains("InstanceProfileCredentialsProvider: Failed to get RAM session credentials from ECS metadata service. Reason: Aliyun.Acs.Core.Exceptions.ClientException: SDK.WebException : HttpWebRequest WebException occured, ", exception.Message);
}

/*
Expand Down Expand Up @@ -126,7 +146,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()

TestHelper.DeleteIniFile();

Assert.Equal("Access key ID cannot be null.", exception.Message);
Assert.Contains("Access key ID cannot be null.", exception.Message);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
Expand Down Expand Up @@ -217,7 +237,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole()
mockDefaultCredentialProvider.Setup(x => x.GetInstanceRamRoleAlibabaCloudCredential())
.Returns(ecsRamRoleCredential);
mockDefaultCredentialProvider.Setup(x => x.GetHomePath()).Returns(mockHomePath);

var defaultCredentialProvider = mockDefaultCredentialProvider.Object;
var credential = (InstanceProfileCredentials)defaultCredentialProvider.GetAlibabaCloudClientCredential();

Expand Down
38 changes: 38 additions & 0 deletions aliyun-net-sdk-core.Tests/Units/Auth/URLCredentialProviderTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
using System;
using Aliyun.Acs.Core.Auth.Provider;
using Aliyun.Acs.Core.Exceptions;
using Xunit;

namespace Aliyun.Acs.Core.Tests.Units.Auth
{
public class URLCredentialProviderTest
{
[Fact]
public void TestConstructor()
{
URLCredentialProvider provider;
var ex = Assert.Throws<ArgumentNullException>(() =>
provider = new URLCredentialProvider.Builder().CredentialsURI("").Build());
Assert.Contains("Credential URI or environment variable ALIBABA_CLOUD_CREDENTIALS_URI cannot be empty.",
ex.Message);
var ex1 = Assert.Throws<ClientException>(() =>
provider = new URLCredentialProvider.Builder().CredentialsURI("url").Build());
Assert.Contains("Credential URI is not valid.", ex1.Message);
provider = new URLCredentialProvider.Builder().CredentialsURI("http://test").Build();
provider = new URLCredentialProvider.Builder().CredentialsURI(new Uri("http://test")).Build();
}

[Fact]
public void TestGetCredentials()
{
var provider = new URLCredentialProvider.Builder()
.CredentialsURI("http://10.10.10.10")
.ConnectTimeout(2000)
.ReadTimeout(2000)
.Build();

var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
Assert.StartsWith("Failed to connect Server: http://10.10.10.10", ex.Message);
}
}
}
Loading
Loading