Skip to content

Commit

Permalink
fix: solve error in default credentials provider
Browse files Browse the repository at this point in the history
  • Loading branch information
PanPanZou committed Sep 23, 2024
1 parent a4ac68e commit a0b34f1
Show file tree
Hide file tree
Showing 5 changed files with 168 additions and 64 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
*/

using System;
using System.Collections.Generic;

using Aliyun.Acs.Core.Auth;
using Aliyun.Acs.Core.Auth.Provider;
Expand All @@ -26,6 +27,8 @@
using Aliyun.Acs.Core.Profile;
using Aliyun.Acs.Core.Utils;

using Newtonsoft.Json;

using Moq;

using Xunit;
Expand All @@ -51,6 +54,20 @@ public void GetAlibabaCloudClientCredentialWithException()
Assert.Equal("There is no credential chain can use.", exception.Message);
}

[Fact]
public void GetCredentialWithException()
{
var provider = new Mock<DefaultCredentialProvider>();
var defaultProvider = provider.Object;

var exception = Assert.Throws<ClientException>(() =>
{
var credential = defaultProvider.GetCredentials();
});

Assert.Equal("There is no credential chain can use.", exception.Message);
}

/*
Case: Test Credential File With default Client Name and file exist with ak value and type
Result: should return AccessKeyCredential
Expand Down Expand Up @@ -81,6 +98,10 @@ Use credential chains
[Fact]
public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()
{
var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
Expand All @@ -97,7 +118,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()

TestHelper.DeleteIniFile();

Assert.Equal("Missing required variable option for 'default Client'", exception.Message);
Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
}

[Fact]
Expand All @@ -117,6 +141,30 @@ public void GetCredentialFileAlibabaCloudCredentialWithDefaultSection()
Assert.NotNull(credential);
}

[Fact]
public void GetOIDCAlibabaCloudCredentialTest()
{
var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", "test");
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "test");
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", TestHelper.GetOIDCTokenFilePath());
var profile = DefaultProfile.GetProfile();
profile.DefaultClientName = "default";
var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);

Check warning on line 156 in aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

View workflow job for this annotation

GitHub Actions / build

'DefaultCredentialProvider.DefaultCredentialProvider(IClientProfile, AlibabaCloudCredentialsProvider)' is obsolete
var exception = Assert.Throws<ClientException>(() =>
{
var credential = defaultCredentialProvider.GetAlibabaCloudClientCredential();
});
Assert.StartsWith("AssumeRoleWithOIDC failed: Parameter OIDCProviderArn is not valid(RequestID: ", exception.Message);

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
}

/*
Case: Test Credential File With default Client Name and file exist with ecs credential
Result: should return EcsRamRoleCredential
Expand Down Expand Up @@ -161,11 +209,9 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExist()

var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);

Check warning on line 210 in aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

View workflow job for this annotation

GitHub Actions / build

'DefaultCredentialProvider.DefaultCredentialProvider(IClientProfile, AlibabaCloudCredentialsProvider)' is obsolete

var credential = (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential();

var ex = Assert.Throws<ClientException>(() => (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential());
Assert.Equal("The configured client type is empty", ex.Message);
TestHelper.DeleteIniFile();
Assert.NotNull(credential);
Assert.Equal("foo", credential.GetAccessKeyId());
}

/*
Expand All @@ -182,10 +228,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExistNotDefault(

var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);

Check warning on line 229 in aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

View workflow job for this annotation

GitHub Actions / build

'DefaultCredentialProvider.DefaultCredentialProvider(IClientProfile, AlibabaCloudCredentialsProvider)' is obsolete

var credential = defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential();
var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential());
Assert.Equal("The configured client type is empty", ex.Message);

TestHelper.DeleteIniFile();
Assert.Null(credential);
}

/*
Expand Down Expand Up @@ -328,15 +374,15 @@ public void GetInstanceRamRoleAlibabaCloudCredential()
defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
});

Assert.Equal("RegionID cannot be null or empty.", exception.Message);
Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id");
profile.DefaultClientName = "test";
defaultCredentialProvider = new DefaultCredentialProvider(profile, null);

Check warning on line 381 in aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

View workflow job for this annotation

GitHub Actions / build

'DefaultCredentialProvider.DefaultCredentialProvider(IClientProfile, AlibabaCloudCredentialsProvider)' is obsolete
var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential());

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
Assert.Null(credentialProvider);
Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
}

[Fact]
Expand Down Expand Up @@ -369,13 +415,13 @@ public void GetInstanceRamRoleAlibabaCloudCredential3()
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id");
profile.DefaultClientName = "default";
var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
var exception = Assert.Throws<ArgumentNullException>(() =>
var exception = Assert.Throws<ClientException>(() =>
{
var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
});

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
Assert.Equal("You must specifiy a valid role name.", exception.ParamName);
Assert.StartsWith("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
}

[Fact]
Expand Down Expand Up @@ -465,11 +511,10 @@ public void GetRsaKeyPairAlibabaCloudCredential()
var defaultCredentialProvider =
new DefaultCredentialProvider(profile, "publicKeyId", "privateKeyFile", rsaProvider);

var actualCredentil = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential();
var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential());

Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
Assert.NotNull(actualCredentil);
Assert.Equal("aks", actualCredentil.GetAccessKeySecret());
Assert.Equal("The configured public_key_id or private_key_file is empty", ex.Message);
}

[Fact]
Expand Down Expand Up @@ -504,7 +549,7 @@ public void GetRsaKeyPairAlibabaCloudCredentialWithException()
var credential = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential();
});

Assert.Equal("Missing required variable option for 'default Client'", exception.Message);
Assert.Equal("The configured private_key_file is empty", exception.Message);
}

[Fact]
Expand Down
Loading

0 comments on commit a0b34f1

Please sign in to comment.