Exemple #1
0
        public async Task TestAssumeRoleWithWebIdentityCredentialsPropertiesUsedInAsyncSTSCallAsync()
        {
            #region Setup
            // Set up request variables
            var dummyToken               = "dummyToken";
            var dummyRoleArn             = "dummyRoleArn";
            var dummyRoleSessionName     = "dummyRoleSessionName";
            var dummyOptions             = new AssumeRoleWithWebIdentityCredentialsOptions();
            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, dummyToken);
            var equalityCheck = new Func <AssumeRoleWithWebIdentityRequest, bool>(req =>
            {
                return(req.DurationSeconds.Equals(dummyOptions.DurationSeconds ?? 0) &&
                       string.Equals(req.Policy, dummyOptions.Policy) &&
                       Equals(req.PolicyArns, dummyOptions.PolicyArns) &&
                       Equals(req.ProviderId, dummyOptions.ProviderId) &&
                       req.RoleArn.Equals(dummyRoleArn) &&
                       req.RoleSessionName.Equals(dummyRoleSessionName) &&
                       req.WebIdentityToken.Equals(dummyToken));
            });
            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, dummyRoleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, dummyRoleSessionName },
            };
            // Set up response
            var dummyAccessKeyId     = "dummyAccessKeyId";
            var dummySecretAccessKey = "dummySecretAccessKey";
            var dummySessionToken    = "dummySessionToken";
            var dummyExpiration      = DateTime.UtcNow.AddDays(1);
            var forcedResponse       = new AssumeRoleWithWebIdentityResponse()
            {
                Credentials = new Credentials(dummyAccessKeyId, dummySecretAccessKey, dummySessionToken, dummyExpiration)
            };
            // Setup service client mock
            var mock = new Mock <AmazonSecurityTokenServiceClient>();
            Expression <Func <AmazonSecurityTokenServiceClient, Task <AssumeRoleWithWebIdentityResponse> > > stsCall = c => c.AssumeRoleWithWebIdentityAsync(It.Is <AssumeRoleWithWebIdentityRequest>(req => equalityCheck(req)), new System.Threading.CancellationToken());
            mock.Setup(stsCall).Returns(Task.FromResult(forcedResponse));
            // Setup credentials
            using (var testCredentials = new AssumeRoleWithWebIdentityTestCredentials(webIdentityTokenFilePath, dummyRoleArn, dummyRoleSessionName, dummyOptions)
            {
                Client = mock.Object
            })
            {
                using (new FallbackFactoryTestFixture(ProfileText, "default", envVariables))
                {
                    #endregion Setup

                    #region Act
                    await testCredentials.GetCredentialsAsync().ConfigureAwait(false);

                    #endregion Act
                }
            }

            // Verify that the credential properties were used for the STS call
            mock.Verify(stsCall, Times.Once);
        }
Exemple #2
0
        public void TestAssumeRoleWithWebIdentity_FromSharedProfile()
        {
            #region Setup
            var webIdentityToken         = "Dummy.OIDC.Token";
            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);
            var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath);
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(profileText, "default"))
            {
                #endregion Setup

                #region Act
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                #endregion Act
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual("some-arn-2", webIdentityCredentials.RoleArn);
            Assert.AreEqual("some-session-name-2", webIdentityCredentials.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
        }
        public void TestRetriesOnException <T>(T exception) where T : AmazonServiceException
        {
            var webIdentityToken = "Dummy.OIDC.Token";
            var roleArn          = "someRoleArn";
            var roleSessionName  = "someRoleSessionName";

            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");

            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName },
            };

            AWSCredentials awsCredentials;

            using (new FallbackFactoryTestFixture(envVariables))
            {
                awsCredentials = FallbackCredentialsFactory.GetCredentials();
            }

            var webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null);
            var retries  = 0;
            var client   = webIdentityCredentials.Client as AmazonSecurityTokenServiceClient;
            var pipeline = client
                           .GetType()
                           .GetProperty("RuntimePipeline", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic)
                           .GetValue(client, null)
                           as RuntimePipeline;
            // Setup STS failures
            var credentialsRetriever = new Mock <CredentialsRetriever>(awsCredentials);

            credentialsRetriever.Setup(cr => cr.InvokeSync(It.IsAny <IExecutionContext>())).Throws(exception); // Setting up the exception here
            pipeline.ReplaceHandler <CredentialsRetriever>(credentialsRetriever.Object);
            // Setup retry count notifications
            var retryHandler          = pipeline.Handlers.Find(h => h is RetryHandler) as RetryHandler;
            var notifyingRetryHandler = new NotifyingRetryHandler(client.Config);

            notifyingRetryHandler.AddHandler((object sender, RetryEventArgs e) => { retries++; });
            pipeline.ReplaceHandler <RetryHandler>(notifyingRetryHandler);
            var defaultRetryPolicy = new DefaultRetryPolicy(client.Config);

            using (new FallbackFactoryTestFixture(envVariables))
            {
                // Act and Assert
                Assert.ThrowsException <AmazonClientException>(() => webIdentityCredentials.GetCredentials());
            }

            Assert.AreEqual(defaultRetryPolicy.MaxRetries, retries);

            webIdentityCredentials.Dispose();
        }
Exemple #4
0
        public void TestAssumeRoleWithWebIdentity_SessionNameNotProvided()
        {
            #region Setup
            var webIdentityToken         = "Dummy.OIDC.Token";
            var roleArn                  = "someRoleArn";
            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, "" },
            };

            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials2;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(ProfileText, "default", envVariables))
            {
                #endregion Setup

                #region Action
                // Get credentials once
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                // Get credentials again
                var awsCredentials2 = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials2 = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials2.GetCredentials();
                #endregion Action
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn);
            var guidRoleSessionName = webIdentityCredentials.RoleSessionName;
            Assert.IsTrue(Guid.TryParse(guidRoleSessionName, out Guid guid));
            Assert.AreEqual(guidRoleSessionName, webIdentityCredentials2.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
            webIdentityCredentials2.Dispose();
        }
Exemple #5
0
        public void TestAssumeRoleWithWebIdentity_DefinedBothInEnvAndConfig()
        {
            #region Setup
            var webIdentityToken  = "Dummy.OIDC.Token";
            var webIdentityToken2 = "Dummy.OIDC.Token2";
            var roleArn           = "someRoleArn";
            var roleSessionName   = "someRoleSessionName";

            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);
            var webIdentityTokenFilePath2 = Path.Combine(currentDirectory, "my-token2.jwt");
            File.WriteAllText(webIdentityTokenFilePath2, webIdentityToken2);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName },
            };

            var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath2);
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(profileText, "default", envVariables))
            {
                #endregion Setup

                #region Action
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                #endregion Action
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn);
            Assert.AreEqual(roleSessionName, webIdentityCredentials.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
        }