public void GetRamRoleArnAlibabaCloudCredential()
{
TestHelper.InitializeEnvironmentValue();
var ramRoleCredential =
new InstanceProfileCredentials("accessKey", "aks", "roletoken", DateTime.Now.ToString(), 3000);
var profile = DefaultProfile.GetProfile();
var response = new AssumeRoleResponse();
response.Credentials = new AssumeRoleResponse.AssumeRole_Credentials();
response.Credentials.AccessKeyId = "ak";
response.Credentials.AccessKeySecret = "aks";
response.Credentials.SecurityToken = "token";
var mockClient = new Mock <IAcsClient>();
mockClient.Setup(x => x.GetAcsResponse(It.IsAny <AcsRequest <AssumeRoleResponse> >())).Returns(response);
var client = mockClient.Object;
var stsProvider = new STSAssumeRoleSessionCredentialsProvider(ramRoleCredential, "roleArn", client);
var defaultCredentialProvider = new DefaultCredentialProvider(profile, stsProvider);
var actualCredentil = defaultCredentialProvider.GetRamRoleArnAlibabaCloudCredential();
TestHelper.RemoveEnvironmentValue();
Assert.NotNull(actualCredentil);
Assert.Equal("aks", actualCredentil.GetAccessKeySecret());
}
public virtual Task <AlibabaCloudCredentials> GetRamRoleArnAlibabaCloudCredentialAsync(CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret) ||
string.IsNullOrEmpty(regionId))
{
throw new ClientException("Missing required variable option for 'default Client'");
}
var credential = new BasicSessionCredentials(accessKeyId, accessKeySecret,
STSAssumeRoleSessionCredentialsProvider.GetNewRoleSessionName(),
3600
);
var profile = DefaultProfile.GetProfile(regionId, accessKeyId, accessKeySecret);
STSAssumeRoleSessionCredentialsProvider stsAsssumeRoleSessionCredentialProvider;
if (null != alibabaCloudCredentialProvider)
{
stsAsssumeRoleSessionCredentialProvider =
(STSAssumeRoleSessionCredentialsProvider)alibabaCloudCredentialProvider;
}
else
{
stsAsssumeRoleSessionCredentialProvider =
new STSAssumeRoleSessionCredentialsProvider(credential, roleArn, profile);
}
return(stsAsssumeRoleSessionCredentialProvider.GetCredentialsAsync(cancellationToken));
}
public void InstanceProvider()
{
var mock = new Mock <AlibabaCloudCredentialsProvider>();
AlibabaCloudCredentialsProvider longLivedCredentialsProvider = mock.Object;
string roleArn = "roleArn";
IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", "accessKeyId", "accessKeySecret");
STSAssumeRoleSessionCredentialsProvider instance = new STSAssumeRoleSessionCredentialsProvider(longLivedCredentialsProvider, roleArn, profile);
Assert.NotNull(instance);
}
public void WithRoleSessionName()
{
var mock = new Mock <AlibabaCloudCredentials>();
AlibabaCloudCredentials longLivedCredentials = mock.Object;
string roleArn = "roleArn";
IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", "accessKeyId", "accessKeySecret");
STSAssumeRoleSessionCredentialsProvider instance = new STSAssumeRoleSessionCredentialsProvider(longLivedCredentials, roleArn, profile);
instance.WithRoleSessionName("roleSessionName"); // 方法回调 STSAssumeRoleSessionCredentialsProvider 实例
Assert.IsType <STSAssumeRoleSessionCredentialsProvider>(instance);
}
public void InstanceWithPolicy()
{
var roleArn = "roleArn";
var policy = "policy";
var mockClient = new Mock <IAcsClient>();
var client = mockClient.Object;
var instance = new STSAssumeRoleSessionCredentialsProvider(roleArn, policy, client);
Assert.NotNull(instance);
}
public void SdkManageTokenTest()
{
DefaultProfile profile = DefaultProfile.GetProfile("cn-hangzhou", this.GetBasicAccessKeyId(), this.GetBasicAccessKeySecret());
BasicCredentials basicCredential = new BasicCredentials(this.GetBasicAccessKeyId(), this.GetBasicAccessKeySecret());
STSAssumeRoleSessionCredentialsProvider provider = new STSAssumeRoleSessionCredentialsProvider(basicCredential, this.GetRoleArn(), profile);
DefaultAcsClient client = new DefaultAcsClient(profile, provider);
DescribeInstancesRequest request = new DescribeInstancesRequest();
DescribeInstancesResponse response = client.GetAcsResponse(request);
Assert.NotNull(response);
Assert.True(0 <= response.TotalCount);
}
public void WithSTSClient()
{
var mock = new Mock <AlibabaCloudCredentials>();
var longLivedCredentials = mock.Object;
var roleArn = "roleArn";
IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", "accessKeyId", "accessKeySecret");
var instance = new STSAssumeRoleSessionCredentialsProvider(longLivedCredentials, roleArn, profile);
var mockClient = new Mock <IAcsClient>();
var client = mockClient.Object;
instance.WithSTSClient(client);
Assert.IsType <STSAssumeRoleSessionCredentialsProvider>(instance);
}
public void WithRoleSessionDurationSecondss()
{
var mock = new Mock <AlibabaCloudCredentials>();
var longLivedCredentials = mock.Object;
var roleArn = "roleArn";
IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", "accessKeyId", "accessKeySecret");
var instance = new STSAssumeRoleSessionCredentialsProvider(longLivedCredentials, roleArn, profile);
long roleSessionDurationSeconds = 1000;
// No Exception
instance.WithRoleSessionDurationSeconds(roleSessionDurationSeconds);
Assert.Throws <ArgumentOutOfRangeException>(
() => { instance.WithRoleSessionDurationSeconds(100); }
);
}
public void SdkManageTokenTest()
{
if (GetRoleArn().Equals("FakeRoleArn"))
{
return;
}
DefaultProfile profile = DefaultProfile.GetProfile("cn-hangzhou", GetBasicAccessKeyId(), GetBasicAccessKeySecret());
BasicCredentials basicCredential = new BasicCredentials(GetBasicAccessKeyId(), GetBasicAccessKeySecret());
STSAssumeRoleSessionCredentialsProvider provider = new STSAssumeRoleSessionCredentialsProvider(basicCredential, GetRoleArn(), profile);
DefaultAcsClient client = new DefaultAcsClient(profile, provider);
var request = new DescribeAccessPointsRequest();
var response = client.GetAcsResponse(request);
Assert.NotNull(response);
Assert.True(0 <= response.TotalCount);
}
public virtual AlibabaCloudCredentials GetRamRoleArnAlibabaCloudCredential()
{
if (String.IsNullOrEmpty(this.accessKeyId) && String.IsNullOrEmpty(this.accessKeySecret) && String.IsNullOrEmpty(this.regionId))
{
throw new ClientException("Missing required variable option for 'default Client'");
}
RamRoleArnCredential credential = new RamRoleArnCredential(
this.accessKeyId,
this.accessKeySecret,
this.roleArn,
this.roleSessionName,
STSAssumeRoleSessionCredentialsProvider.GetNewRoleSessionName(),
STSAssumeRoleSessionCredentialsProvider.DEFAULT_DURATION_SECONDS);
this.defaultProfile = DefaultProfile.GetProfile(this.regionId, this.accessKeyId, this.accessKeySecret);
var sTSAssumeRoleSessionCredentialsProvider = (STSAssumeRoleSessionCredentialsProvider)alibabaCloudCredentialProvider;
RamRoleArnCredential ramRoleArnCredential = (RamRoleArnCredential)sTSAssumeRoleSessionCredentialsProvider.GetCredentials();
return(ramRoleArnCredential);
}
public void GetCredentials()
{
DefaultProfile.ClearDefaultProfile();
var mock = new Mock <AlibabaCloudCredentials>();
mock.Setup(foo => foo.GetAccessKeyId()).Returns("accessKeyId");
mock.Setup(foo => foo.GetAccessKeySecret()).Returns("accessKeySecret");
AlibabaCloudCredentials longLivedCredentials = mock.Object;
IClientProfile profile = DefaultProfile.GetProfile(
"cn-hangzhou",
"accessKeyId",
"accessKeySecret"
);
var mockInstance = new Mock <STSAssumeRoleSessionCredentialsProvider>(longLivedCredentials, "roleArn", profile);
AssumeRoleResponse response = new AssumeRoleResponse();
response.Credentials = new AssumeRoleResponse.AssumeRole_Credentials();
response.Credentials.AccessKeyId = "MockAccessKeyId";
response.Credentials.AccessKeySecret = "MockAccessKeyId";
response.Credentials.SecurityToken = "MockSecurityToken";
mockInstance.Setup(foo => foo.GetResponse(
It.IsAny <AssumeRoleRequest>()
)).Returns(response);
STSAssumeRoleSessionCredentialsProvider instance = mockInstance.Object;
var credentials = instance.GetCredentials(); // 执行credential初始化
Assert.IsType <BasicSessionCredentials>(credentials);
var credentials2 = instance.GetCredentials(); // 不执行credential初始化,直接获取
Assert.IsType <BasicSessionCredentials>(credentials);
Assert.Equal(credentials.GetAccessKeyId(), credentials2.GetAccessKeyId());
Assert.Equal(credentials.GetAccessKeySecret(), credentials2.GetAccessKeySecret());
}
public void STSAssumeRoleCredentialWithPolicyTest()
{
if (GetRoleArn().Equals("FakeRoleArn"))
{
return;
}
var profile = DefaultProfile.GetProfile("cn-shanghai", GetBasicAccessKeyId(), GetBasicAccessKeySecret());
var basicCredential = new BasicCredentials(GetBasicAccessKeyId(), GetBasicAccessKeySecret());
var policy =
"{ \"Version\": \"1\",\"Statement\": [{\"Effect\": \"Deny\",\"Action\": \"vpc:Create*\",\"Resource\": \"acs:vpc:cn-hangzhou:*:*\"}]}";
var provider = new STSAssumeRoleSessionCredentialsProvider(basicCredential, GetRoleArn(), policy, profile);
var client = new DefaultAcsClient(profile, provider);
var request = new CreateVpcRequest();
var exception = Assert.Throws <ClientException>(() => { var response = client.GetAcsResponse(request); });
Assert.Contains(
"Forbidden.RAM : User not authorized to operate on the specified resource, or this API doesn't support RAM.",
exception.Message);
}