Exemplo n.º 1
0
        public void TestAssumeRoleWithWebIdentity_FromSharedProfile()
        {
            #region Setup
            var webIdentityToken         = "Dummy.OIDC.Token";
            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);
            var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath);
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(profileText, "default"))
            {
                #endregion Setup

                #region Act
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                #endregion Act
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual("some-arn-2", webIdentityCredentials.RoleArn);
            Assert.AreEqual("some-session-name-2", webIdentityCredentials.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
        }
        public void TestRetriesOnException <T>(T exception) where T : AmazonServiceException
        {
            var webIdentityToken = "Dummy.OIDC.Token";
            var roleArn          = "someRoleArn";
            var roleSessionName  = "someRoleSessionName";

            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");

            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName },
            };

            AWSCredentials awsCredentials;

            using (new FallbackFactoryTestFixture(envVariables))
            {
                awsCredentials = FallbackCredentialsFactory.GetCredentials();
            }

            var webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null);
            var retries  = 0;
            var client   = webIdentityCredentials.Client as AmazonSecurityTokenServiceClient;
            var pipeline = client
                           .GetType()
                           .GetProperty("RuntimePipeline", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic)
                           .GetValue(client, null)
                           as RuntimePipeline;
            // Setup STS failures
            var credentialsRetriever = new Mock <CredentialsRetriever>(awsCredentials);

            credentialsRetriever.Setup(cr => cr.InvokeSync(It.IsAny <IExecutionContext>())).Throws(exception); // Setting up the exception here
            pipeline.ReplaceHandler <CredentialsRetriever>(credentialsRetriever.Object);
            // Setup retry count notifications
            var retryHandler          = pipeline.Handlers.Find(h => h is RetryHandler) as RetryHandler;
            var notifyingRetryHandler = new NotifyingRetryHandler(client.Config);

            notifyingRetryHandler.AddHandler((object sender, RetryEventArgs e) => { retries++; });
            pipeline.ReplaceHandler <RetryHandler>(notifyingRetryHandler);
            var defaultRetryPolicy = new DefaultRetryPolicy(client.Config);

            using (new FallbackFactoryTestFixture(envVariables))
            {
                // Act and Assert
                Assert.ThrowsException <AmazonClientException>(() => webIdentityCredentials.GetCredentials());
            }

            Assert.AreEqual(defaultRetryPolicy.MaxRetries, retries);

            webIdentityCredentials.Dispose();
        }
Exemplo n.º 3
0
        public void TestAssumeRoleWithWebIdentity_SessionNameNotProvided()
        {
            #region Setup
            var webIdentityToken         = "Dummy.OIDC.Token";
            var roleArn                  = "someRoleArn";
            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, "" },
            };

            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials2;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(ProfileText, "default", envVariables))
            {
                #endregion Setup

                #region Action
                // Get credentials once
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                // Get credentials again
                var awsCredentials2 = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials2 = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials2.GetCredentials();
                #endregion Action
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn);
            var guidRoleSessionName = webIdentityCredentials.RoleSessionName;
            Assert.IsTrue(Guid.TryParse(guidRoleSessionName, out Guid guid));
            Assert.AreEqual(guidRoleSessionName, webIdentityCredentials2.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
            webIdentityCredentials2.Dispose();
        }
Exemplo n.º 4
0
        public void TestAssumeRoleWithWebIdentity_DefinedBothInEnvAndConfig()
        {
            #region Setup
            var webIdentityToken  = "Dummy.OIDC.Token";
            var webIdentityToken2 = "Dummy.OIDC.Token2";
            var roleArn           = "someRoleArn";
            var roleSessionName   = "someRoleSessionName";

            var currentDirectory         = Directory.GetCurrentDirectory();
            var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt");
            File.WriteAllText(webIdentityTokenFilePath, webIdentityToken);
            var webIdentityTokenFilePath2 = Path.Combine(currentDirectory, "my-token2.jwt");
            File.WriteAllText(webIdentityTokenFilePath2, webIdentityToken2);

            var envVariables = new Dictionary <string, string>()
            {
                { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath },
                { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn },
                { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName },
            };

            var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath2);
            AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials;
            var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>();
            mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>()))
            .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1)));
            using (new FallbackFactoryTestFixture(profileText, "default", envVariables))
            {
                #endregion Setup

                #region Action
                var awsCredentials = FallbackCredentialsFactory.GetCredentials();
                webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null)
                {
                    Client = mockClient.Object
                };
                webIdentityCredentials.GetCredentials();
                #endregion Action
            }

            #region Assert
            Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile);
            Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn);
            Assert.AreEqual(roleSessionName, webIdentityCredentials.RoleSessionName);
            #endregion Assert

            webIdentityCredentials.Dispose();
        }