public async Task TestAssumeRoleWithWebIdentityCredentialsPropertiesUsedInAsyncSTSCallAsync() { #region Setup // Set up request variables var dummyToken = "dummyToken"; var dummyRoleArn = "dummyRoleArn"; var dummyRoleSessionName = "dummyRoleSessionName"; var dummyOptions = new AssumeRoleWithWebIdentityCredentialsOptions(); var currentDirectory = Directory.GetCurrentDirectory(); var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt"); File.WriteAllText(webIdentityTokenFilePath, dummyToken); var equalityCheck = new Func <AssumeRoleWithWebIdentityRequest, bool>(req => { return(req.DurationSeconds.Equals(dummyOptions.DurationSeconds ?? 0) && string.Equals(req.Policy, dummyOptions.Policy) && Equals(req.PolicyArns, dummyOptions.PolicyArns) && Equals(req.ProviderId, dummyOptions.ProviderId) && req.RoleArn.Equals(dummyRoleArn) && req.RoleSessionName.Equals(dummyRoleSessionName) && req.WebIdentityToken.Equals(dummyToken)); }); var envVariables = new Dictionary <string, string>() { { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath }, { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, dummyRoleArn }, { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, dummyRoleSessionName }, }; // Set up response var dummyAccessKeyId = "dummyAccessKeyId"; var dummySecretAccessKey = "dummySecretAccessKey"; var dummySessionToken = "dummySessionToken"; var dummyExpiration = DateTime.UtcNow.AddDays(1); var forcedResponse = new AssumeRoleWithWebIdentityResponse() { Credentials = new Credentials(dummyAccessKeyId, dummySecretAccessKey, dummySessionToken, dummyExpiration) }; // Setup service client mock var mock = new Mock <AmazonSecurityTokenServiceClient>(); Expression <Func <AmazonSecurityTokenServiceClient, Task <AssumeRoleWithWebIdentityResponse> > > stsCall = c => c.AssumeRoleWithWebIdentityAsync(It.Is <AssumeRoleWithWebIdentityRequest>(req => equalityCheck(req)), new System.Threading.CancellationToken()); mock.Setup(stsCall).Returns(Task.FromResult(forcedResponse)); // Setup credentials using (var testCredentials = new AssumeRoleWithWebIdentityTestCredentials(webIdentityTokenFilePath, dummyRoleArn, dummyRoleSessionName, dummyOptions) { Client = mock.Object }) { using (new FallbackFactoryTestFixture(ProfileText, "default", envVariables)) { #endregion Setup #region Act await testCredentials.GetCredentialsAsync().ConfigureAwait(false); #endregion Act } } // Verify that the credential properties were used for the STS call mock.Verify(stsCall, Times.Once); }
public void TestAssumeRoleWithWebIdentity_FromSharedProfile() { #region Setup var webIdentityToken = "Dummy.OIDC.Token"; var currentDirectory = Directory.GetCurrentDirectory(); var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt"); File.WriteAllText(webIdentityTokenFilePath, webIdentityToken); var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath); AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials; var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>(); mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>())) .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1))); using (new FallbackFactoryTestFixture(profileText, "default")) { #endregion Setup #region Act var awsCredentials = FallbackCredentialsFactory.GetCredentials(); webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null) { Client = mockClient.Object }; webIdentityCredentials.GetCredentials(); #endregion Act } #region Assert Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile); Assert.AreEqual("some-arn-2", webIdentityCredentials.RoleArn); Assert.AreEqual("some-session-name-2", webIdentityCredentials.RoleSessionName); #endregion Assert webIdentityCredentials.Dispose(); }
public void TestRetriesOnException <T>(T exception) where T : AmazonServiceException { var webIdentityToken = "Dummy.OIDC.Token"; var roleArn = "someRoleArn"; var roleSessionName = "someRoleSessionName"; var currentDirectory = Directory.GetCurrentDirectory(); var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt"); File.WriteAllText(webIdentityTokenFilePath, webIdentityToken); var envVariables = new Dictionary <string, string>() { { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath }, { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn }, { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName }, }; AWSCredentials awsCredentials; using (new FallbackFactoryTestFixture(envVariables)) { awsCredentials = FallbackCredentialsFactory.GetCredentials(); } var webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null); var retries = 0; var client = webIdentityCredentials.Client as AmazonSecurityTokenServiceClient; var pipeline = client .GetType() .GetProperty("RuntimePipeline", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic) .GetValue(client, null) as RuntimePipeline; // Setup STS failures var credentialsRetriever = new Mock <CredentialsRetriever>(awsCredentials); credentialsRetriever.Setup(cr => cr.InvokeSync(It.IsAny <IExecutionContext>())).Throws(exception); // Setting up the exception here pipeline.ReplaceHandler <CredentialsRetriever>(credentialsRetriever.Object); // Setup retry count notifications var retryHandler = pipeline.Handlers.Find(h => h is RetryHandler) as RetryHandler; var notifyingRetryHandler = new NotifyingRetryHandler(client.Config); notifyingRetryHandler.AddHandler((object sender, RetryEventArgs e) => { retries++; }); pipeline.ReplaceHandler <RetryHandler>(notifyingRetryHandler); var defaultRetryPolicy = new DefaultRetryPolicy(client.Config); using (new FallbackFactoryTestFixture(envVariables)) { // Act and Assert Assert.ThrowsException <AmazonClientException>(() => webIdentityCredentials.GetCredentials()); } Assert.AreEqual(defaultRetryPolicy.MaxRetries, retries); webIdentityCredentials.Dispose(); }
public void TestAssumeRoleWithWebIdentity_SessionNameNotProvided() { #region Setup var webIdentityToken = "Dummy.OIDC.Token"; var roleArn = "someRoleArn"; var currentDirectory = Directory.GetCurrentDirectory(); var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt"); File.WriteAllText(webIdentityTokenFilePath, webIdentityToken); var envVariables = new Dictionary <string, string>() { { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath }, { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn }, { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, "" }, }; AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials; AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials2; var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>(); mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>())) .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1))); using (new FallbackFactoryTestFixture(ProfileText, "default", envVariables)) { #endregion Setup #region Action // Get credentials once var awsCredentials = FallbackCredentialsFactory.GetCredentials(); webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null) { Client = mockClient.Object }; webIdentityCredentials.GetCredentials(); // Get credentials again var awsCredentials2 = FallbackCredentialsFactory.GetCredentials(); webIdentityCredentials2 = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null) { Client = mockClient.Object }; webIdentityCredentials2.GetCredentials(); #endregion Action } #region Assert Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile); Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn); var guidRoleSessionName = webIdentityCredentials.RoleSessionName; Assert.IsTrue(Guid.TryParse(guidRoleSessionName, out Guid guid)); Assert.AreEqual(guidRoleSessionName, webIdentityCredentials2.RoleSessionName); #endregion Assert webIdentityCredentials.Dispose(); webIdentityCredentials2.Dispose(); }
public void TestAssumeRoleWithWebIdentity_DefinedBothInEnvAndConfig() { #region Setup var webIdentityToken = "Dummy.OIDC.Token"; var webIdentityToken2 = "Dummy.OIDC.Token2"; var roleArn = "someRoleArn"; var roleSessionName = "someRoleSessionName"; var currentDirectory = Directory.GetCurrentDirectory(); var webIdentityTokenFilePath = Path.Combine(currentDirectory, "my-token.jwt"); File.WriteAllText(webIdentityTokenFilePath, webIdentityToken); var webIdentityTokenFilePath2 = Path.Combine(currentDirectory, "my-token2.jwt"); File.WriteAllText(webIdentityTokenFilePath2, webIdentityToken2); var envVariables = new Dictionary <string, string>() { { AssumeRoleWithWebIdentityCredentials.WebIdentityTokenFileEnvVariable, webIdentityTokenFilePath }, { AssumeRoleWithWebIdentityCredentials.RoleArnEnvVariable, roleArn }, { AssumeRoleWithWebIdentityCredentials.RoleSessionNameEnvVariable, roleSessionName }, }; var profileText = GetAssumeRoleWithWebIdentityProfileText(webIdentityTokenFilePath2); AssumeRoleWithWebIdentityTestCredentials webIdentityCredentials; var mockClient = new Mock <ICoreAmazonSTS_WebIdentity>(); mockClient.Setup(c => c.CredentialsFromAssumeRoleWithWebIdentityAuthentication(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <AssumeRoleWithWebIdentityCredentialsOptions>())) .Returns(new AssumeRoleImmutableCredentials("dummyAccessKeyId", "dummySecret", "dummyToken", DateTime.UtcNow.AddDays(1))); using (new FallbackFactoryTestFixture(profileText, "default", envVariables)) { #endregion Setup #region Action var awsCredentials = FallbackCredentialsFactory.GetCredentials(); webIdentityCredentials = new AssumeRoleWithWebIdentityTestCredentials((AssumeRoleWithWebIdentityCredentials)awsCredentials, null) { Client = mockClient.Object }; webIdentityCredentials.GetCredentials(); #endregion Action } #region Assert Assert.AreEqual(webIdentityTokenFilePath, webIdentityCredentials.WebIdentityTokenFile); Assert.AreEqual(roleArn, webIdentityCredentials.RoleArn); Assert.AreEqual(roleSessionName, webIdentityCredentials.RoleSessionName); #endregion Assert webIdentityCredentials.Dispose(); }