2015-01-02 12:34:40 -05:00
|
|
|
Shindo.tests('AWS | credentials', ['aws']) do
|
2014-12-30 17:25:09 -05:00
|
|
|
old_mock_value = Excon.defaults[:mock]
|
2016-05-19 13:47:05 -04:00
|
|
|
fog_was_mocked = Fog.mocking?
|
2014-12-30 17:25:09 -05:00
|
|
|
Excon.stubs.clear
|
2017-06-30 16:13:11 -04:00
|
|
|
Fog.unmock!
|
2014-12-30 17:25:09 -05:00
|
|
|
begin
|
|
|
|
|
Excon.defaults[:mock] = true
|
|
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/"}, {:status => 200, :body => 'arole'})
|
2016-06-29 18:33:10 -04:00
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/placement/availability-zone/"}, {:status => 200, :body => 'us-west-1a'})
|
2014-12-30 17:25:09 -05:00
|
|
|
|
|
|
|
|
expires_at = Time.at(Time.now.to_i + 500)
|
|
|
|
|
credentials = {
|
|
|
|
|
'AccessKeyId' => 'dummykey',
|
|
|
|
|
'SecretAccessKey' => 'dummysecret',
|
|
|
|
|
'Token' => 'dummytoken',
|
|
|
|
|
'Expiration' => expires_at.xmlschema
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/arole"}, {:status => 200, :body => Fog::JSON.encode(credentials)})
|
|
|
|
|
|
|
|
|
|
tests("#fetch_credentials") do
|
|
|
|
|
returns({:aws_access_key_id => 'dummykey',
|
|
|
|
|
:aws_secret_access_key => 'dummysecret',
|
|
|
|
|
:aws_session_token => 'dummytoken',
|
2016-06-29 18:33:10 -04:00
|
|
|
:region => "us-west-1",
|
2018-09-12 05:35:01 -04:00
|
|
|
:aws_credentials_expire_at => expires_at}) { Fog::AWS::Compute.fetch_credentials(:use_iam_profile => true) }
|
2014-12-30 17:25:09 -05:00
|
|
|
end
|
|
|
|
|
|
2016-07-25 19:36:29 -04:00
|
|
|
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = '/v1/credentials?id=task_id'
|
|
|
|
|
Excon.stub({:method => :get, :path => '/v1/credentials?id=task_id'}, {:status => 200, :body => Fog::JSON.encode(credentials)})
|
|
|
|
|
|
|
|
|
|
tests("#fetch_credentials") do
|
|
|
|
|
returns({:aws_access_key_id => 'dummykey',
|
|
|
|
|
:aws_secret_access_key => 'dummysecret',
|
|
|
|
|
:aws_session_token => 'dummytoken',
|
|
|
|
|
:region => "us-west-1",
|
2018-09-12 05:35:01 -04:00
|
|
|
:aws_credentials_expire_at => expires_at}) { Fog::AWS::Compute.fetch_credentials(:use_iam_profile => true) }
|
2016-07-25 19:36:29 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = nil
|
|
|
|
|
|
2018-09-12 05:35:01 -04:00
|
|
|
compute = Fog::AWS::Compute.new(:use_iam_profile => true)
|
2014-12-30 17:25:09 -05:00
|
|
|
|
|
|
|
|
tests("#refresh_credentials_if_expired") do
|
|
|
|
|
returns(nil){compute.refresh_credentials_if_expired}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
credentials['AccessKeyId'] = 'newkey'
|
|
|
|
|
credentials['SecretAccessKey'] = 'newsecret'
|
|
|
|
|
credentials['Expiration'] = (expires_at + 10).xmlschema
|
|
|
|
|
|
|
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/arole"}, {:status => 200, :body => Fog::JSON.encode(credentials)})
|
|
|
|
|
|
|
|
|
|
Fog::Time.now = expires_at + 1
|
|
|
|
|
tests("#refresh_credentials_if_expired") do
|
|
|
|
|
returns(true){compute.refresh_credentials_if_expired}
|
|
|
|
|
returns("newkey"){ compute.instance_variable_get(:@aws_access_key_id)}
|
|
|
|
|
end
|
|
|
|
|
Fog::Time.now = Time.now
|
|
|
|
|
|
2018-09-12 05:35:01 -04:00
|
|
|
default_credentials = Fog::AWS::Compute.fetch_credentials({})
|
2014-12-30 17:25:09 -05:00
|
|
|
tests("#fetch_credentials when the url 404s") do
|
|
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/iam/security-credentials/"}, {:status => 404, :body => 'not bound'})
|
2016-06-29 20:18:22 -04:00
|
|
|
Excon.stub({:method => :get, :path => "/latest/meta-data/placement/availability-zone/"}, {:status => 400, :body => 'not found'})
|
2018-09-12 05:35:01 -04:00
|
|
|
returns(default_credentials) {Fog::AWS::Compute.fetch_credentials(:use_iam_profile => true)}
|
2014-12-30 17:25:09 -05:00
|
|
|
end
|
|
|
|
|
|
2017-06-30 16:13:11 -04:00
|
|
|
mocked_credentials = {
|
2017-06-30 16:26:34 -04:00
|
|
|
:aws_access_key_id => "access-key-id",
|
|
|
|
|
:aws_secret_access_key => "secret-access-key",
|
|
|
|
|
:aws_session_token => "session-token",
|
|
|
|
|
:aws_credentials_expire_at => Time.at(Time.now.to_i + 500).xmlschema
|
2017-06-30 16:13:11 -04:00
|
|
|
}
|
|
|
|
|
tests("#fetch_credentials when mocking") do
|
|
|
|
|
Fog.mock!
|
2018-09-12 05:35:01 -04:00
|
|
|
Fog::AWS::Compute::Mock.data[:iam_role_based_creds] = mocked_credentials
|
|
|
|
|
returns(mocked_credentials) {Fog::AWS::Compute.fetch_credentials(:use_iam_profile => true)}
|
2017-06-30 16:13:11 -04:00
|
|
|
end
|
|
|
|
|
|
2014-12-30 17:25:09 -05:00
|
|
|
ensure
|
2016-07-25 19:36:29 -04:00
|
|
|
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = nil
|
2014-12-30 17:25:09 -05:00
|
|
|
Excon.stubs.clear
|
|
|
|
|
Excon.defaults[:mock] = old_mock_value
|
2017-06-30 16:13:11 -04:00
|
|
|
Fog.mock! if fog_was_mocked
|
2014-12-30 17:25:09 -05:00
|
|
|
end
|
|
|
|
|
end
|
