From 5977322beb0785247b7e95aac68e76c8e81de9ca Mon Sep 17 00:00:00 2001 From: Alan Ip Date: Mon, 20 Mar 2023 06:41:32 +0000 Subject: [PATCH 1/2] Add strict checking of AWS API mock endpoints. Previously, an unordered list of endpoint definitions were provided to the mock API server and incoming requests were matched with a simple existence lookup. Now: - the list is ordered and requests are matched in FIFO order (i.e. any out-of-sequence request will be returned a HTTP 400); and, - matched requests will be shifted off the list (to avoid being matched multiple times); and, - every test scenario will additionally check that the list of expected endpoints for that scenario is fully exhausted. Ultimately, the result is that each test scenario must match the list of expected endpoints exactly - no more and no less. The objective is to expose duplicated API calls that are not only inefficient, but also potentially cause the API service to rate-limit. --- aws_config_test.go | 38 ++++++++++++++++++++++++++----- awsauth_test.go | 34 +++++++++++++++++++++++----- credentials_test.go | 20 +++++++++++++---- mockdata/mocks.go | 2 +- servicemocks/mock.go | 26 +++++++++++---------- v2/awsv1shim/mockdata/mocks.go | 2 +- v2/awsv1shim/session_test.go | 41 ++++++++++++++++++++++++++++------ 7 files changed, 127 insertions(+), 36 deletions(-) diff --git a/aws_config_test.go b/aws_config_test.go index fd9b4f47..ee113a98 100644 --- a/aws_config_test.go +++ b/aws_config_test.go @@ -1052,7 +1052,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey } } - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -1133,6 +1133,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey if expected, actual := testCase.ExpectedRegion, awsConfig.Region; expected != actual { t.Fatalf("expected region (%s), got: %s", expected, actual) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2489,7 +2494,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey oldEnv := servicemocks.InitSessionTestEnv() defer servicemocks.PopEnv(oldEnv) - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -2545,6 +2550,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(aws.Credentials{}, "Expires")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2768,7 +2778,7 @@ web_identity_token_file = no-such-file os.Setenv(k, v) } - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -2861,6 +2871,11 @@ web_identity_token_file = no-such-file if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(aws.Credentials{}, "Expires")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2934,7 +2949,7 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { tc := testCase t.Run(tc.desc, func(t *testing.T) { - ts := servicemocks.MockAwsApiServer("STS", tc.mockStsEndpoints) + ts := servicemocks.MockAwsApiServer("STS", &tc.mockStsEndpoints) defer ts.Close() tc.config.StsEndpoint = ts.URL @@ -2963,6 +2978,11 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { if part != tc.expectedPartition { t.Errorf("expected partition (%s), got: %s", tc.expectedPartition, part) } + + numMockStsEndpoints := len(tc.mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -3280,9 +3300,10 @@ func TestLogger(t *testing.T) { SecretKey: servicemocks.MockStaticSecretKey, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() config.StsEndpoint = ts.URL @@ -3319,4 +3340,9 @@ func TestLogger(t *testing.T) { t.Errorf("GetAwsAccountIDAndPartition: line %d: expected module %q, got %q", i+1, e, a) } } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } diff --git a/awsauth_test.go b/awsauth_test.go index 15492cfc..bb82125d 100644 --- a/awsauth_test.go +++ b/awsauth_test.go @@ -123,10 +123,10 @@ func TestGetAccountIDAndPartition(t *testing.T) { awsTs := servicemocks.AwsMetadataApiMock(testCase.EC2MetadataEndpoints) defer awsTs() - closeIam, iamConfig, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.IAMEndpoints) + closeIam, iamConfig, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.IAMEndpoints) defer closeIam() - closeSts, stsConfig, _ := mockdata.GetMockedAwsApiSession("STS", testCase.STSEndpoints) + closeSts, stsConfig, _ := mockdata.GetMockedAwsApiSession("STS", &testCase.STSEndpoints) defer closeSts() iamConn := iam.NewFromConfig(iamConfig) @@ -145,6 +145,15 @@ func TestGetAccountIDAndPartition(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.IAMEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } + numMockStsEndpoints := len(testCase.STSEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock STS endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -224,7 +233,7 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.MockEndpoints) + closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.MockEndpoints) defer closeIam() iamClient := iam.NewFromConfig(config) @@ -242,6 +251,11 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } @@ -283,7 +297,7 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.MockEndpoints) + closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.MockEndpoints) defer closeIam() iamClient := iam.NewFromConfig(config) @@ -301,6 +315,11 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } @@ -378,7 +397,7 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeSts, config, _ := mockdata.GetMockedAwsApiSession("STS", testCase.MockEndpoints) + closeSts, config, _ := mockdata.GetMockedAwsApiSession("STS", &testCase.MockEndpoints) defer closeSts() stsClient := sts.NewFromConfig(config) @@ -396,6 +415,11 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } diff --git a/credentials_test.go b/credentials_test.go index 16d27fd9..bd73c2ea 100644 --- a/credentials_test.go +++ b/credentials_test.go @@ -213,10 +213,11 @@ func TestAWSGetCredentials_webIdentityToken(t *testing.T) { }, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, - }) + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() cfg.StsEndpoint = ts.URL @@ -235,6 +236,11 @@ func TestAWSGetCredentials_webIdentityToken(t *testing.T) { servicemocks.MockStsAssumeRoleWithWebIdentitySessionToken, stscreds.WebIdentityProviderName, t) testCredentialsProviderWrappedWithCache(creds, t) + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } func TestAWSGetCredentials_assumeRole(t *testing.T) { @@ -252,10 +258,11 @@ func TestAWSGetCredentials_assumeRole(t *testing.T) { }, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, - }) + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() cfg.StsEndpoint = ts.URL @@ -274,6 +281,11 @@ func TestAWSGetCredentials_assumeRole(t *testing.T) { servicemocks.MockStsAssumeRoleSessionToken, stscreds.ProviderName, t) testCredentialsProviderWrappedWithCache(creds, t) + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } var credentialsFileContentsEnv = `[myprofile] diff --git a/mockdata/mocks.go b/mockdata/mocks.go index 9932e3b7..6904d2b4 100644 --- a/mockdata/mocks.go +++ b/mockdata/mocks.go @@ -14,7 +14,7 @@ import ( ) // GetMockedAwsApiSession establishes an AWS session to a simulated AWS API server for a given service and route endpoints. -func GetMockedAwsApiSession(svcName string, endpoints []*servicemocks.MockEndpoint) (func(), aws.Config, string) { +func GetMockedAwsApiSession(svcName string, endpoints *[]*servicemocks.MockEndpoint) (func(), aws.Config, string) { ts := servicemocks.MockAwsApiServer(svcName, endpoints) sc := credentials.NewStaticCredentialsProvider("accessKey", "secretKey", "") diff --git a/servicemocks/mock.go b/servicemocks/mock.go index 804be234..b8226f63 100644 --- a/servicemocks/mock.go +++ b/servicemocks/mock.go @@ -400,7 +400,7 @@ var ( ) // MockAwsApiServer establishes a httptest server to simulate behaviour of a real AWS API server -func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server { +func MockAwsApiServer(svcName string, endpoints *[]*MockEndpoint) *httptest.Server { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { buf := new(bytes.Buffer) if _, err := buf.ReadFrom(r.Body); err != nil { @@ -413,19 +413,21 @@ func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Serve log.Printf("[DEBUG] Received %s API %q request to %q: %s", svcName, r.Method, r.RequestURI, requestBody) - for _, e := range endpoints { - if r.Method == e.Request.Method && r.RequestURI == e.Request.Uri && requestBody == e.Request.Body { - log.Printf("[DEBUG] Mocked %s API responding with %d: %s", - svcName, e.Response.StatusCode, e.Response.Body) + e := (*endpoints)[0] + log.Printf("[DEBUG2] checking endpoint: %s", e.Request.Body) + if r.Method == e.Request.Method && r.RequestURI == e.Request.Uri && requestBody == e.Request.Body { + log.Printf("[DEBUG] Mocked %s API responding with %d: %s", + svcName, e.Response.StatusCode, e.Response.Body) - w.WriteHeader(e.Response.StatusCode) - w.Header().Set("Content-Type", e.Response.ContentType) - w.Header().Set("X-Amzn-Requestid", "1b206dd1-f9a8-11e5-becf-051c60f11c4a") - w.Header().Set("Date", time.Now().Format(time.RFC1123)) + w.WriteHeader(e.Response.StatusCode) + w.Header().Set("Content-Type", e.Response.ContentType) + w.Header().Set("X-Amzn-Requestid", "1b206dd1-f9a8-11e5-becf-051c60f11c4a") + w.Header().Set("Date", time.Now().Format(time.RFC1123)) - fmt.Fprintln(w, e.Response.Body) - return - } + fmt.Fprintln(w, e.Response.Body) + + *endpoints = (*endpoints)[1:] + return } w.WriteHeader(http.StatusBadRequest) diff --git a/v2/awsv1shim/mockdata/mocks.go b/v2/awsv1shim/mockdata/mocks.go index 4872b693..9404fd0f 100644 --- a/v2/awsv1shim/mockdata/mocks.go +++ b/v2/awsv1shim/mockdata/mocks.go @@ -14,7 +14,7 @@ import ( ) // GetMockedAwsApiSession establishes an AWS session to a simulated AWS API server for a given service and route endpoints. -func GetMockedAwsApiSession(svcName string, endpoints []*servicemocks.MockEndpoint) (func(), *session.Session, error) { +func GetMockedAwsApiSession(svcName string, endpoints *[]*servicemocks.MockEndpoint) (func(), *session.Session, error) { ts := servicemocks.MockAwsApiServer(svcName, endpoints) sc := credentials.NewStaticCredentials("accessKey", "secretKey", "") diff --git a/v2/awsv1shim/session_test.go b/v2/awsv1shim/session_test.go index 80da6cd8..8e4b1ae2 100644 --- a/v2/awsv1shim/session_test.go +++ b/v2/awsv1shim/session_test.go @@ -1141,7 +1141,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey } } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -1238,6 +1238,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey if expected, actual := testCase.ExpectedRegion, aws.StringValue(actualSession.Config.Region); expected != actual { t.Fatalf("expected region (%s), got: %s", expected, actual) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -1538,9 +1543,10 @@ use_fips_endpoint = true os.Setenv(k, v) } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + } + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &mockStsEndpoints) defer closeSts() if err != nil { @@ -1587,6 +1593,11 @@ use_fips_endpoint = true if e, a := testCase.ExpectedUseDualStackEndpoint, actualSession.Config.UseDualStackEndpoint; e != a { t.Errorf("expected UseDualStackEndpoint %q, got: %q", DualStackEndpointStateString(e), DualStackEndpointStateString(a)) } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -1931,7 +1942,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey oldEnv := servicemocks.InitSessionTestEnv() defer servicemocks.PopEnv(oldEnv) - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -2005,6 +2016,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(credentials.Value{}, "ProviderName")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2230,7 +2246,7 @@ web_identity_token_file = no-such-file os.Setenv(k, v) } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -2341,6 +2357,11 @@ web_identity_token_file = no-such-file if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(credentials.Value{}, "ProviderName")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2504,9 +2525,10 @@ func TestLogger(t *testing.T) { } // config.SkipCredsValidation = true - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() config.StsEndpoint = ts.URL @@ -2539,4 +2561,9 @@ func TestLogger(t *testing.T) { t.Errorf("GetSession: line %d: expected module %q, got %q", i+1, e, a) } } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } From d59493a5d65e306b998cca250d8419061ee6d5b2 Mon Sep 17 00:00:00 2001 From: Alan Ip Date: Mon, 20 Mar 2023 06:57:21 +0000 Subject: [PATCH 2/2] Fix strictly incorrect mock endpoints (add missing, remove unused). --- aws_config_test.go | 30 ++++++++++++++++++++++++++++++ awsauth_test.go | 19 ++++--------------- credentials_test.go | 4 ++-- v2/awsv1shim/session_test.go | 30 +++++++++++++++++++++++++++--- 4 files changed, 63 insertions(+), 20 deletions(-) diff --git a/aws_config_test.go b/aws_config_test.go index ee113a98..7a23af6f 100644 --- a/aws_config_test.go +++ b/aws_config_test.go @@ -91,6 +91,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -156,6 +157,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -175,6 +177,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -194,6 +197,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -213,6 +217,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -234,6 +239,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -256,6 +262,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -275,6 +282,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -402,6 +410,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -552,6 +561,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -599,6 +609,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -628,6 +639,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -647,6 +659,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -664,6 +677,8 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -2396,6 +2411,7 @@ func TestAssumeRole(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -2439,6 +2455,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -2455,6 +2472,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2471,6 +2489,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2583,6 +2602,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2597,6 +2617,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2612,6 +2633,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2658,6 +2680,7 @@ role_session_name = %[2]s ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2711,6 +2734,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2726,6 +2750,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2741,6 +2766,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2901,6 +2927,7 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { expectedAcctID: "222222222222", expectedPartition: "aws", mockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, + servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, { @@ -2940,6 +2967,8 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { expectedAcctID: "555555555555", expectedPartition: "aws", mockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, }, }, @@ -3302,6 +3331,7 @@ func TestLogger(t *testing.T) { mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, + servicemocks.MockStsGetCallerIdentityValidEndpoint, } ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() diff --git a/awsauth_test.go b/awsauth_test.go index bb82125d..90a1a5df 100644 --- a/awsauth_test.go +++ b/awsauth_test.go @@ -30,26 +30,15 @@ func TestGetAccountIDAndPartition(t *testing.T) { Description: "EC2 Metadata over iam:GetUser when using EC2 Instance Profile", AuthProviderName: ec2rolecreds.ProviderName, EC2MetadataEndpoints: append(servicemocks.Ec2metadata_securityCredentialsEndpoints, servicemocks.Ec2metadata_instanceIdEndpoint, servicemocks.Ec2metadata_iamInfoEndpoint), - - IAMEndpoints: []*servicemocks.MockEndpoint{ - { - Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"}, - Response: &servicemocks.MockResponse{StatusCode: http.StatusOK, Body: servicemocks.IamResponse_GetUser_valid, ContentType: "text/xml"}, - }, - }, - ExpectedAccountID: servicemocks.Ec2metadata_iamInfoEndpoint_expectedAccountID, - ExpectedPartition: servicemocks.Ec2metadata_iamInfoEndpoint_expectedPartition, + IAMEndpoints: []*servicemocks.MockEndpoint{}, + ExpectedAccountID: servicemocks.Ec2metadata_iamInfoEndpoint_expectedAccountID, + ExpectedPartition: servicemocks.Ec2metadata_iamInfoEndpoint_expectedPartition, }, { Description: "Mimic the metadata service mocked by Hologram (https://github.com/AdRoll/hologram)", AuthProviderName: ec2rolecreds.ProviderName, EC2MetadataEndpoints: servicemocks.Ec2metadata_securityCredentialsEndpoints, - IAMEndpoints: []*servicemocks.MockEndpoint{ - { - Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"}, - Response: &servicemocks.MockResponse{StatusCode: http.StatusForbidden, Body: servicemocks.IamResponse_GetUser_unauthorized, ContentType: "text/xml"}, - }, - }, + IAMEndpoints: []*servicemocks.MockEndpoint{}, STSEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, }, diff --git a/credentials_test.go b/credentials_test.go index bd73c2ea..3116a8b0 100644 --- a/credentials_test.go +++ b/credentials_test.go @@ -215,7 +215,7 @@ func TestAWSGetCredentials_webIdentityToken(t *testing.T) { mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, - servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, } ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() @@ -260,7 +260,7 @@ func TestAWSGetCredentials_assumeRole(t *testing.T) { mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, - servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, } ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() diff --git a/v2/awsv1shim/session_test.go b/v2/awsv1shim/session_test.go index 8e4b1ae2..bb063d08 100644 --- a/v2/awsv1shim/session_test.go +++ b/v2/awsv1shim/session_test.go @@ -139,6 +139,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -158,6 +159,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -177,6 +179,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -196,6 +199,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -215,6 +219,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -236,6 +241,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -258,6 +264,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -277,6 +284,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -404,6 +412,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -554,6 +563,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -601,6 +611,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -630,6 +641,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -649,6 +661,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -665,8 +678,10 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -1543,9 +1558,7 @@ use_fips_endpoint = true os.Setenv(k, v) } - mockStsEndpoints := []*servicemocks.MockEndpoint{ - servicemocks.MockStsGetCallerIdentityValidEndpoint, - } + mockStsEndpoints := []*servicemocks.MockEndpoint{} closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &mockStsEndpoints) defer closeSts() @@ -1842,6 +1855,7 @@ func TestAssumeRole(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -1885,6 +1899,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -1901,6 +1916,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -1917,6 +1933,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2049,6 +2066,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2063,6 +2081,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2078,6 +2097,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2124,6 +2144,7 @@ role_session_name = %[2]s ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2177,6 +2198,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2192,6 +2214,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2207,6 +2230,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), }, },