Skip to content

Commit b62a4e4

Browse files
PanPanZouPanPanZou
committed
feat: support cli provider and uri provider
1 parent 2d2204e commit b62a4e4

24 files changed

+1812
-69
lines changed

aliyun-net-sdk-core.Tests/.aliyun/config.json

+76
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"current": "AK",
3+
"profiles": [
4+
{
5+
"name": "AK",
6+
"mode": "AK",
7+
"access_key_id": "akid",
8+
"access_key_secret": "secret"
9+
},
10+
{
11+
"name": "RamRoleArn",
12+
"mode": "RamRoleArn",
13+
"access_key_id": "akid",
14+
"access_key_secret": "secret",
15+
"ram_role_arn": "arn"
16+
},
17+
{
18+
"name": "RamRoleArnEnableVpc",
19+
"mode": "RamRoleArn",
20+
"access_key_id": "akid",
21+
"access_key_secret": "secret",
22+
"ram_role_arn": "arn",
23+
"sts_region": "cn-hangzhou",
24+
"enable_vpc": true,
25+
"policy": "policy",
26+
"external_id": "id"
27+
},
28+
{
29+
"name": "Invalid_RamRoleArn",
30+
"mode": "RamRoleArn"
31+
},
32+
{
33+
"name": "EcsRamRole",
34+
"mode": "EcsRamRole",
35+
"ram_role_name": "rolename"
36+
},
37+
{
38+
"name": "OIDC",
39+
"mode": "OIDC",
40+
"ram_role_arn": "role_arn",
41+
"oidc_token_file": "path/to/oidc/file",
42+
"oidc_provider_arn": "provider_arn"
43+
},
44+
{
45+
"name": "OIDCEnableVpc",
46+
"mode": "OIDC",
47+
"ram_role_arn": "role_arn",
48+
"oidc_token_file": "path/to/oidc/file",
49+
"oidc_provider_arn": "provider_arn",
50+
"sts_region": "cn-hangzhou",
51+
"enable_vpc": true,
52+
"policy": "policy"
53+
},
54+
{
55+
"name": "ChainableRamRoleArn",
56+
"mode": "ChainableRamRoleArn",
57+
"ram_role_arn": "arn",
58+
"source_profile": "AK"
59+
},
60+
{
61+
"name": "ChainableRamRoleArn1",
62+
"mode": "ChainableRamRoleArn",
63+
"ram_role_arn": "arn",
64+
"source_profile": "ChainableRamRoleArn1"
65+
},
66+
{
67+
"name": "ChainableRamRoleArn2",
68+
"mode": "ChainableRamRoleArn",
69+
"source_profile": "InvalidSource"
70+
},
71+
{
72+
"name": "Unsupported",
73+
"mode": "Unsupported"
74+
}
75+
]
76+
}

aliyun-net-sdk-core.Tests/Units/.aliyun/config.json

+76
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"current": "AK",
3+
"profiles": [
4+
{
5+
"name": "AK",
6+
"mode": "AK",
7+
"access_key_id": "akid",
8+
"access_key_secret": "secret"
9+
},
10+
{
11+
"name": "RamRoleArn",
12+
"mode": "RamRoleArn",
13+
"access_key_id": "akid",
14+
"access_key_secret": "secret",
15+
"ram_role_arn": "arn"
16+
},
17+
{
18+
"name": "RamRoleArnEnableVpc",
19+
"mode": "RamRoleArn",
20+
"access_key_id": "akid",
21+
"access_key_secret": "secret",
22+
"ram_role_arn": "arn",
23+
"sts_region": "cn-hangzhou",
24+
"enable_vpc": true,
25+
"policy": "policy",
26+
"external_id": "id"
27+
},
28+
{
29+
"name": "Invalid_RamRoleArn",
30+
"mode": "RamRoleArn"
31+
},
32+
{
33+
"name": "EcsRamRole",
34+
"mode": "EcsRamRole",
35+
"ram_role_name": "rolename"
36+
},
37+
{
38+
"name": "OIDC",
39+
"mode": "OIDC",
40+
"ram_role_arn": "role_arn",
41+
"oidc_token_file": "path/to/oidc/file",
42+
"oidc_provider_arn": "provider_arn"
43+
},
44+
{
45+
"name": "OIDCEnableVpc",
46+
"mode": "OIDC",
47+
"ram_role_arn": "role_arn",
48+
"oidc_token_file": "path/to/oidc/file",
49+
"oidc_provider_arn": "provider_arn",
50+
"sts_region": "cn-hangzhou",
51+
"enable_vpc": true,
52+
"policy": "policy"
53+
},
54+
{
55+
"name": "ChainableRamRoleArn",
56+
"mode": "ChainableRamRoleArn",
57+
"ram_role_arn": "arn",
58+
"source_profile": "AK"
59+
},
60+
{
61+
"name": "ChainableRamRoleArn1",
62+
"mode": "ChainableRamRoleArn",
63+
"ram_role_arn": "arn",
64+
"source_profile": "ChainableRamRoleArn1"
65+
},
66+
{
67+
"name": "ChainableRamRoleArn2",
68+
"mode": "ChainableRamRoleArn",
69+
"source_profile": "InvalidSource"
70+
},
71+
{
72+
"name": "Unsupported",
73+
"mode": "Unsupported"
74+
}
75+
]
76+
}

aliyun-net-sdk-core.Tests/Units/Auth/CLIProfileCredentialsProviderTest.cs

+149
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
using System;
2+
using Aliyun.Acs.Core.Auth;
3+
using Aliyun.Acs.Core.Auth.Provider;
4+
using Aliyun.Acs.Core.Exceptions;
5+
using Aliyun.Acs.Core.Utils;
6+
using Newtonsoft.Json;
7+
using Xunit;
8+
9+
10+
namespace Aliyun.Acs.Core.Tests.Units.Auth
11+
{
12+
public class CLIProfileCredentialsProviderTest
13+
{
14+
[Fact]
15+
public void GetProfileNameTest()
16+
{
17+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
18+
Assert.Null(provider.GetProfileName());
19+
provider = new CLIProfileCredentialsProvider("AK");
20+
Assert.Equal("AK", provider.GetProfileName());
21+
22+
var cacheProfile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_PROFILE");
23+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "TEST");
24+
provider = new CLIProfileCredentialsProvider();
25+
Assert.Equal("TEST", provider.GetProfileName());
26+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);
27+
28+
var path = TestHelper.GetCLIConfigFilePath("aliyun");
29+
provider = new CLIProfileCredentialsProvider();
30+
var credential = provider.GetCredentials(path);
31+
32+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", "AK");
33+
credential = provider.GetCredentials(path);
34+
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_PROFILE", cacheProfile);
35+
36+
path = TestHelper.GetCLIConfigFilePath("empty");
37+
var ex = Assert.Throws<ClientException>(() => provider.GetCredentials(path));
38+
Assert.Equal("Unable to get profile form empty CLI credentials file.", ex.Message);
39+
}
40+
41+
[Fact]
42+
public void ShouldReloadCredentialsProviderTest()
43+
{
44+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
45+
Assert.True(provider.ShouldReloadCredentialsProvider(""));
46+
}
47+
48+
[Fact]
49+
public void DisableCLIProfileTest()
50+
{
51+
bool isDisableCLIProfile = AuthUtils.EnvironmentDisableCLIProfile;
52+
AuthUtils.EnvironmentDisableCLIProfile = true;
53+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
54+
var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
55+
Assert.Contains("CLI credentials file is disabled.", ex.Message);
56+
AuthUtils.EnvironmentDisableCLIProfile = isDisableCLIProfile;
57+
}
58+
59+
[Fact]
60+
public void ParseProfileTest()
61+
{
62+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
63+
var ex = Assert.Throws<ClientException>(() => { provider.ParseProfile("./not_exist_config.json"); });
64+
Assert.Contains("Unable to open credentials file", ex.Message);
65+
66+
string configPath = TestHelper.GetCLIConfigFilePath("invalid");
67+
ex = Assert.Throws<ClientException>(() => { provider.ParseProfile(configPath); });
68+
Assert.Contains("Failed to parse credential from CLI credentials file", ex.Message);
69+
70+
configPath = TestHelper.GetCLIConfigFilePath("empty");
71+
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
72+
Assert.Null(config);
73+
74+
configPath = TestHelper.GetCLIConfigFilePath("mock_empty");
75+
config = provider.ParseProfile(configPath);
76+
Assert.NotNull(config);
77+
Assert.Null(config.GetCurrent());
78+
Assert.Null(config.GetProfiles());
79+
80+
configPath = TestHelper.GetCLIConfigFilePath("full");
81+
config = provider.ParseProfile(configPath);
82+
Assert.Equal("AK", config.GetCurrent());
83+
Assert.Equal(5, config.GetProfiles().Count);
84+
var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore };
85+
Assert.Equal(
86+
"[{\"name\":\"AK\",\"mode\":\"AK\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\"},{\"name\":\"RamRoleArn\",\"mode\":\"RamRoleArn\",\"access_key_id\":\"access_key_id\",\"access_key_secret\":\"access_key_secret\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"enable_vpc\":true},{\"name\":\"EcsRamRole\",\"mode\":\"EcsRamRole\",\"ram_role_name\":\"ram_role_name\"},{\"name\":\"OIDC\",\"mode\":\"OIDC\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"oidc_token_file\":\"path/to/oidc/file\",\"oidc_provider_arn\":\"oidc_provider_arn\"},{\"name\":\"ChainableRamRoleArn\",\"mode\":\"ChainableRamRoleArn\",\"ram_role_arn\":\"ram_role_arn\",\"ram_session_name\":\"ram_session_name\",\"expired_seconds\":3600,\"sts_region\":\"cn-hangzhou\",\"source_profile\":\"AK\"}]",
87+
JsonConvert.SerializeObject(config.GetProfiles(), settings));
88+
}
89+
90+
[Fact]
91+
public void ReloadCredentialsProviderTest()
92+
{
93+
CLIProfileCredentialsProvider provider = new CLIProfileCredentialsProvider();
94+
var configPath = TestHelper.GetCLIConfigFilePath("aliyun");
95+
CLIProfileCredentialsProvider.Config config = provider.ParseProfile(configPath);
96+
var ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "notExist"); });
97+
Assert.Contains("Unable to get profile with 'notExist' form CLI credentials file.", ex.Message);
98+
99+
AlibabaCloudCredentialsProvider credentialsProvider = provider.ReloadCredentialsProvider(config, "AK");
100+
Assert.True(credentialsProvider is StaticCredentialsProvider);
101+
AlibabaCloudCredentials credential = credentialsProvider.GetCredentials();
102+
Assert.Equal("akid", credential.GetAccessKeyId());
103+
Assert.Equal("secret", credential.GetAccessKeySecret());
104+
105+
credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArn");
106+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
107+
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
108+
Assert.Contains("InvalidAccessKeyId.NotFound", ex.Message);
109+
110+
credentialsProvider = provider.ReloadCredentialsProvider(config, "RamRoleArnEnableVpc");
111+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
112+
ex = Assert.Throws<ClientException>(() => { credentialsProvider.GetCredentials(); });
113+
Assert.Contains("the request url is sts-vpc.cn-hangzhou.aliyuncs.com", ex.Message);
114+
115+
var ex1 = Assert.Throws<ArgumentOutOfRangeException>(() =>
116+
{
117+
provider.ReloadCredentialsProvider(config, "Invalid_RamRoleArn");
118+
});
119+
Assert.Contains("Access key ID cannot be null.", ex1.Message);
120+
121+
credentialsProvider = provider.ReloadCredentialsProvider(config, "EcsRamRole");
122+
Assert.True(credentialsProvider is InstanceProfileCredentialsProvider);
123+
124+
credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDC");
125+
Assert.True(credentialsProvider is OIDCCredentialsProvider);
126+
127+
credentialsProvider = provider.ReloadCredentialsProvider(config, "OIDCEnableVpc");
128+
Assert.True(credentialsProvider is OIDCCredentialsProvider);
129+
130+
credentialsProvider = provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn");
131+
Assert.True(credentialsProvider is STSAssumeRoleSessionCredentialsProvider);
132+
133+
ex = Assert.Throws<ClientException>(() =>
134+
{
135+
provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn1");
136+
});
137+
Assert.Equal("Source profile name can not be the same as profile name.", ex.Message);
138+
139+
ex = Assert.Throws<ClientException>(() =>
140+
{
141+
provider.ReloadCredentialsProvider(config, "ChainableRamRoleArn2");
142+
});
143+
Assert.Contains("Unable to get profile with 'InvalidSource' form CLI credentials file.", ex.Message);
144+
145+
ex = Assert.Throws<ClientException>(() => { provider.ReloadCredentialsProvider(config, "Unsupported"); });
146+
Assert.Contains("Unsupported profile mode 'Unsupported' form CLI credentials file.", ex.Message);
147+
}
148+
}
149+
}

aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

+23-3
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,22 @@ namespace Aliyun.Acs.Core.Tests.Units.Auth.Provider
3434
{
3535
public class DefaultCredentialProviderTest
3636
{
37+
[Fact]
38+
public void GetCredentials()
39+
{
40+
var provider = new DefaultCredentialProvider(false);
41+
Assert.NotNull(provider);
42+
Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
43+
44+
var testProvider = new STSAssumeRoleSessionCredentialsProvider.Builder()
45+
.AccessKeyId("accessKeyId2")
46+
.AccessKeySecret("accessKeySecret")
47+
.RoleArn("roleArn")
48+
.Build();
49+
50+
new DefaultCredentialProvider(null, testProvider);
51+
52+
}
3753
/*
3854
Case: Should throw ClientException("There is no credential chain can use")
3955
*/
@@ -62,7 +78,11 @@ public void GetCredentialWithException()
6278
var credential = defaultProvider.GetCredentials();
6379
});
6480

65-
Assert.Equal("There is no credential chain can use.", exception.Message);
81+
var mes = exception.Message;
82+
Assert.Contains("There is no credential chain can use: [EnvironmentVariableCredentialsProvider: Environment variable accessKeyId cannot be empty,", exception.Message);
83+
Assert.Contains("CLIProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
84+
Assert.Contains("ProfileCredentialsProvider: Unable to open credentials file: ", exception.Message);
85+
Assert.Contains("InstanceProfileCredentialsProvider: Failed to get RAM session credentials from ECS metadata service. Reason: Aliyun.Acs.Core.Exceptions.ClientException: SDK.WebException : HttpWebRequest WebException occured, ", exception.Message);
6686
}
6787

6888
/*
@@ -126,7 +146,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()
126146

127147
TestHelper.DeleteIniFile();
128148

129-
Assert.Equal("Access key ID cannot be null.", exception.Message);
149+
Assert.Contains("Access key ID cannot be null.", exception.Message);
130150
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
131151
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
132152
Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
@@ -217,7 +237,7 @@ public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole()
217237
mockDefaultCredentialProvider.Setup(x => x.GetInstanceRamRoleAlibabaCloudCredential())
218238
.Returns(ecsRamRoleCredential);
219239
mockDefaultCredentialProvider.Setup(x => x.GetHomePath()).Returns(mockHomePath);
220-
240+
221241
var defaultCredentialProvider = mockDefaultCredentialProvider.Object;
222242
var credential = (InstanceProfileCredentials)defaultCredentialProvider.GetAlibabaCloudClientCredential();
223243

aliyun-net-sdk-core.Tests/Units/Auth/URLCredentialProviderTest.cs

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
using System;
2+
using Aliyun.Acs.Core.Auth.Provider;
3+
using Aliyun.Acs.Core.Exceptions;
4+
using Xunit;
5+
6+
namespace Aliyun.Acs.Core.Tests.Units.Auth
7+
{
8+
public class URLCredentialProviderTest
9+
{
10+
[Fact]
11+
public void TestConstructor()
12+
{
13+
URLCredentialProvider provider;
14+
var ex = Assert.Throws<ArgumentNullException>(() =>
15+
provider = new URLCredentialProvider.Builder().CredentialsURI("").Build());
16+
Assert.Contains("Credential URI or environment variable ALIBABA_CLOUD_CREDENTIALS_URI cannot be empty.",
17+
ex.Message);
18+
var ex1 = Assert.Throws<ClientException>(() =>
19+
provider = new URLCredentialProvider.Builder().CredentialsURI("url").Build());
20+
Assert.Contains("Credential URI is not valid.", ex1.Message);
21+
provider = new URLCredentialProvider.Builder().CredentialsURI("http://test").Build();
22+
provider = new URLCredentialProvider.Builder().CredentialsURI(new Uri("http://test")).Build();
23+
}
24+
25+
[Fact]
26+
public void TestGetCredentials()
27+
{
28+
var provider = new URLCredentialProvider.Builder()
29+
.CredentialsURI("http://10.10.10.10")
30+
.ConnectTimeout(2000)
31+
.ReadTimeout(2000)
32+
.Build();
33+
34+
var ex = Assert.Throws<ClientException>(() => { provider.GetCredentials(); });
35+
Assert.StartsWith("Failed to connect Server: http://10.10.10.10", ex.Message);
36+
}
37+
}
38+
}

0 commit comments

Comments
 (0)