mirror of
https://github.com/grafana/grafana.git
synced 2025-02-11 08:05:43 -06:00
108 lines
2.8 KiB
Go
108 lines
2.8 KiB
Go
package cloudwatch
|
|
|
|
import (
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/client"
|
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
|
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/google/go-cmp/cmp/cmpopts"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// Test cloudWatchExecutor.newSession with assumption of IAM role.
|
|
func TestNewSession_AssumeRole(t *testing.T) {
|
|
origNewSession := newSession
|
|
origNewSTSCredentials := newSTSCredentials
|
|
origNewEC2Metadata := newEC2Metadata
|
|
t.Cleanup(func() {
|
|
newSession = origNewSession
|
|
newSTSCredentials = origNewSTSCredentials
|
|
newEC2Metadata = origNewEC2Metadata
|
|
})
|
|
newSession = func(cfgs ...*aws.Config) (*session.Session, error) {
|
|
cfg := aws.Config{}
|
|
cfg.MergeIn(cfgs...)
|
|
return &session.Session{
|
|
Config: &cfg,
|
|
}, nil
|
|
}
|
|
newSTSCredentials = func(c client.ConfigProvider, roleARN string,
|
|
options ...func(*stscreds.AssumeRoleProvider)) *credentials.Credentials {
|
|
p := &stscreds.AssumeRoleProvider{
|
|
RoleARN: roleARN,
|
|
}
|
|
for _, o := range options {
|
|
o(p)
|
|
}
|
|
|
|
return credentials.NewCredentials(p)
|
|
}
|
|
newEC2Metadata = func(p client.ConfigProvider, cfgs ...*aws.Config) *ec2metadata.EC2Metadata {
|
|
return nil
|
|
}
|
|
|
|
duration := stscreds.DefaultDuration
|
|
|
|
t.Run("Without external ID", func(t *testing.T) {
|
|
t.Cleanup(func() {
|
|
sessCache = map[string]envelope{}
|
|
})
|
|
|
|
const roleARN = "test"
|
|
|
|
e := newExecutor(nil)
|
|
e.DataSource = fakeDataSource(fakeDataSourceCfg{
|
|
assumeRoleARN: roleARN,
|
|
})
|
|
|
|
sess, err := e.newSession(defaultRegion)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, sess)
|
|
|
|
expCreds := credentials.NewCredentials(&stscreds.AssumeRoleProvider{
|
|
RoleARN: roleARN,
|
|
Duration: duration,
|
|
})
|
|
diff := cmp.Diff(expCreds, sess.Config.Credentials, cmp.Exporter(func(_ reflect.Type) bool {
|
|
return true
|
|
}), cmpopts.IgnoreFields(stscreds.AssumeRoleProvider{}, "Expiry"))
|
|
assert.Empty(t, diff)
|
|
})
|
|
|
|
t.Run("With external ID", func(t *testing.T) {
|
|
t.Cleanup(func() {
|
|
sessCache = map[string]envelope{}
|
|
})
|
|
|
|
const roleARN = "test"
|
|
const externalID = "external"
|
|
|
|
e := newExecutor(nil)
|
|
e.DataSource = fakeDataSource(fakeDataSourceCfg{
|
|
assumeRoleARN: roleARN,
|
|
externalID: externalID,
|
|
})
|
|
|
|
sess, err := e.newSession(defaultRegion)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, sess)
|
|
|
|
expCreds := credentials.NewCredentials(&stscreds.AssumeRoleProvider{
|
|
RoleARN: roleARN,
|
|
ExternalID: aws.String(externalID),
|
|
Duration: duration,
|
|
})
|
|
diff := cmp.Diff(expCreds, sess.Config.Credentials, cmp.Exporter(func(_ reflect.Type) bool {
|
|
return true
|
|
}), cmpopts.IgnoreFields(stscreds.AssumeRoleProvider{}, "Expiry"))
|
|
assert.Empty(t, diff)
|
|
})
|
|
}
|