Documentation ¶
Index ¶
- Constants
- Variables
- func AwsMetadataApiMock(responses []*MetadataResponse) func()
- func EcsCredentialsApiMock() func()
- func InitSessionTestEnv() (oldEnv []string)
- func InvalidEC2MetadataEndpoint() func()
- func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server
- func PopEnv(env []string)
- func SetEnv(s string, t *testing.T) func()
- func StashEnv() []string
- func TempPEMFile() (string, error)
- func UnsetEnv(t *testing.T) func()
- type MetadataResponse
- type MockEndpoint
- type MockRequest
- type MockResponse
Constants ¶
const ( MockEc2MetadataAccessKey = `Ec2MetadataAccessKey` MockEc2MetadataSecretKey = `Ec2MetadataSecretKey` MockEc2MetadataSessionToken = `Ec2MetadataSessionToken` MockEcsCredentialsAccessKey = `EcsCredentialsAccessKey` MockEcsCredentialsSecretKey = `EcsCredentialsSecretKey` MockEcsCredentialsSessionToken = `EcsCredentialsSessionToken` MockEnvAccessKey = `EnvAccessKey` MockEnvSecretKey = `EnvSecretKey` MockEnvSessionToken = `EnvSessionToken` MockStaticAccessKey = `StaticAccessKey` MockStaticSecretKey = `StaticSecretKey` MockStsAssumeRoleAccessKey = `AssumeRoleAccessKey` MockStsAssumeRoleArn = `arn:aws:iam::555555555555:role/AssumeRole` MockStsAssumeRoleExternalId = `AssumeRoleExternalId` MockStsAssumeRoleInvalidResponseBodyInvalidClientTokenId = `` /* 293-byte string literal not displayed */ MockStsAssumeRolePolicy = `{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "*", "Resource": "*", } }` MockStsAssumeRolePolicyArn = `arn:aws:iam::555555555555:policy/AssumeRolePolicy1` MockStsAssumeRoleSecretKey = `AssumeRoleSecretKey` MockStsAssumeRoleSessionName = `AssumeRoleSessionName` MockStsAssumeRoleSessionToken = `AssumeRoleSessionToken` MockStsAssumeRoleTagKey = `AssumeRoleTagKey` MockStsAssumeRoleTagValue = `AssumeRoleTagValue` MockStsAssumeRoleTransitiveTagKey = `AssumeRoleTagKey` MockStsAssumeRoleValidResponseBody = `` /* 677-byte string literal not displayed */ MockStsAssumeRoleWithWebIdentityAccessKey = `AssumeRoleWithWebIdentityAccessKey` MockStsAssumeRoleWithWebIdentityArn = `arn:aws:iam::666666666666:role/WebIdentityToken` MockStsAssumeRoleWithWebIdentitySecretKey = `AssumeRoleWithWebIdentitySecretKey` MockStsAssumeRoleWithWebIdentitySessionName = `AssumeRoleWithWebIdentitySessionName` MockStsAssumeRoleWithWebIdentitySessionToken = `AssumeRoleWithWebIdentitySessionToken` MockStsAssumeRoleWithWebIdentityValidResponseBody = `` /* 1046-byte string literal not displayed */ MockStsGetCallerIdentityAccountID = `222222222222` MockStsGetCallerIdentityInvalidResponseBodyAccessDenied = `` /* 323-byte string literal not displayed */ MockStsGetCallerIdentityPartition = `aws` MockStsGetCallerIdentityValidResponseBody = `` /* 400-byte string literal not displayed */ MockStsGetCallerIdentityValidAssumedRoleResponseBody = `` /* 447-byte string literal not displayed */ MockWebIdentityToken = `WebIdentityToken` )
const Ec2metadata_iamInfoEndpoint_expectedAccountID = `000000000000`
const Ec2metadata_iamInfoEndpoint_expectedPartition = `aws`
const IamResponse_GetUser_federatedFailure = `` /* 305-byte string literal not displayed */
const IamResponse_GetUser_valid = `` /* 575-byte string literal not displayed */
const IamResponse_GetUser_valid_expectedAccountID = `111111111111`
const IamResponse_GetUser_valid_expectedPartition = `aws`
const IamResponse_ListRoles_valid = `` /* 927-byte string literal not displayed */
const IamResponse_ListRoles_valid_expectedAccountID = `444444444444`
const IamResponse_ListRoles_valid_expectedPartition = `aws`
Variables ¶
var ( MockStsAssumeRoleInvalidEndpointInvalidClientTokenId = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, "RoleArn": []string{MockStsAssumeRoleArn}, "RoleSessionName": []string{MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsAssumeRoleInvalidResponseBodyInvalidClientTokenId, ContentType: "text/xml", StatusCode: http.StatusForbidden, }, } MockStsAssumeRoleValidEndpoint = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"AssumeRole"}, "DurationSeconds": []string{"900"}, "RoleArn": []string{MockStsAssumeRoleArn}, "RoleSessionName": []string{MockStsAssumeRoleSessionName}, "Version": []string{"2011-06-15"}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsAssumeRoleValidResponseBody, ContentType: "text/xml", StatusCode: http.StatusOK, }, } MockStsAssumeRoleWithWebIdentityValidEndpoint = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"AssumeRoleWithWebIdentity"}, "RoleArn": []string{MockStsAssumeRoleWithWebIdentityArn}, "RoleSessionName": []string{MockStsAssumeRoleWithWebIdentitySessionName}, "Version": []string{"2011-06-15"}, "WebIdentityToken": []string{MockWebIdentityToken}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsAssumeRoleWithWebIdentityValidResponseBody, ContentType: "text/xml", StatusCode: http.StatusOK, }, } MockStsGetCallerIdentityInvalidEndpointAccessDenied = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"GetCallerIdentity"}, "Version": []string{"2011-06-15"}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsGetCallerIdentityInvalidResponseBodyAccessDenied, ContentType: "text/xml", StatusCode: http.StatusForbidden, }, } MockStsGetCallerIdentityValidEndpoint = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"GetCallerIdentity"}, "Version": []string{"2011-06-15"}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsGetCallerIdentityValidResponseBody, ContentType: "text/xml", StatusCode: http.StatusOK, }, } MockStsGetCallerIdentityValidAssumedRoleEndpoint = &MockEndpoint{ Request: &MockRequest{ Body: url.Values{ "Action": []string{"GetCallerIdentity"}, "Version": []string{"2011-06-15"}, }.Encode(), Method: http.MethodPost, Uri: "/", }, Response: &MockResponse{ Body: MockStsGetCallerIdentityValidAssumedRoleResponseBody, ContentType: "text/xml", StatusCode: http.StatusOK, }, } )
var Ec2metadata_iamInfoEndpoint = &MetadataResponse{
Uri: "/latest/meta-data/iam/info",
Body: `{
"Code": "Success",
"LastUpdated": "2016-03-17T12:27:32Z",
"InstanceProfileArn": "arn:aws:iam::000000000000:instance-profile/my-instance-profile",
"InstanceProfileId": "AIPAABCDEFGHIJKLMN123"
}`,
}
var Ec2metadata_instanceIdEndpoint = &MetadataResponse{
Uri: "/latest/meta-data/instance-id",
Body: "mock-instance-id",
}
var Ec2metadata_securityCredentialsEndpoints = []*MetadataResponse{
{
Uri: "/latest/api/token",
Body: "Ec2MetadataApiToken",
},
{
Uri: "/latest/meta-data/iam/security-credentials/",
Body: "test_role",
},
{
Uri: "/latest/meta-data/iam/security-credentials/test_role",
Body: `{
"Code": "Success",
"LastUpdated": "2015-12-11T17:17:25Z",
"Type": "AWS-HMAC",
"AccessKeyId": "Ec2MetadataAccessKey",
"SecretAccessKey": "Ec2MetadataSecretKey",
"Token": "Ec2MetadataSessionToken"
}`,
},
}
var ( // TLSBundleCA ca.crt TLSBundleCA = []byte(`-----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIJAJ5X1olt05XjMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNV BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD QTAeFw0xNzAzMDkwMDAyMDZaFw0yNzAzMDcwMDAyMDZaMDgxCzAJBgNVBAYTAkdP MQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBDQTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw/8DN+t9XQR60jx42rsQ2WE2Dx85rb3n GQxnKZZLNddsT8rDyxJNP18aFalbRbFlyln5fxWxZIblu9Xkm/HRhOpbSimSqo1y uDx21NVZ1YsOvXpHby71jx3gPrrhSc/t/zikhi++6D/C6m1CiIGuiJ0GBiJxtrub UBMXT0QtI2ECAwEAAaOBmjCBlzAdBgNVHQ4EFgQU8XG3X/YHBA6T04kdEkq6+4GV YykwaAYDVR0jBGEwX4AU8XG3X/YHBA6T04kdEkq6+4GVYymhPKQ6MDgxCzAJBgNV BAYTAkdPMQ8wDQYDVQQIEwZHb3BoZXIxGDAWBgNVBAoTD1Rlc3RpbmcgUk9PVCBD QYIJAJ5X1olt05XjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAeILv z49+uxmPcfOZzonuOloRcpdvyjiXblYxbzz6ch8GsE7Q886FTZbvwbgLhzdwSVgG G8WHkodDUsymVepdqAamS3f8PdCUk8xIk9mop8LgaB9Ns0/TssxDvMr3sOD2Grb3 xyWymTWMcj6uCiEBKtnUp4rPiefcvCRYZ17/hLE= -----END CERTIFICATE----- `) )
Functions ¶
func AwsMetadataApiMock ¶
func AwsMetadataApiMock(responses []*MetadataResponse) func()
AwsMetadataApiMock establishes a httptest server to mock out the internal AWS Metadata service. IAM Credentials are retrieved by the EC2RoleProvider, which makes API calls to this internal URL. By replacing the server with a test server, we can simulate an AWS environment
func EcsCredentialsApiMock ¶
func EcsCredentialsApiMock() func()
EcsCredentialsApiMock establishes a httptest server to mock out the ECS credentials API.
func InitSessionTestEnv ¶
func InitSessionTestEnv() (oldEnv []string)
func InvalidEC2MetadataEndpoint ¶
func InvalidEC2MetadataEndpoint() func()
InvalidEC2MetadataEndpoint establishes a httptest server to simulate behaviour when endpoint doesn't respond as expected
func MockAwsApiServer ¶
func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server
MockAwsApiServer establishes a httptest server to simulate behaviour of a real AWS API server
func TempPEMFile ¶
Types ¶
type MetadataResponse ¶
MetadataResponse represents a metadata server response URI and body
func Ec2metadata_instanceIdentityEndpoint ¶
func Ec2metadata_instanceIdentityEndpoint(region string) *MetadataResponse
type MockEndpoint ¶
type MockEndpoint struct { Request *MockRequest Response *MockResponse }
MockEndpoint represents a basic request and response that can be used for creating simple httptest server routes.
func MockStsAssumeRoleValidEndpointWithOptions ¶
func MockStsAssumeRoleValidEndpointWithOptions(options map[string]string) *MockEndpoint
MockStsAssumeRoleValidEndpointWithOptions returns a valid STS AssumeRole response with configurable request options.
type MockRequest ¶
MockRequest represents a basic HTTP request
type MockResponse ¶
MockResponse represents a basic HTTP response.