Skip to content

Commit fbd5e4b

Browse files
yenfryherrerafelizyenfryherrerafeliz
committed
test: add STS test cases for resolving accountId
1 parent 9d5f0c8 commit fbd5e4b

File tree

1 file changed

+261
-0
lines changed

1 file changed

+261
-0
lines changed

tests/AccountIdEndpointSupport/SourceAccountIdEndpointTest.php

+261
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,261 @@
1+
<?php
2+
3+
namespace Aws\Test\AccountIdEndpointSupport;
4+
5+
use Aws\Credentials\CredentialProvider;
6+
use Aws\Credentials\Credentials;
7+
use AWS\CRT\Auth\CredentialsProvider;
8+
use Aws\Exception\CredentialsException;
9+
use Aws\Result;
10+
use Aws\Sts\StsClient;
11+
use GuzzleHttp\Promise\Create;
12+
use PHPUnit\Framework\TestCase;
13+
14+
class SourceAccountIdEndpointTest extends TestCase
15+
{
16+
17+
private $deferredFns = [];
18+
19+
public function tearDown(): void
20+
{
21+
foreach ($this->deferredFns as $deferredFn) {
22+
$deferredFn();
23+
}
24+
25+
$this->deferredFns = [];
26+
}
27+
28+
/**
29+
* @dataProvider stsDataProvider
30+
* @param $operation
31+
* @param $response
32+
* @param $expected
33+
* @return void
34+
*/
35+
public function testStsCredentialProviders($operation, $response, $expected)
36+
{
37+
$stsClient = $this->getMockBuilder(StsClient::class)
38+
-> disableOriginalConstructor()
39+
-> onlyMethods(['__call'])
40+
-> getMock();
41+
$stsClient->method('__call')
42+
-> willReturnCallback(function ($callOperation) use ($operation, $response) {
43+
if (($callOperation === $operation . 'Async')) {
44+
return Create::promiseFor(
45+
new Result(
46+
$response
47+
)
48+
);
49+
}
50+
51+
if (($callOperation === $operation)) {
52+
return new Result(
53+
$response
54+
);
55+
}
56+
57+
return null;
58+
});
59+
60+
$provider = null;
61+
switch ($operation) {
62+
case 'assumeRole':
63+
$params = [
64+
'client' => $stsClient,
65+
'assume_role_params' => [
66+
'RoleArn' => 'arn:aws:sts::123456789001:assumed-role/test-role/Name',
67+
'RoleSessionName' => 'TestSession'
68+
]
69+
];
70+
$provider = CredentialProvider::assumeRole($params);
71+
break;
72+
case 'assumeRoleWithSAML':
73+
$provider = function () use($stsClient) {
74+
$params = [
75+
'RoleArn' => 'arn:aws:sts::123456789001:assumed-role/test-role/Name',
76+
'PrincipalArn' => 'arn:aws:sts::123456789001:assumed-role/test-role/Name',
77+
'SAMLAssertion' => 'VGhpcyBpcyBhIHRlc3QgYXNzZXJ0aW9u'
78+
];
79+
80+
return $stsClient->assumeRoleWithSAMLAsync($params)
81+
-> then(function (Result $result) use ($stsClient) {
82+
return $stsClient->createCredentials($result);
83+
}) -> otherwise(function (\RuntimeException $exception) {
84+
throw new CredentialsException(
85+
"Error in retrieving assume role credentials.",
86+
0,
87+
$exception
88+
);
89+
});
90+
};
91+
break;
92+
case 'assumeRoleWithWebIdentity':
93+
$tokenPath = $this->createTestWebIdentityToken();
94+
$this->putEnv([
95+
CredentialProvider::ENV_ARN => 'arn:aws:sts::123456789001:assumed-role/test-role/Name',
96+
CredentialProvider::ENV_ROLE_SESSION_NAME => 'TestSession',
97+
CredentialProvider::ENV_TOKEN_FILE => $tokenPath
98+
]);
99+
$params = [
100+
'stsClient' => $stsClient,
101+
'region' => 'us-east-1'
102+
];
103+
$provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider($params);
104+
break;
105+
case 'getFederationToken':
106+
$provider = function () use ($stsClient) {
107+
$params = [
108+
'Name' => 'TestUserName'
109+
];
110+
111+
return $stsClient->getFederationTokenAsync($params)
112+
-> then(function (Result $result) use ($stsClient) {
113+
return $stsClient->createCredentials($result);
114+
}) -> otherwise(function (\RuntimeException $exception) {
115+
throw new CredentialsException(
116+
"Error in retrieving assume role credentials.",
117+
0,
118+
$exception
119+
);
120+
});
121+
};
122+
break;
123+
default:
124+
self::fail("Unrecognized operation `$operation` for testing");
125+
}
126+
127+
$response = $provider()->wait();
128+
$expected = $this->normalizeExpectedResponse($expected);
129+
130+
self::assertSame($expected->toArray(), $response->toArray());
131+
}
132+
133+
public function stsDataProvider(): array
134+
{
135+
return [
136+
'Sts::AssumeRole' => [
137+
'operation' => 'assumeRole',
138+
'response' => [
139+
"AssumedRoleUser" => [
140+
"AssumedRoleId" => "roleId",
141+
"Arn" => "arn:aws:sts::123456789001:assumed-role/assume-role-integration-test-role/Name"
142+
],
143+
"Credentials" => [
144+
"AccessKeyId" => "foo",
145+
"SecretAccessKey" => "bar",
146+
"SessionToken" => "baz"
147+
]
148+
],
149+
'expected' => [
150+
"accountId" => "123456789001",
151+
"accessKeyId" => "foo",
152+
"secretAccessKey" => "bar",
153+
"sessionToken" => "baz"
154+
]
155+
],
156+
'Sts::AssumeRoleWithSaml' => [
157+
'operation' => 'assumeRoleWithSAML',
158+
'response' => [
159+
"AssumedRoleUser" => [
160+
"AssumedRoleId" => "roleId",
161+
"Arn" => "arn:aws:sts::123456789001:assumed-role/assume-role-integration-test-role/Name"
162+
],
163+
"Credentials" => [
164+
"AccessKeyId" => "foo",
165+
"SecretAccessKey" => "bar",
166+
"SessionToken" => "baz"
167+
]
168+
],
169+
'expected' => [
170+
"accountId" => "123456789001",
171+
"accessKeyId" => "foo",
172+
"secretAccessKey" => "bar",
173+
"sessionToken" => "baz"
174+
]
175+
],
176+
'Sts::AssumeRoleWithWebIdentity' => [
177+
'operation' => 'assumeRoleWithWebIdentity',
178+
'response' => [
179+
"AssumedRoleUser" => [
180+
"AssumedRoleId" => "roleId",
181+
"Arn" => "arn:aws:sts::123456789001:assumed-role/assume-role-integration-test-role/Name"
182+
],
183+
"Credentials" => [
184+
"AccessKeyId" => "foo",
185+
"SecretAccessKey" => "bar",
186+
"SessionToken" => "baz"
187+
]
188+
],
189+
'expected' => [
190+
"accountId" => "123456789001",
191+
"accessKeyId" => "foo",
192+
"secretAccessKey" => "bar",
193+
"sessionToken" => "baz"
194+
]
195+
],
196+
'Sts::GetFederationToken' => [
197+
'operation' => 'getFederationToken',
198+
'response' => [
199+
"FederatedUser" => [
200+
"FederatedUserId" => "roleId",
201+
"Arn" => "arn:aws:sts::123456789001:assumed-role/assume-role-integration-test-role/Name"
202+
],
203+
"Credentials" => [
204+
"AccessKeyId" => "foo",
205+
"SecretAccessKey" => "bar",
206+
"SessionToken" => "baz"
207+
]
208+
],
209+
'expected' => [
210+
"accountId" => "123456789001",
211+
"accessKeyId" => "foo",
212+
"secretAccessKey" => "bar",
213+
"sessionToken" => "baz"
214+
]
215+
],
216+
];
217+
}
218+
219+
private function normalizeExpectedResponse($expected): Credentials
220+
{
221+
return new Credentials(
222+
$expected['accessKeyId'] ?? null,
223+
$expected['secretAccessKey'] ?? null,
224+
$expected['sessionToken'] ?? null,
225+
$expected['expires'] ?? null,
226+
$expected['accountId'] ?? null
227+
);
228+
}
229+
230+
/**
231+
* @param array $envValues
232+
* @return void
233+
*/
234+
private function putEnv(array $envValues): void
235+
{
236+
foreach ($envValues as $key => $value) {
237+
$currentValue = getenv($key);
238+
$deferFn = function () use ($key, $currentValue) {
239+
if (!empty($currentValue)) {
240+
putenv($key.'='.$currentValue);
241+
}
242+
};
243+
$this->deferredFns[] = $deferFn;
244+
245+
putenv($key.'='.$value);
246+
}
247+
}
248+
249+
private function createTestWebIdentityToken(): string
250+
{
251+
$dir = sys_get_temp_dir();
252+
$tokenPath = $dir . '/token';
253+
file_put_contents($tokenPath, 'token');
254+
$deferFn = function () use ($tokenPath) {
255+
unlink($tokenPath);
256+
};
257+
$this->deferredFns[] = $deferFn;
258+
259+
return $tokenPath;
260+
}
261+
}

0 commit comments

Comments
 (0)