diff --git a/aws_config_test.go b/aws_config_test.go index fd9b4f47..7a23af6f 100644 --- a/aws_config_test.go +++ b/aws_config_test.go @@ -91,6 +91,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -156,6 +157,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -175,6 +177,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -194,6 +197,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -213,6 +217,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -234,6 +239,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -256,6 +262,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -275,6 +282,7 @@ func TestGetAwsConfig(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -402,6 +410,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -552,6 +561,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -599,6 +609,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -628,6 +639,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -647,6 +659,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -663,8 +676,10 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -1052,7 +1067,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey } } - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -1133,6 +1148,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey if expected, actual := testCase.ExpectedRegion, awsConfig.Region; expected != actual { t.Fatalf("expected region (%s), got: %s", expected, actual) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2391,6 +2411,7 @@ func TestAssumeRole(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -2434,6 +2455,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -2450,6 +2472,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2466,6 +2489,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2489,7 +2513,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey oldEnv := servicemocks.InitSessionTestEnv() defer servicemocks.PopEnv(oldEnv) - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -2545,6 +2569,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(aws.Credentials{}, "Expires")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2573,6 +2602,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2587,6 +2617,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2602,6 +2633,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2648,6 +2680,7 @@ role_session_name = %[2]s ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2701,6 +2734,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2716,6 +2750,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2731,6 +2766,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2768,7 +2804,7 @@ web_identity_token_file = no-such-file os.Setenv(k, v) } - closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, _, stsEndpoint := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() testCase.Config.StsEndpoint = stsEndpoint @@ -2861,6 +2897,11 @@ web_identity_token_file = no-such-file if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(aws.Credentials{}, "Expires")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2886,6 +2927,7 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { expectedAcctID: "222222222222", expectedPartition: "aws", mockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, + servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, { @@ -2925,6 +2967,8 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { expectedAcctID: "555555555555", expectedPartition: "aws", mockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, }, }, @@ -2934,7 +2978,7 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { tc := testCase t.Run(tc.desc, func(t *testing.T) { - ts := servicemocks.MockAwsApiServer("STS", tc.mockStsEndpoints) + ts := servicemocks.MockAwsApiServer("STS", &tc.mockStsEndpoints) defer ts.Close() tc.config.StsEndpoint = ts.URL @@ -2963,6 +3007,11 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) { if part != tc.expectedPartition { t.Errorf("expected partition (%s), got: %s", tc.expectedPartition, part) } + + numMockStsEndpoints := len(tc.mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -3280,9 +3329,11 @@ func TestLogger(t *testing.T) { SecretKey: servicemocks.MockStaticSecretKey, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + servicemocks.MockStsGetCallerIdentityValidEndpoint, + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() config.StsEndpoint = ts.URL @@ -3319,4 +3370,9 @@ func TestLogger(t *testing.T) { t.Errorf("GetAwsAccountIDAndPartition: line %d: expected module %q, got %q", i+1, e, a) } } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } diff --git a/awsauth_test.go b/awsauth_test.go index 15492cfc..90a1a5df 100644 --- a/awsauth_test.go +++ b/awsauth_test.go @@ -30,26 +30,15 @@ func TestGetAccountIDAndPartition(t *testing.T) { Description: "EC2 Metadata over iam:GetUser when using EC2 Instance Profile", AuthProviderName: ec2rolecreds.ProviderName, EC2MetadataEndpoints: append(servicemocks.Ec2metadata_securityCredentialsEndpoints, servicemocks.Ec2metadata_instanceIdEndpoint, servicemocks.Ec2metadata_iamInfoEndpoint), - - IAMEndpoints: []*servicemocks.MockEndpoint{ - { - Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"}, - Response: &servicemocks.MockResponse{StatusCode: http.StatusOK, Body: servicemocks.IamResponse_GetUser_valid, ContentType: "text/xml"}, - }, - }, - ExpectedAccountID: servicemocks.Ec2metadata_iamInfoEndpoint_expectedAccountID, - ExpectedPartition: servicemocks.Ec2metadata_iamInfoEndpoint_expectedPartition, + IAMEndpoints: []*servicemocks.MockEndpoint{}, + ExpectedAccountID: servicemocks.Ec2metadata_iamInfoEndpoint_expectedAccountID, + ExpectedPartition: servicemocks.Ec2metadata_iamInfoEndpoint_expectedPartition, }, { Description: "Mimic the metadata service mocked by Hologram (https://github.com/AdRoll/hologram)", AuthProviderName: ec2rolecreds.ProviderName, EC2MetadataEndpoints: servicemocks.Ec2metadata_securityCredentialsEndpoints, - IAMEndpoints: []*servicemocks.MockEndpoint{ - { - Request: &servicemocks.MockRequest{Method: "POST", Uri: "/", Body: "Action=GetUser&Version=2010-05-08"}, - Response: &servicemocks.MockResponse{StatusCode: http.StatusForbidden, Body: servicemocks.IamResponse_GetUser_unauthorized, ContentType: "text/xml"}, - }, - }, + IAMEndpoints: []*servicemocks.MockEndpoint{}, STSEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -123,10 +112,10 @@ func TestGetAccountIDAndPartition(t *testing.T) { awsTs := servicemocks.AwsMetadataApiMock(testCase.EC2MetadataEndpoints) defer awsTs() - closeIam, iamConfig, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.IAMEndpoints) + closeIam, iamConfig, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.IAMEndpoints) defer closeIam() - closeSts, stsConfig, _ := mockdata.GetMockedAwsApiSession("STS", testCase.STSEndpoints) + closeSts, stsConfig, _ := mockdata.GetMockedAwsApiSession("STS", &testCase.STSEndpoints) defer closeSts() iamConn := iam.NewFromConfig(iamConfig) @@ -145,6 +134,15 @@ func TestGetAccountIDAndPartition(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.IAMEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } + numMockStsEndpoints := len(testCase.STSEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock STS endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -224,7 +222,7 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.MockEndpoints) + closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.MockEndpoints) defer closeIam() iamClient := iam.NewFromConfig(config) @@ -242,6 +240,11 @@ func TestGetAccountIDAndPartitionFromIAMGetUser(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } @@ -283,7 +286,7 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", testCase.MockEndpoints) + closeIam, config, _ := mockdata.GetMockedAwsApiSession("IAM", &testCase.MockEndpoints) defer closeIam() iamClient := iam.NewFromConfig(config) @@ -301,6 +304,11 @@ func TestGetAccountIDAndPartitionFromIAMListRoles(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } @@ -378,7 +386,7 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) { t.Run(testCase.Description, func(t *testing.T) { ctx := test.Context(t) - closeSts, config, _ := mockdata.GetMockedAwsApiSession("STS", testCase.MockEndpoints) + closeSts, config, _ := mockdata.GetMockedAwsApiSession("STS", &testCase.MockEndpoints) defer closeSts() stsClient := sts.NewFromConfig(config) @@ -396,6 +404,11 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) { if partition != testCase.ExpectedPartition { t.Fatalf("Parsed partition doesn't match with expected (%q != %q)", partition, testCase.ExpectedPartition) } + + numMockIamEndpoints := len(testCase.MockEndpoints) + if numMockIamEndpoints > 0 { + t.Fatalf("expected all mock IAM endpoints exhausted, remaining: %d", numMockIamEndpoints) + } }) } } diff --git a/credentials_test.go b/credentials_test.go index 16d27fd9..3116a8b0 100644 --- a/credentials_test.go +++ b/credentials_test.go @@ -213,10 +213,11 @@ func TestAWSGetCredentials_webIdentityToken(t *testing.T) { }, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, - servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, - }) + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() cfg.StsEndpoint = ts.URL @@ -235,6 +236,11 @@ func TestAWSGetCredentials_webIdentityToken(t *testing.T) { servicemocks.MockStsAssumeRoleWithWebIdentitySessionToken, stscreds.WebIdentityProviderName, t) testCredentialsProviderWrappedWithCache(creds, t) + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } func TestAWSGetCredentials_assumeRole(t *testing.T) { @@ -252,10 +258,11 @@ func TestAWSGetCredentials_assumeRole(t *testing.T) { }, } - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, - servicemocks.MockStsGetCallerIdentityValidAssumedRoleEndpoint, - }) + servicemocks.MockStsAssumeRoleValidEndpoint, + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() cfg.StsEndpoint = ts.URL @@ -274,6 +281,11 @@ func TestAWSGetCredentials_assumeRole(t *testing.T) { servicemocks.MockStsAssumeRoleSessionToken, stscreds.ProviderName, t) testCredentialsProviderWrappedWithCache(creds, t) + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } } var credentialsFileContentsEnv = `[myprofile] diff --git a/mockdata/mocks.go b/mockdata/mocks.go index 9932e3b7..6904d2b4 100644 --- a/mockdata/mocks.go +++ b/mockdata/mocks.go @@ -14,7 +14,7 @@ import ( ) // GetMockedAwsApiSession establishes an AWS session to a simulated AWS API server for a given service and route endpoints. -func GetMockedAwsApiSession(svcName string, endpoints []*servicemocks.MockEndpoint) (func(), aws.Config, string) { +func GetMockedAwsApiSession(svcName string, endpoints *[]*servicemocks.MockEndpoint) (func(), aws.Config, string) { ts := servicemocks.MockAwsApiServer(svcName, endpoints) sc := credentials.NewStaticCredentialsProvider("accessKey", "secretKey", "") diff --git a/servicemocks/mock.go b/servicemocks/mock.go index 804be234..b8226f63 100644 --- a/servicemocks/mock.go +++ b/servicemocks/mock.go @@ -400,7 +400,7 @@ var ( ) // MockAwsApiServer establishes a httptest server to simulate behaviour of a real AWS API server -func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server { +func MockAwsApiServer(svcName string, endpoints *[]*MockEndpoint) *httptest.Server { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { buf := new(bytes.Buffer) if _, err := buf.ReadFrom(r.Body); err != nil { @@ -413,19 +413,21 @@ func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Serve log.Printf("[DEBUG] Received %s API %q request to %q: %s", svcName, r.Method, r.RequestURI, requestBody) - for _, e := range endpoints { - if r.Method == e.Request.Method && r.RequestURI == e.Request.Uri && requestBody == e.Request.Body { - log.Printf("[DEBUG] Mocked %s API responding with %d: %s", - svcName, e.Response.StatusCode, e.Response.Body) + e := (*endpoints)[0] + log.Printf("[DEBUG2] checking endpoint: %s", e.Request.Body) + if r.Method == e.Request.Method && r.RequestURI == e.Request.Uri && requestBody == e.Request.Body { + log.Printf("[DEBUG] Mocked %s API responding with %d: %s", + svcName, e.Response.StatusCode, e.Response.Body) - w.WriteHeader(e.Response.StatusCode) - w.Header().Set("Content-Type", e.Response.ContentType) - w.Header().Set("X-Amzn-Requestid", "1b206dd1-f9a8-11e5-becf-051c60f11c4a") - w.Header().Set("Date", time.Now().Format(time.RFC1123)) + w.WriteHeader(e.Response.StatusCode) + w.Header().Set("Content-Type", e.Response.ContentType) + w.Header().Set("X-Amzn-Requestid", "1b206dd1-f9a8-11e5-becf-051c60f11c4a") + w.Header().Set("Date", time.Now().Format(time.RFC1123)) - fmt.Fprintln(w, e.Response.Body) - return - } + fmt.Fprintln(w, e.Response.Body) + + *endpoints = (*endpoints)[1:] + return } w.WriteHeader(http.StatusBadRequest) diff --git a/v2/awsv1shim/mockdata/mocks.go b/v2/awsv1shim/mockdata/mocks.go index 4872b693..9404fd0f 100644 --- a/v2/awsv1shim/mockdata/mocks.go +++ b/v2/awsv1shim/mockdata/mocks.go @@ -14,7 +14,7 @@ import ( ) // GetMockedAwsApiSession establishes an AWS session to a simulated AWS API server for a given service and route endpoints. -func GetMockedAwsApiSession(svcName string, endpoints []*servicemocks.MockEndpoint) (func(), *session.Session, error) { +func GetMockedAwsApiSession(svcName string, endpoints *[]*servicemocks.MockEndpoint) (func(), *session.Session, error) { ts := servicemocks.MockAwsApiServer(svcName, endpoints) sc := credentials.NewStaticCredentials("accessKey", "secretKey", "") diff --git a/v2/awsv1shim/session_test.go b/v2/awsv1shim/session_test.go index 80da6cd8..bb063d08 100644 --- a/v2/awsv1shim/session_test.go +++ b/v2/awsv1shim/session_test.go @@ -139,6 +139,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -158,6 +159,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -177,6 +179,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"ExternalId": servicemocks.MockStsAssumeRoleExternalId}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -196,6 +199,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": servicemocks.MockStsAssumeRolePolicy}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -215,6 +219,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"PolicyArns.member.1.arn": servicemocks.MockStsAssumeRolePolicyArn}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -236,6 +241,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -258,6 +264,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Tags.member.1.Key": servicemocks.MockStsAssumeRoleTagKey, "Tags.member.1.Value": servicemocks.MockStsAssumeRoleTagValue, "TransitiveTagKeys.member.1": servicemocks.MockStsAssumeRoleTagKey}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -277,6 +284,7 @@ func TestGetSession(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"SourceIdentity": servicemocks.MockStsAssumeRoleSourceIdentity}), servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -404,6 +412,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -554,6 +563,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -601,6 +611,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -630,6 +641,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -649,6 +661,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, }, @@ -666,6 +679,8 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey ExpectedRegion: "us-east-1", MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsAssumeRoleValidEndpoint, servicemocks.MockStsGetCallerIdentityValidEndpoint, }, @@ -1141,7 +1156,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey } } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -1238,6 +1253,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey if expected, actual := testCase.ExpectedRegion, aws.StringValue(actualSession.Config.Region); expected != actual { t.Fatalf("expected region (%s), got: %s", expected, actual) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -1538,9 +1558,8 @@ use_fips_endpoint = true os.Setenv(k, v) } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", []*servicemocks.MockEndpoint{ - servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + mockStsEndpoints := []*servicemocks.MockEndpoint{} + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &mockStsEndpoints) defer closeSts() if err != nil { @@ -1587,6 +1606,11 @@ use_fips_endpoint = true if e, a := testCase.ExpectedUseDualStackEndpoint, actualSession.Config.UseDualStackEndpoint; e != a { t.Errorf("expected UseDualStackEndpoint %q, got: %q", DualStackEndpointStateString(e), DualStackEndpointStateString(a)) } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -1831,6 +1855,7 @@ func TestAssumeRole(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -1874,6 +1899,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpoint, + servicemocks.MockStsAssumeRoleValidEndpoint, }, }, @@ -1890,6 +1916,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -1906,6 +1933,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleValidEndpointWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -1931,7 +1959,7 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey oldEnv := servicemocks.InitSessionTestEnv() defer servicemocks.PopEnv(oldEnv) - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -2005,6 +2033,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(credentials.Value{}, "ProviderName")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2033,6 +2066,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2047,6 +2081,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2062,6 +2097,7 @@ func TestAssumeRoleWithWebIdentity(t *testing.T) { ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2108,6 +2144,7 @@ role_session_name = %[2]s ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2161,6 +2198,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, + servicemocks.MockStsAssumeRoleWithWebIdentityValidEndpoint, }, }, @@ -2176,6 +2214,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"DurationSeconds": "3600"}), }, }, @@ -2191,6 +2230,7 @@ web_identity_token_file = no-such-file ExpectedCredentialsValue: mockdata.MockStsAssumeRoleWithWebIdentityCredentials, MockStsEndpoints: []*servicemocks.MockEndpoint{ servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), + servicemocks.MockStsAssumeRoleWithWebIdentityValidWithOptions(map[string]string{"Policy": "{}"}), }, }, @@ -2230,7 +2270,7 @@ web_identity_token_file = no-such-file os.Setenv(k, v) } - closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", testCase.MockStsEndpoints) + closeSts, mockStsSession, err := mockdata.GetMockedAwsApiSession("STS", &testCase.MockStsEndpoints) defer closeSts() if err != nil { @@ -2341,6 +2381,11 @@ web_identity_token_file = no-such-file if diff := cmp.Diff(credentialsValue, testCase.ExpectedCredentialsValue, cmpopts.IgnoreFields(credentials.Value{}, "ProviderName")); diff != "" { t.Fatalf("unexpected credentials: (- got, + expected)\n%s", diff) } + + numMockStsEndpoints := len(testCase.MockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Fatalf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }) } } @@ -2504,9 +2549,10 @@ func TestLogger(t *testing.T) { } // config.SkipCredsValidation = true - ts := servicemocks.MockAwsApiServer("STS", []*servicemocks.MockEndpoint{ + mockStsEndpoints := []*servicemocks.MockEndpoint{ servicemocks.MockStsGetCallerIdentityValidEndpoint, - }) + } + ts := servicemocks.MockAwsApiServer("STS", &mockStsEndpoints) defer ts.Close() config.StsEndpoint = ts.URL @@ -2539,4 +2585,9 @@ func TestLogger(t *testing.T) { t.Errorf("GetSession: line %d: expected module %q, got %q", i+1, e, a) } } + + numMockStsEndpoints := len(mockStsEndpoints) + if numMockStsEndpoints > 0 { + t.Errorf("expected all mock endpoints exhausted, remaining: %d", numMockStsEndpoints) + } }