TestFetchCreds verifies that fetchCreds() correctly handles individual credential sources. Each test only configures the specific source being validated.
(t *testing.T)
| 59 | // credential sources. Each test only configures the specific source being |
| 60 | // validated. |
| 61 | func TestFetchCreds(t *testing.T) { |
| 62 | cwd, err := os.Getwd() |
| 63 | assert.NoError(t, err) |
| 64 | |
| 65 | // Set up mock IAM endpoint once for all tests (for security and efficiency) |
| 66 | metadataSrv := httptest.NewServer(metadataMockedHandler(t)) |
| 67 | t.Cleanup(metadataSrv.Close) |
| 68 | |
| 69 | tests := []struct { |
| 70 | name string |
| 71 | access string |
| 72 | secret string |
| 73 | envs map[string]string |
| 74 | profile string |
| 75 | expected credentials.Value |
| 76 | }{ |
| 77 | { |
| 78 | name: "no-creds", |
| 79 | // anonymous access is the last in the chain of fetchCreds, |
| 80 | // so we need to set an invalid endpoint to prevent IAM access |
| 81 | envs: map[string]string{ |
| 82 | "TEST_IAM_ENDPOINT": "http://invalid-endpoint-to-prevent-iam-access:9999", |
| 83 | }, |
| 84 | expected: credentials.Value{ |
| 85 | SignerType: credentials.SignatureAnonymous, |
| 86 | }, |
| 87 | }, |
| 88 | { |
| 89 | name: "aws-env", |
| 90 | envs: map[string]string{ |
| 91 | "AWS_ACCESS_KEY_ID": defaultAccessKey, |
| 92 | "AWS_SECRET_ACCESS_KEY": defaultSecretKey, |
| 93 | }, |
| 94 | expected: credentials.Value{ |
| 95 | AccessKeyID: defaultAccessKey, |
| 96 | SecretAccessKey: defaultSecretKey, |
| 97 | SignerType: credentials.SignatureV4, |
| 98 | }, |
| 99 | }, |
| 100 | { |
| 101 | name: "aws-static", |
| 102 | access: defaultAccessKey, |
| 103 | secret: defaultSecretKey, |
| 104 | expected: credentials.Value{ |
| 105 | AccessKeyID: defaultAccessKey, |
| 106 | SecretAccessKey: defaultSecretKey, |
| 107 | SignerType: credentials.SignatureDefault, |
| 108 | }, |
| 109 | }, |
| 110 | { |
| 111 | name: "minio-env", |
| 112 | envs: map[string]string{ |
| 113 | "MINIO_ACCESS_KEY": defaultAccessKey, |
| 114 | "MINIO_SECRET_KEY": defaultSecretKey, |
| 115 | }, |
| 116 | expected: credentials.Value{ |
| 117 | AccessKeyID: defaultAccessKey, |
| 118 | SecretAccessKey: defaultSecretKey, |
nothing calls this directly
no test coverage detected