(t *testing.T)
| 801 | } |
| 802 | |
| 803 | func metadataMockedHandler(t *testing.T) http.HandlerFunc { |
| 804 | cwd, err := os.Getwd() |
| 805 | require.NoError(t, err) |
| 806 | |
| 807 | return func(w http.ResponseWriter, r *http.Request) { |
| 808 | switch r.URL.String() { |
| 809 | case "/": |
| 810 | err := r.ParseForm() |
| 811 | require.NoError(t, err) |
| 812 | |
| 813 | if r.Form.Get("Action") != "AssumeRoleWithWebIdentity" { |
| 814 | w.WriteHeader(400) |
| 815 | } |
| 816 | |
| 817 | token, err := os.ReadFile(filepath.Join(cwd, "testdata/iam-token")) |
| 818 | require.NoError(t, err) |
| 819 | if r.Form.Get("WebIdentityToken") != string(token) { |
| 820 | w.WriteHeader(400) |
| 821 | } |
| 822 | |
| 823 | type xmlCreds struct { |
| 824 | AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"` |
| 825 | SecretKey string `xml:"SecretAccessKey" json:"secretKey,omitempty"` |
| 826 | Expiration time.Time `xml:"Expiration" json:"expiration,omitempty"` |
| 827 | SessionToken string `xml:"SessionToken" json:"sessionToken,omitempty"` |
| 828 | } |
| 829 | |
| 830 | assumeResponse := credentials.AssumeRoleWithWebIdentityResponse{ |
| 831 | Result: credentials.WebIdentityResult{ |
| 832 | Credentials: xmlCreds{ |
| 833 | AccessKey: defaultAccessKey, |
| 834 | SecretKey: defaultSecretKey, |
| 835 | }, |
| 836 | }, |
| 837 | } |
| 838 | |
| 839 | err1 := xml.NewEncoder(w).Encode(assumeResponse) |
| 840 | require.NoError(t, err1) |
| 841 | case "/latest/api/token": |
| 842 | // Check for X-aws-ec2-metadata-token-ttl-seconds request header |
| 843 | if r.Header.Get("X-aws-ec2-metadata-token-ttl-seconds") == "" { |
| 844 | w.WriteHeader(400) |
| 845 | } |
| 846 | |
| 847 | // Check X-aws-ec2-metadata-token-ttl-seconds is an integer |
| 848 | secondsInt, err := strconv.Atoi(r.Header.Get("X-aws-ec2-metadata-token-ttl-seconds")) |
| 849 | if err != nil { |
| 850 | w.WriteHeader(400) |
| 851 | } |
| 852 | |
| 853 | // Generate a token, 40 character string, base64 encoded |
| 854 | token := base64.StdEncoding.EncodeToString([]byte(RandStringBytesMaskImprSrc(40))) |
| 855 | |
| 856 | w.Header().Set("X-Aws-Ec2-Metadata-Token-Ttl-Seconds", strconv.Itoa(secondsInt)) |
| 857 | if _, err := w.Write([]byte(token)); err != nil { |
| 858 | require.NoError(t, err) |
| 859 | } |
| 860 | case "/latest/meta-data/iam/security-credentials/": |
no test coverage detected