(t *testing.T)
| 369 | } |
| 370 | |
| 371 | func TestStsCn(t *testing.T) { |
| 372 | server := initStsTestServer("2014-12-16T01:51:37Z") |
| 373 | defer server.Close() |
| 374 | p := &IAM{ |
| 375 | Endpoint: server.URL, |
| 376 | } |
| 377 | |
| 378 | f, err := os.CreateTemp(t.TempDir(), "minio-go") |
| 379 | if err != nil { |
| 380 | t.Errorf("Unexpected failure %s", err) |
| 381 | } |
| 382 | defer os.Remove(f.Name()) |
| 383 | f.Write([]byte("token")) |
| 384 | f.Close() |
| 385 | |
| 386 | t.Setenv("AWS_REGION", "cn-northwest-1") |
| 387 | t.Setenv("AWS_WEB_IDENTITY_TOKEN_FILE", f.Name()) |
| 388 | t.Setenv("AWS_ROLE_ARN", "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1") |
| 389 | creds, err := p.RetrieveWithCredContext(defaultCredContext) |
| 390 | os.Unsetenv("AWS_WEB_IDENTITY_TOKEN_FILE") |
| 391 | os.Unsetenv("AWS_ROLE_ARN") |
| 392 | if err != nil { |
| 393 | t.Errorf("Unexpected failure %s", err) |
| 394 | } |
| 395 | if creds.AccessKeyID != "accessKey" { |
| 396 | t.Errorf("Expected \"accessKey\", got %s", creds.AccessKeyID) |
| 397 | } |
| 398 | |
| 399 | if creds.SecretAccessKey != "secret" { |
| 400 | t.Errorf("Expected \"secret\", got %s", creds.SecretAccessKey) |
| 401 | } |
| 402 | |
| 403 | if creds.SessionToken != "token" { |
| 404 | t.Errorf("Expected \"token\", got %s", creds.SessionToken) |
| 405 | } |
| 406 | |
| 407 | if !p.IsExpired() { |
| 408 | t.Error("Expected creds to be expired.") |
| 409 | } |
| 410 | } |
| 411 | |
| 412 | func TestIMDSv1Blocked(t *testing.T) { |
| 413 | server := initIMDSv2Server("2014-12-16T01:51:37Z", false) |
nothing calls this directly
no test coverage detected