mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
706c844423
This adds an aws-iam auth method type which supports authenticating to Consul using AWS IAM identities. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
158 lines
4.5 KiB
Go
158 lines
4.5 KiB
Go
package responses
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestParseArn(t *testing.T) {
|
|
cases := map[string]struct {
|
|
arn string
|
|
expArn *ParsedArn
|
|
}{
|
|
"assumed-role": {
|
|
arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "assumed-role",
|
|
Path: "",
|
|
FriendlyName: "my-role",
|
|
SessionInfo: "session-name",
|
|
},
|
|
},
|
|
"role": {
|
|
arn: "arn:aws:iam::000000000000:role/my-role",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "role",
|
|
Path: "",
|
|
FriendlyName: "my-role",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
"user": {
|
|
arn: "arn:aws:iam::000000000000:user/my-user",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "user",
|
|
Path: "",
|
|
FriendlyName: "my-user",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
"role with path": {
|
|
arn: "arn:aws:iam::000000000000:role/path/my-role",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "role",
|
|
Path: "path",
|
|
FriendlyName: "my-role",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
"role with path 2": {
|
|
arn: "arn:aws:iam::000000000000:role/path/to/my-role",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "role",
|
|
Path: "path/to",
|
|
FriendlyName: "my-role",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
"role with path 3": {
|
|
arn: "arn:aws:iam::000000000000:role/some/path/to/my-role",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "role",
|
|
Path: "some/path/to",
|
|
FriendlyName: "my-role",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
"user with path": {
|
|
arn: "arn:aws:iam::000000000000:user/path/my-user",
|
|
expArn: &ParsedArn{
|
|
Partition: "aws",
|
|
AccountNumber: "000000000000",
|
|
Type: "user",
|
|
Path: "path",
|
|
FriendlyName: "my-user",
|
|
SessionInfo: "",
|
|
},
|
|
},
|
|
|
|
// Invalid cases
|
|
"empty string": {arn: ""},
|
|
"wildcard": {arn: "*"},
|
|
"missing prefix": {arn: ":aws:sts::000000000000:assumed-role/my-role/session-name"},
|
|
"missing partition": {arn: "arn::sts::000000000000:assumed-role/my-role/session-name"},
|
|
"missing service": {arn: "arn:aws:::000000000000:assumed-role/my-role/session-name"},
|
|
"missing separator": {arn: "arn:aws:sts:000000000000:assumed-role/my-role/session-name"},
|
|
"missing account id": {arn: "arn:aws:sts:::assumed-role/my-role/session-name"},
|
|
"missing resource": {arn: "arn:aws:sts::000000000000:"},
|
|
"assumed-role missing parts": {arn: "arn:aws:sts::000000000000:assumed-role/my-role"},
|
|
"role missing parts": {arn: "arn:aws:sts::000000000000:role"},
|
|
"role missing parts 2": {arn: "arn:aws:sts::000000000000:role/"},
|
|
"user missing parts": {arn: "arn:aws:sts::000000000000:user"},
|
|
"user missing parts 2": {arn: "arn:aws:sts::000000000000:user/"},
|
|
"unsupported service": {arn: "arn:aws:ecs:us-east-1:000000000000:task/my-task/00000000000000000000000000000000"},
|
|
}
|
|
|
|
for name, c := range cases {
|
|
t.Run(name, func(t *testing.T) {
|
|
parsed, err := ParseArn(c.arn)
|
|
if c.expArn != nil {
|
|
require.NoError(t, err)
|
|
require.Equal(t, c.expArn, parsed)
|
|
} else {
|
|
require.Error(t, err)
|
|
require.Nil(t, parsed)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCanonicalArn(t *testing.T) {
|
|
cases := map[string]struct {
|
|
arn string
|
|
expArn string
|
|
}{
|
|
"assumed-role arn": {
|
|
arn: "arn:aws:sts::000000000000:assumed-role/my-role/session-name",
|
|
expArn: "arn:aws:iam::000000000000:role/my-role",
|
|
},
|
|
"role arn": {
|
|
arn: "arn:aws:iam::000000000000:role/my-role",
|
|
expArn: "arn:aws:iam::000000000000:role/my-role",
|
|
},
|
|
"role arn with path": {
|
|
arn: "arn:aws:iam::000000000000:role/path/to/my-role",
|
|
expArn: "arn:aws:iam::000000000000:role/my-role",
|
|
},
|
|
"user arn": {
|
|
arn: "arn:aws:iam::000000000000:user/my-user",
|
|
expArn: "arn:aws:iam::000000000000:user/my-user",
|
|
},
|
|
"user arn with path": {
|
|
arn: "arn:aws:iam::000000000000:user/path/to/my-user",
|
|
expArn: "arn:aws:iam::000000000000:user/my-user",
|
|
},
|
|
}
|
|
|
|
for name, c := range cases {
|
|
t.Run(name, func(t *testing.T) {
|
|
parsed, err := ParseArn(c.arn)
|
|
require.NoError(t, err)
|
|
require.Equal(t, c.expArn, parsed.CanonicalArn())
|
|
})
|
|
}
|
|
}
|