From f4787240d92363275a75f472bf1f3685b8eb340b Mon Sep 17 00:00:00 2001 From: Jaykumar Gosar Date: Mon, 2 Oct 2023 07:45:01 -0700 Subject: [PATCH] Add asserts to AwsExecutionContextBuilderTest to show current behavior --- .../AwsExecutionContextBuilderTest.java | 99 ++++++++++++++++++- 1 file changed, 94 insertions(+), 5 deletions(-) diff --git a/core/aws-core/src/test/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilderTest.java b/core/aws-core/src/test/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilderTest.java index 67ef23a8426c..339e97f379fa 100644 --- a/core/aws-core/src/test/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilderTest.java +++ b/core/aws-core/src/test/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilderTest.java @@ -31,7 +31,8 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; -import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; +import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration; import software.amazon.awssdk.awscore.client.config.AwsClientOption; import software.amazon.awssdk.core.SdkRequest; @@ -61,12 +62,21 @@ public class AwsExecutionContextBuilderTest { ExecutionInterceptor interceptor; @Mock - Signer defaultSigner, clientOverrideSigner; + AwsCredentialsProvider defaultCredentialsProvider; + + @Mock + Signer defaultSigner; + + @Mock + Signer clientOverrideSigner; @Before public void setUp() throws Exception { when(sdkRequest.overrideConfiguration()).thenReturn(Optional.empty()); when(interceptor.modifyRequest(any(), any())).thenReturn(sdkRequest); + when(defaultCredentialsProvider.resolveCredentials()).thenAnswer( + invocationOnMock -> AwsBasicCredentials.create("ak", "sk")); + } @Test @@ -101,17 +111,30 @@ public void verifyCoreExecutionAttributesTakePrecedence() { assertThat(executionContext.executionAttributes().getAttribute(SdkExecutionAttribute.SERVICE_NAME)).isEqualTo("DoNotOverrideService"); } + // // this is post SRA case. this is asserting that AuthorizationStrategy is not used. + // @Test + // public void verify_doesNotResolveIdentity_doesNotAssignSigner() { + // ExecutionContext executionContext = + // AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(clientExecutionParams(), + // testClientConfiguration().build()); + // + // assertThat(executionContext.signer()).isNull(); + // verify(defaultCredentialsProvider, times(0)).resolveCredentials(); + // } + + // pre SRA, AuthorizationStrategy would setup the signer and resolve identity. @Test - public void signing_ifNoOverrides_assignDefaultSigner() { + public void preSra_signing_ifNoOverrides_assignDefaultSigner_resolveIdentity() { ExecutionContext executionContext = AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(clientExecutionParams(), testClientConfiguration().build()); assertThat(executionContext.signer()).isEqualTo(defaultSigner); + verify(defaultCredentialsProvider, times(1)).resolveCredentials(); } @Test - public void signing_ifClientOverride_assignClientOverrideSigner() { + public void preSra_signing_ifClientOverride_assignClientOverrideSigner_resolveIdentity() { Optional overrideConfiguration = Optional.of(AwsRequestOverrideConfiguration.builder() .signer(clientOverrideSigner) .build()); @@ -122,6 +145,72 @@ public void signing_ifClientOverride_assignClientOverrideSigner() { testClientConfiguration().build()); assertThat(executionContext.signer()).isEqualTo(clientOverrideSigner); + verify(defaultCredentialsProvider, times(1)).resolveCredentials(); + } + + @Test + public void preSra_authTypeNone_doesNotAssignSigner_doesNotResolveIdentity() { + ExecutionAttributes executionAttributes = + ExecutionAttributes.builder() + // yes, our code would put false instead of true + .put(SdkInternalExecutionAttribute.IS_NONE_AUTH_TYPE_REQUEST, false) + .build(); + + SdkClientConfiguration clientConfig = testClientConfiguration() + .option(SdkClientOption.EXECUTION_ATTRIBUTES, executionAttributes) + .build(); + + ExecutionContext executionContext = + AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(clientExecutionParams(), + clientConfig); + + assertThat(executionContext.signer()).isNull(); + verify(defaultCredentialsProvider, times(0)).resolveCredentials(); + } + + @Test + public void preSra_authTypeNone_signerClientOverride_doesNotAssignSigner_doesNotResolveIdentity() { + ExecutionAttributes executionAttributes = + ExecutionAttributes.builder() + // yes, our code would put false instead of true + .put(SdkInternalExecutionAttribute.IS_NONE_AUTH_TYPE_REQUEST, false) + .put(SdkInternalExecutionAttribute.SIGNER_OVERRIDDEN, true) + .build(); + + SdkClientConfiguration clientConfig = testClientConfiguration() + .option(SdkClientOption.EXECUTION_ATTRIBUTES, executionAttributes) + .option(SdkAdvancedClientOption.SIGNER, this.clientOverrideSigner) + .build(); + + ExecutionContext executionContext = + AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(clientExecutionParams(), clientConfig); + + assertThat(executionContext.signer()).isNull(); + verify(defaultCredentialsProvider, times(0)).resolveCredentials(); + } + + @Test + public void preSra_authTypeNone_signerRequestOverride_doesNotAssignSigner_doesNotResolveIdentity() { + ExecutionAttributes executionAttributes = + ExecutionAttributes.builder() + // yes, our code would put false instead of true + .put(SdkInternalExecutionAttribute.IS_NONE_AUTH_TYPE_REQUEST, false) + .build(); + + SdkClientConfiguration clientConfig = testClientConfiguration() + .option(SdkClientOption.EXECUTION_ATTRIBUTES, executionAttributes) + .build(); + + Optional overrideConfiguration = Optional.of(AwsRequestOverrideConfiguration.builder() + .signer(clientOverrideSigner) + .build()); + when(sdkRequest.overrideConfiguration()).thenReturn(overrideConfiguration); + + ExecutionContext executionContext = + AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(clientExecutionParams(), clientConfig); + + assertThat(executionContext.signer()).isNull(); + verify(defaultCredentialsProvider, times(0)).resolveCredentials(); } @Test @@ -209,7 +298,7 @@ private SdkClientConfiguration.Builder testClientConfiguration() { return SdkClientConfiguration.builder() .option(SdkClientOption.EXECUTION_INTERCEPTORS, new ArrayList<>()) .option(SdkClientOption.EXECUTION_INTERCEPTORS, interceptorList) - .option(AwsClientOption.CREDENTIALS_PROVIDER, DefaultCredentialsProvider.create()) + .option(AwsClientOption.CREDENTIALS_PROVIDER, defaultCredentialsProvider) .option(SdkAdvancedClientOption.SIGNER, this.defaultSigner); } }