Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws: iam roles anywhere patch part 1 #38786

Open
wants to merge 38 commits into
base: main
Choose a base branch
from
Open

aws: iam roles anywhere patch part 1 #38786

Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
94bf911
more refactoring
nbaws Mar 1, 2025
8aa90cf
add dwyu
nbaws Mar 1, 2025
f039dcc
refactor
nbaws Mar 1, 2025
9397db0
finished refactor
nbaws Mar 2, 2025
896f17b
remove commented
nbaws Mar 2, 2025
0c8fc0e
update includes
nbaws Mar 2, 2025
ec51df0
update test cases
nbaws Mar 3, 2025
3a2c047
update test cases
nbaws Mar 3, 2025
56eceec
dwyu commit
nbaws Mar 5, 2025
0f23f99
update credential_provider_chains
nbaws Mar 5, 2025
ba7a1e9
update deps
nbaws Mar 6, 2025
d18330a
update tests
nbaws Mar 6, 2025
6c82f54
remove extraneous comments
nbaws Mar 6, 2025
1f28f19
fix logging
nbaws Mar 6, 2025
98a6a6d
more log statements
nbaws Mar 6, 2025
c88732c
coverage
nbaws Mar 7, 2025
ced9f29
remove working file
nbaws Mar 7, 2025
0772ec0
update tests
nbaws Mar 7, 2025
decf4a1
test leak
nbaws Mar 7, 2025
f0cabb8
test case coverage
nbaws Mar 7, 2025
1a44c4d
remove untestable code path
nbaws Mar 7, 2025
307ffc5
fix test cases
nbaws Mar 7, 2025
48e2ca1
format
nbaws Mar 7, 2025
e9e5645
format
nbaws Mar 7, 2025
bee28f3
remove comments
nbaws Mar 8, 2025
4e2ac1e
dedupe friend class
nbaws Mar 8, 2025
19a9031
revert key derivation change
nbaws Mar 10, 2025
794478f
stub key derivation
nbaws Mar 11, 2025
2568d6c
stub tests
nbaws Mar 11, 2025
b537f5d
fix stubbed test
nbaws Mar 11, 2025
208d812
fix test spacing
nbaws Mar 11, 2025
ace346f
missed a comment
nbaws Mar 11, 2025
e67d7cd
statusor change
nbaws Mar 11, 2025
79dc4cd
more coverage
nbaws Mar 12, 2025
1dc9a8b
more coverage
nbaws Mar 12, 2025
d29035a
signer base and x509 credentials
nbaws Mar 18, 2025
1e5a40e
merge main
nbaws Mar 18, 2025
a5cabc8
file naming
nbaws Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
more coverage 
Signed-off-by: Nigel Brittain <nbaws@amazon.com>
  • Loading branch information
@nbaws
nbaws committed Mar 12, 2025
commit 1dc9a8b90c483d39d468a22cc2ff2f7cec4384f2
37 changes: 37 additions & 0 deletions test/extensions/common/aws/credential_provider_chains_test.cc
View file
Original file line number Diff line number Diff line change
@@ -330,6 +330,43 @@ TEST_F(CustomCredentialsProviderChainTest, CreateWebIdentityCredentialProviderOn
server_context, region, cred_provider, factories);
}

TEST_F(CustomCredentialsProviderChainTest, WebIdentityNoEnvironmentSession) {
NiceMock<MockCustomCredentialsProviderChainFactories> factories;
NiceMock<Server::Configuration::MockServerFactoryContext> server_context;
Event::SimulatedTimeSystem time_system;

TestEnvironment::unsetEnvVar("AWS_ROLE_SESSION_NAME");
time_system.setSystemTime(std::chrono::milliseconds(1234567890));

auto region = "ap-southeast-2";
auto file_path = TestEnvironment::writeStringToFileForTest("credentials", "hello");

envoy::extensions::common::aws::v3::AwsCredentialProvider cred_provider = {};
cred_provider.mutable_assume_role_with_web_identity_provider()->set_role_arn("arn://1234");
cred_provider.mutable_assume_role_with_web_identity_provider()
->mutable_web_identity_token_data_source()
->set_filename(file_path);

EXPECT_CALL(factories, mockCreateCredentialsFileCredentialsProvider(Ref(server_context), _))
.Times(0);
std::string role_session_name;

EXPECT_CALL(factories, createWebIdentityCredentialsProvider(Ref(server_context), _, _, _))
.WillOnce(Invoke(WithArg<3>(
[&role_session_name](
const envoy::extensions::common::aws::v3::AssumeRoleWithWebIdentityCredentialProvider&
provider) -> CredentialsProviderSharedPtr {
role_session_name = provider.role_session_name();
return nullptr;
})));

auto chain = std::make_shared<Extensions::Common::Aws::CustomCredentialsProviderChain>(
server_context, region, cred_provider, factories);
// Role session name is equal to nanoseconds from the set simulated system time when environment
// variable is unset
EXPECT_EQ(role_session_name, "1234567890000000");
}

TEST_F(CustomCredentialsProviderChainTest, CreateFileAndWebProviders) {
NiceMock<MockCustomCredentialsProviderChainFactories> factories;
NiceMock<Server::Configuration::MockServerFactoryContext> server_context;
Loading
Oops, something went wrong.