Add unit test for all ram auth plugin. (#18)

pom.xml

@@ -128,6 +128,20 @@
             <version>RELEASE</version>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <version>4.11.0</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-junit-jupiter</artifactId>
+            <version>4.11.0</version>
+            <scope>test</scope>
+        </dependency>
 
     </dependencies>
 

src/main/java/com/alibaba/nacos/client/aliyun/auth/provider/AbstractCredentialClientProvider.java

@@ -22,10 +22,6 @@ public abstract class AbstractCredentialClientProvider implements ExtensionCrede
 
     private String signatureRegionId;
 
-    public Client getCredentialsClient() {
-        return credentialsClient;
-    }
-
     @Override
     public void init(Properties properties) {
         synchronized (this) {
@@ -47,9 +43,9 @@ public void init(Properties properties) {
 
     @Override
     public ExtensionRamContext getCredentialsForNacosClient() {
-        CredentialModel credentialModel = credentialsClient.getCredential();
         ExtensionRamContext ramContext = new ExtensionRamContext();
         if (null != credentialsClient) {
+            CredentialModel credentialModel = credentialsClient.getCredential();
             ramContext.setAccessKey(credentialModel.getAccessKeyId());
             ramContext.setSecretKey(credentialModel.getAccessKeySecret());
             ramContext.setSecurityToken(credentialModel.getSecurityToken());

src/main/java/com/alibaba/nacos/client/aliyun/auth/provider/AutoRotateCredentialsProvider.java

@@ -45,7 +45,7 @@ private synchronized void buildSecretClient() {
             if (null == client) {
                 client = SecretCacheClientBuilder.newClient();
             }
-        } catch (CacheSecretException e) {
+        } catch (Exception e) {
             throw new NacosRuntimeException(ErrorCode.ILLEGAL_STATE.getCode(), e.getMessage(), e);
         }
     }

src/main/java/com/alibaba/nacos/client/aliyun/auth/provider/StsTokenCredentialsProvider.java

@@ -1,6 +1,5 @@
 package com.alibaba.nacos.client.aliyun.auth.provider;
 
-import com.alibaba.nacos.api.PropertyKeyConst;
 import com.alibaba.nacos.api.exception.NacosException;
 import com.alibaba.nacos.client.aliyun.auth.ExtensionAuthPropertyKey;
 import com.alibaba.nacos.client.aliyun.auth.ExtensionRamContext;

src/test/java/com/alibaba/nacos/client/aliyun/AliyunConfigFilterTest.java

@@ -10,6 +10,7 @@
 import com.aliyuncs.kms.model.v20160120.GenerateDataKeyResponse;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
 import java.lang.reflect.Field;
@@ -28,6 +29,7 @@
 import static com.alibaba.nacos.client.aliyun.AliyunConst.KMS_DEFAULT_KEY_ID_VALUE;
 import static com.alibaba.nacos.client.aliyun.AliyunConst.KMS_KEY_SPEC_AES_256;
 
+@Disabled("This unit test depend accessKey to request KMS, default disabled")
 public class AliyunConfigFilterTest {
     private static final String ENCRYPTED_DATA_KEY = "encryptedDataKey";
     private static final String CONTENT = "content";

src/test/java/com/alibaba/nacos/client/aliyun/auth/AliyunExtensionClientAuthServiceImplTest.java

@@ -0,0 +1,161 @@
+package com.alibaba.nacos.client.aliyun.auth;
+
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.client.aliyun.auth.provider.ExtensionCredentialsProvider;
+import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext;
+import com.alibaba.nacos.plugin.auth.api.RequestResource;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.lang.reflect.Field;
+import java.util.Properties;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class AliyunExtensionClientAuthServiceImplTest {
+
+    AliyunExtensionClientAuthServiceImpl clientAuthService;
+
+    RequestResource resource;
+
+    @BeforeEach
+    void setUp() {
+        clientAuthService = new AliyunExtensionClientAuthServiceImpl();
+        resource = RequestResource.configBuilder().build();
+    }
+
+    @AfterEach
+    void tearDown() throws NacosException {
+        clientAuthService.shutdown();
+    }
+
+    @Test
+    void loginNoMatch() {
+        assertFalse(clientAuthService.login(new Properties()));
+    }
+
+    @Test
+    void loginWithException() {
+        Properties properties = new Properties();
+        properties.setProperty(ExtensionAuthPropertyKey.SECRET_NAME.getKey(), "secret");
+        assertFalse(clientAuthService.login(properties));
+    }
+
+    @Test
+    void loginSuccess() {
+        Properties properties = new Properties();
+        properties.setProperty(ExtensionAuthPropertyKey.SECURITY_TOKEN.getKey(), "securityToken");
+        properties.setProperty(ExtensionAuthPropertyKey.ACCESS_KEY_ID.getKey(), "accessKeyId");
+        properties.setProperty(ExtensionAuthPropertyKey.ACCESS_KEY_SECRET.getKey(), "accessKeySecret");
+        assertTrue(clientAuthService.login(properties));
+    }
+
+    @Test
+    void getLoginIdentityContextForStsToken() throws NoSuchFieldException, IllegalAccessException {
+        injectMockProvider(true, true);
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertEquals("accessKey", context.getParameter("Spas-AccessKey"));
+        assertEquals("securityToken", context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNotNull(context.getParameter("Spas-Signature"));
+        assertNotNull(context.getParameter("Timestamp"));
+    }
+
+    @Test
+    void getLoginIdentityContextForAkSk() throws NoSuchFieldException, IllegalAccessException {
+        injectMockProvider(false, true);
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertEquals("accessKey", context.getParameter("Spas-AccessKey"));
+        assertNull(context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNotNull(context.getParameter("Spas-Signature"));
+        assertNotNull(context.getParameter("Timestamp"));
+    }
+
+    @Test
+    void getLoginIdentityContextForStsTokenInvalid() throws NoSuchFieldException, IllegalAccessException {
+        injectMockProvider(true, false);
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertNull(context.getParameter("Spas-AccessKey"));
+        assertNull(context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNull(context.getParameter("Spas-Signature"));
+        assertNull(context.getParameter("Timestamp"));
+    }
+
+    @Test
+    void getLoginIdentityContextForAkSkInvalid() throws NoSuchFieldException, IllegalAccessException {
+        injectMockProvider(false, false);
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertNull(context.getParameter("Spas-AccessKey"));
+        assertNull(context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNull(context.getParameter("Spas-Signature"));
+        assertNull(context.getParameter("Timestamp"));
+    }
+
+    @Test
+    void getLoginIdentityContextForNoInjector() throws NoSuchFieldException, IllegalAccessException {
+        injectMockProvider(true, true);
+        resource.setType("Mock");
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertNull(context.getParameter("Spas-AccessKey"));
+        assertNull(context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNull(context.getParameter("Spas-Signature"));
+        assertNull(context.getParameter("Timestamp"));
+    }
+
+    @Test
+    void getLoginIdentityContextWithoutInit() {
+        LoginIdentityContext context = clientAuthService.getLoginIdentityContext(resource);
+        assertNull(context.getParameter("Spas-AccessKey"));
+        assertNull(context.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+        assertNull(context.getParameter("Spas-Signature"));
+        assertNull(context.getParameter("Timestamp"));
+    }
+
+    private void injectMockProvider(boolean ephemeralAccessKeyId, boolean validate)
+            throws NoSuchFieldException, IllegalAccessException {
+        MockCredentialsProvider mockProvider = new MockCredentialsProvider();
+        mockProvider.ephemeralAccessKeyId = ephemeralAccessKeyId;
+        mockProvider.validate = validate;
+        Field matchedProviderField = clientAuthService.getClass().getDeclaredField("matchedProvider");
+        matchedProviderField.setAccessible(true);
+        matchedProviderField.set(clientAuthService, mockProvider);
+    }
+
+    private static class MockCredentialsProvider implements ExtensionCredentialsProvider {
+
+        boolean ephemeralAccessKeyId = true;
+
+        boolean validate;
+
+        @Override
+        public boolean matchProvider(Properties properties) {
+            return true;
+        }
+
+        @Override
+        public void init(Properties properties) {
+        }
+
+        @Override
+        public ExtensionRamContext getCredentialsForNacosClient() {
+            ExtensionRamContext ramContext = new ExtensionRamContext();
+            ramContext.setEphemeralAccessKeyId(ephemeralAccessKeyId);
+            if (validate) {
+                ramContext.setSecretKey("secretKey");
+                ramContext.setAccessKey("accessKey");
+                ramContext.setSecurityToken(ephemeralAccessKeyId ? "securityToken" : "");
+            } else {
+                ramContext.setSecurityToken(ephemeralAccessKeyId ? "" : "securityToken");
+            }
+            return ramContext;
+        }
+
+        @Override
+        public void shutdown() throws NacosException {
+        }
+    }
+}

src/test/java/com/alibaba/nacos/client/aliyun/auth/injector/AbstractExtensionResourceInjectorTest.java

@@ -0,0 +1,94 @@
+package com.alibaba.nacos.client.aliyun.auth.injector;
+
+import com.alibaba.nacos.client.aliyun.auth.ExtensionAuthConstants;
+import com.alibaba.nacos.client.aliyun.auth.ExtensionRamContext;
+import com.alibaba.nacos.plugin.auth.api.LoginIdentityContext;
+import com.alibaba.nacos.plugin.auth.api.RequestResource;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.lang.reflect.Field;
+import java.util.Collections;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+class AbstractExtensionResourceInjectorTest {
+
+    AbstractExtensionResourceInjector resourceInjector;
+
+    ExtensionRamContext ramContext;
+
+    RequestResource resource;
+
+    @BeforeEach
+    void setUp() {
+        resourceInjector = new MockExtensionResourceInjector();
+        ramContext = new ExtensionRamContext();
+        ramContext.setSecretKey("secret");
+        ramContext.setEphemeralAccessKeyId(false);
+        resource = new RequestResource();
+    }
+
+    @AfterEach
+    void tearDown() {
+    }
+
+    @Test
+    void doInjectForV4WithoutRegionId() {
+        LoginIdentityContext result = new LoginIdentityContext();
+        resourceInjector.doInject(resource, ramContext, result);
+        assertEquals("secret", result.getParameter("sk"));
+        assertNull(result.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+    }
+
+    @Test
+    void doInjectForV4WithRegionId() {
+        ramContext.setExtensionSignatureRegionId("cn-hangzhou");
+        LoginIdentityContext result = new LoginIdentityContext();
+        resourceInjector.doInject(resource, ramContext, result);
+        assertNotEquals("secret", result.getParameter("sk"));
+        assertNull(result.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+    }
+
+    @Test
+    void doInjectForV4WithRegionIdAndStsToken() {
+        ramContext.setExtensionSignatureRegionId("cn-hangzhou");
+        ramContext.setSecurityToken("token");
+        ramContext.setEphemeralAccessKeyId(true);
+        LoginIdentityContext result = new LoginIdentityContext();
+        resourceInjector.doInject(resource, ramContext, result);
+        assertNotEquals("secret", result.getParameter("sk"));
+        assertEquals("token", result.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+    }
+
+    @Test
+    void doInjectForV1WithRegionId() throws NoSuchFieldException, IllegalAccessException {
+        Field supportV4signatureField = resourceInjector.getClass().getSuperclass()
+                .getDeclaredField("supportV4signature");
+        supportV4signatureField.setAccessible(true);
+        supportV4signatureField.set(resourceInjector, false);
+        ramContext.setExtensionSignatureRegionId("cn-hangzhou");
+        LoginIdentityContext result = new LoginIdentityContext();
+        resourceInjector.doInject(resource, ramContext, result);
+        assertEquals("secret", result.getParameter("sk"));
+        assertNull(result.getParameter(ExtensionAuthConstants.SECURITY_TOKEN_HEADER));
+    }
+
+    private static class MockExtensionResourceInjector extends AbstractExtensionResourceInjector {
+
+        @Override
+        protected String getAccessKeyHeaderKey() {
+            return "Mock";
+        }
+
+        @Override
+        protected Map<String, String> calculateSignature(RequestResource resource, String actualSecretKey,
+                ExtensionRamContext ramContext) {
+            return Collections.singletonMap("sk", actualSecretKey);
+        }
+    }
+}