load correct credentials in FileCredentials using v3 sdk

kaiwensun · dljvette · commit 89fbd4aabb87 · 2020-09-23T14:53:00.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ codedeploy-local.*.log
 deployment/
 .idea/
 .DS_STORE
+*.iml
diff --git a/lib/instance_agent/file_credentials.rb b/lib/instance_agent/file_credentials.rb
@@ -14,7 +14,8 @@ def initialize(path)
     private
 
     def refresh
-      @credentials = Aws::SharedCredentials.new(path: @path)
+      @credentials = Aws::SharedCredentials.new(path: @path).credentials
+      raise "Failed to load credentials from path #{@path}" if @credentials.nil?
       @expiration = Time.new + 1800
     end
   end
diff --git a/test/instance_agent/file_credentials_test.rb b/test/instance_agent/file_credentials_test.rb
@@ -1,19 +1,60 @@
 require 'test_helper'
 
 class FileCredentialsTest < InstanceAgentTestCase
-  context 'The file credentials' do
-    should 'pass the path to SharedCredentials' do
-      credentials = InstanceAgent::FileCredentials.new("/tmp/credentials_path")
-      Aws::SharedCredentials.expects(:new).with(path: "/tmp/credentials_path")
+  context 'With the file credentials' do
+
+    access_key_id = "fake-aws-access-key-id"
+    secret_access_key = "fake-aws-secret-key"
+    credentials_path = "/tmp/credentials_path"
+    session_token_1 = "fake-aws-session-token-1"
+    session_token_2 = "fake-aws-session-token-2"
+    credential_file_pattern = <<-END
+[default]
+aws_access_key_id = #{access_key_id}
+aws_secret_access_key = #{secret_access_key}
+aws_session_token = %s
+END
+
+    setup do
+      File.stubs(:exist?).with(credentials_path).returns(true)
+      File.stubs(:exist?).with(Not(equals(credentials_path))).returns(false)
+      File.stubs(:readable?).with(credentials_path).returns(true)
+      File.expects(:read).with(credentials_path).returns(credential_file_pattern % session_token_2)
+      File.expects(:read).with(credentials_path).returns(credential_file_pattern % session_token_1)
+    end
+
+    should 'load and refresh the credentials from the path to SharedCredentials' do
+      credentials = InstanceAgent::FileCredentials.new(credentials_path)
+      assert_equal access_key_id, credentials.credentials.access_key_id
+      assert_equal secret_access_key, credentials.credentials.secret_access_key
+      assert_equal session_token_1, credentials.credentials.session_token
       credentials.refresh!
+      assert_equal access_key_id, credentials.credentials.access_key_id
+      assert_equal secret_access_key, credentials.credentials.secret_access_key
+      assert_equal session_token_2, credentials.credentials.session_token
     end
 
     should 'set the refresh time to 30 minutes' do
-      credentials = InstanceAgent::FileCredentials.new("/tmp/credentials_path")
+      credentials = InstanceAgent::FileCredentials.new(credentials_path)
       credentials.refresh!
       # Around 30 minutes
       expected_time = Time.now + 1800
       assert_in_delta(expected_time, credentials.expiration, 5, "Expiration time did not fall within 5 seconds of expected expiration")
     end
   end
+
+  context 'Without the file credentials' do
+
+    credentials_path = "/tmp/invalid_credentials_path"
+
+    setup do
+      File.stubs(:exist?).with(credentials_path).returns(false)
+    end
+
+    should 'raise error when credential file is missing' do
+      assert_raised_with_message("Failed to load credentials from path #{credentials_path}", RuntimeError) do
+        InstanceAgent::FileCredentials.new(credentials_path)
+      end
+    end
+  end
 end
diff --git a/test/instance_agent/plugins/codedeploy/onpremise_config_test.rb b/test/instance_agent/plugins/codedeploy/onpremise_config_test.rb
@@ -73,21 +73,33 @@ class OnPremiseConfigTest < InstanceAgentTestCase
       end
   
       context "config file with session configuration" do
+        credentials_path = "/etc/codedeploy-agent/conf/.aws_credentials"
         linux_file = <<-END
         region: us-east-test
         iam_session_arn: test:arn
-        aws_credentials_file: /etc/codedeploy-agent/conf/.aws_credentials
+        aws_credentials_file: #{credentials_path}
         END
+        access_key_id = "fake-access-key-id-#{rand 1000}"
+        credentials_file = <<-END
+[default]
+aws_access_key_id = #{access_key_id}
+aws_secret_access_key = fake-secret-access-key
+aws_session_token = fake-session-token
+END
   
         setup do
           File.stubs(:read).with(linux_path).returns(linux_file)
+          File.stubs(:read).with(credentials_path).returns(credentials_file)
+          File.stubs(:exist?).with(credentials_path).returns(true)
+          File.stubs(:readable?).with(credentials_path).returns(true)
         end
   
         should "set the ENV variables correctly" do
           OnPremisesConfig.configure
           assert_equal 'us-east-test', ENV['AWS_REGION']
           assert_equal 'test:arn', ENV['AWS_HOST_IDENTIFIER']
           assert_equal '/etc/codedeploy-agent/conf/.aws_credentials', ENV['AWS_CREDENTIALS_FILE']
+          assert_equal access_key_id, Aws.config[:credentials].credentials.access_key_id
         end
       end
       
