/
aws_sigv4_instance_profile_credentials_spec.rb
116 lines (94 loc) · 3.76 KB
/
aws_sigv4_instance_profile_credentials_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# frozen_string_literal: true
RSpec.describe FaradayMiddleware::AwsSigV4 do
def faraday(options = {}, &block)
options = {
url: 'https://apigateway.us-east-1.amazonaws.com'
}.merge(options)
Faraday.new(options) do |faraday|
aws_sigv4_options = {
service: 'apigateway',
region: 'us-east-1',
credentials_provider: Aws::InstanceProfileCredentials.new
}
faraday.request :aws_sigv4, aws_sigv4_options
faraday.response :json, content_type: /\bjson\b/
faraday.adapter(:test, Faraday::Adapter::Test::Stubs.new, &block)
end
end
let(:response) do
{ 'accountUpdate' =>
{ 'name' => nil,
'template' => false,
'templateSkipList' => nil,
'title' => nil,
'updateAccountInput' => nil },
'cloudwatchRoleArn' => nil,
'self' =>
{ '__type' =>
'GetAccountRequest:http://internal.amazon.com/coral/com.amazonaws.backplane.controlplane/',
'name' => nil,
'template' => false,
'templateSkipList' => nil,
'title' => nil },
'throttleSettings' => { 'burstLimit' => 1000, 'rateLimit' => 500.0 } }
end
let(:expected_headers) do
{ 'User-Agent' => "Faraday v#{Faraday::VERSION}",
'host' => 'apigateway.us-east-1.amazonaws.com',
'x-amz-content-sha256' =>
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' }
end
let(:authz_tmpl) do
'AWS4-HMAC-SHA256 Credential=%<access_key_id>s/20150101/us-east-1/apigateway/aws4_request, ' \
'SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, ' \
'Signature=%<signature>s'
end
before do
stub_const('Net::HTTP::HAVE_ZLIB', true)
allow_any_instance_of(Aws::InstanceProfileCredentials).to receive(:get_credentials) {
JSON.dump({
'AccessKeyId' => "akid#{Time.now.to_i}",
'SecretAccessKey' => "secret#{Time.now.to_i}",
'Token' => "token#{Time.now.to_i}",
'Expiration' => (Time.now + 3600).xmlschema
})
}
end
specify do
account_headers = nil
client = faraday do |stub|
stub.get('/account') do |env|
account_headers = env.request_headers
[200, { 'Content-Type' => 'application/json' }, JSON.dump(response)]
end
end
expect(client.get('/account').body).to eq response
expect(account_headers).to include expected_headers.update(
'x-amz-date' => '20150101T000000Z',
'x-amz-security-token' => 'token1420070400'
)
expect(account_headers.fetch('authorization')).to match Regexp.new(format(authz_tmpl, access_key_id: 'akid1420070400', signature: "(#{%w[
fb00a1d58f5fbeccae37f980c076e1d2755d4098716c0b31e04f1dc9acbb6c15
].join('|')})"))
# 50 minutes after
Timecop.travel(Time.now + 3000)
expect(client.get('/account').body).to eq response
expect(account_headers).to include expected_headers.update(
'x-amz-date' => '20150101T005000Z',
'x-amz-security-token' => 'token1420070400'
)
expect(account_headers.fetch('authorization')).to match Regexp.new(format(authz_tmpl, access_key_id: 'akid1420070400', signature: "(#{%w[
3c003d5155a8e2bcae27c4825ebd545fc0f49b464b8f32ead0861826173797f4
].join('|')})"))
# 10 minutes after
Timecop.travel(Time.now + 600)
expect(client.get('/account').body).to eq response
expect(account_headers).to include expected_headers.update(
'x-amz-date' => '20150101T010000Z',
'x-amz-security-token' => 'token1420074000'
)
expect(account_headers.fetch('authorization')).to match Regexp.new(format(authz_tmpl, access_key_id: 'akid1420074000', signature: "(#{%w[
208a3aee002d4d23c0af1bc0aa8c8c20cedaf4e98c955d8f80010b322a8f48fe
].join('|')})"))
end
end