1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
|
# frozen_string_literal: true
# rubocop:todo all
require 'lite_spec_helper'
require 'net/http'
describe Mongo::Auth::Aws::Request do
require_aws_auth
before(:all) do
if ENV['AUTH'] =~ /aws-(ec2|ecs|web)/
skip "This test requires explicit credentials to be provided"
end
end
let(:access_key_id) { ENV.fetch('MONGO_RUBY_DRIVER_AWS_AUTH_ACCESS_KEY_ID') }
let(:secret_access_key) { ENV.fetch('MONGO_RUBY_DRIVER_AWS_AUTH_SECRET_ACCESS_KEY') }
let(:session_token) { ENV['MONGO_RUBY_DRIVER_AWS_AUTH_SESSION_TOKEN'] }
describe '#authorization' do
let(:request) do
described_class.new(
access_key_id: access_key_id,
secret_access_key: secret_access_key,
session_token: session_token,
host: 'sts.amazonaws.com',
server_nonce: 'aaaaaaaaaaafake',
)
end
let(:sts_request) do
Net::HTTP::Post.new("https://sts.amazonaws.com").tap do |req|
request.headers.each do |k, v|
req[k] = v
end
req['authorization'] = request.authorization
req['accept'] = 'application/json'
req.body = described_class::STS_REQUEST_BODY
end
end
let(:sts_response) do
http = Net::HTTP.new('sts.amazonaws.com', 443)
http.use_ssl = true
# Uncomment to log complete request headers and the response.
# WARNING: do not enable this in Evergreen as this can expose real
# AWS credentias.
#http.set_debug_output(STDERR)
http.start do
resp = http.request(sts_request)
end
end
let(:sts_response_payload) do
JSON.parse(sts_response.body)
end
let(:result) do
sts_response_payload['GetCallerIdentityResponse']['GetCallerIdentityResult']
end
it 'is usable' do
# This assertion intentionally does not use payload so that if it fails,
# the entire response is printed for diagnostic purposes.
sts_response.body.should_not =~ /"Error"/
sts_response.code.should == '200'
result['Arn'].should =~ /^arn:aws:(iam|sts)::/
result['Account'].should be_a(String)
result['UserId'].should =~ /^A/
puts "STS request successful with ARN #{result['Arn']}"
end
end
end
|