Add tests for mocks and to show lack of retries

aws_config.go

@@ -96,7 +96,7 @@ func GetAwsConfig(ctx context.Context, c *Config) (context.Context, aws.Config,
 
  if !c.SkipCredsValidation {
  if _, _, err := getAccountIDAndPartitionFromSTSGetCallerIdentity(baseCtx, stsClient(baseCtx, awsConfig, c)); err != nil {
- return ctx, awsConfig, fmt.Errorf("error validating provider credentials: %w", err)
+ return ctx, awsConfig, fmt.Errorf("validating provider credentials: %w", err)
  }
  }
 

aws_config_test.go

@@ -22,6 +22,7 @@ import (
  "github.com/aws/aws-sdk-go-v2/config"
  "github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
  "github.com/aws/aws-sdk-go-v2/service/sts"
+ "github.com/aws/smithy-go"
  "github.com/aws/smithy-go/middleware"
  smithyhttp "github.com/aws/smithy-go/transport/http"
  "github.com/google/go-cmp/cmp"
@@ -94,6 +95,52 @@ func TestGetAwsConfig(t *testing.T) {
  servicemocks.MockStsGetCallerIdentityValidEndpoint,
  },
  },
+ {
+ Config: &Config{
+ AccessKey: servicemocks.MockStaticAccessKey,
+ Region: "us-east-1",
+ SecretKey: servicemocks.MockStaticSecretKey,
+ MaxRetries: 100,
+ },
+ Description: "ExpiredToken",
+ ExpectedRegion: "us-east-1",
+ ExpectedError: func(err error) bool {
+ return strings.Contains(err.Error(), "ExpiredToken")
+ },
+ MockStsEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredToken,
+ },
+ },
+ {
+ Config: &Config{
+ AccessKey: servicemocks.MockStaticAccessKey,
+ Region: "us-east-1",
+ SecretKey: servicemocks.MockStaticSecretKey,
+ },
+ Description: "ExpiredTokenException",
+ ExpectedRegion: "us-east-1",
+ ExpectedError: func(err error) bool {
+ return strings.Contains(err.Error(), "ExpiredTokenException")
+ },
+ MockStsEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredTokenException,
+ },
+ },
+ {
+ Config: &Config{
+ AccessKey: servicemocks.MockStaticAccessKey,
+ Region: "us-east-1",
+ SecretKey: servicemocks.MockStaticSecretKey,
+ },
+ Description: "RequestExpired",
+ ExpectedRegion: "us-east-1",
+ ExpectedError: func(err error) bool {
+ return strings.Contains(err.Error(), "RequestExpired")
+ },
+ MockStsEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityInvalidBodyRequestExpired,
+ },
+ },
  {
  Config: &Config{
  AccessKey: servicemocks.MockStaticAccessKey,
@@ -3043,6 +3090,76 @@ func TestRetryHandlers(t *testing.T) {
  return results
  }(),
  },
+ "no retries for ExpiredToken": {
+ NextHandler: func() middleware.FinalizeHandler {
+ num := 0
+ reqsErrs := make([]error, 2)
+ for i := 0; i < 2; i++ {
+ reqsErrs[i] = &smithy.OperationError{
+ ServiceID: "STS",
+ OperationName: "GetCallerIdentity",
+ Err: &smithyhttp.ResponseError{
+ Response: &smithyhttp.Response{
+ Response: &http.Response{
+ StatusCode: 403,
+ },
+ },
+ Err: &smithy.GenericAPIError{
+ Code: "ExpiredToken",
+ Message: "The security token included in the request is expired",
+ },
+ },
+ }
+ }
+ return middleware.FinalizeHandlerFunc(func(ctx context.Context, in middleware.FinalizeInput) (out middleware.FinalizeOutput, metadata middleware.Metadata, err error) {
+ if num >= len(reqsErrs) {
+ err = fmt.Errorf("more requests than expected")
+ } else {
+ err = reqsErrs[num]
+ num++
+ }
+ return out, metadata, err
+ })
+ },
+ Err: &smithy.OperationError{
+ ServiceID: "STS",
+ OperationName: "GetCallerIdentity",
+ Err: &smithyhttp.ResponseError{
+ Response: &smithyhttp.Response{
+ Response: &http.Response{
+ StatusCode: 403,
+ },
+ },
+ Err: &smithy.GenericAPIError{
+ Code: "ExpiredToken",
+ Message: "The security token included in the request is expired",
+ },
+ },
+ },
+ ExpectResults: func() retry.AttemptResults {
+ results := retry.AttemptResults{
+ Results: make([]retry.AttemptResult, 1),
+ }
+ results.Results[0] = retry.AttemptResult{
+ Err: &smithy.OperationError{
+ ServiceID: "STS",
+ OperationName: "GetCallerIdentity",
+ Err: &smithyhttp.ResponseError{
+ Response: &smithyhttp.Response{
+ Response: &http.Response{
+ StatusCode: 403,
+ },
+ },
+ Err: &smithy.GenericAPIError{
+ Code: "ExpiredToken",
+ Message: "The security token included in the request is expired",
+ },
+ },
+ },
+ }
+ return results
+ }(),
+ },
  "stops at maxRetries for other network errors": {
  NextHandler: func() middleware.FinalizeHandler {
  num := 0

awsauth_test.go

@@ -321,19 +321,47 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) {
  ErrCount: 1,
  },
  {
- Description: "sts:GetCallerIdentity expired token with invalid response",
+ Description: "sts:GetCallerIdentity ExpiredToken with invalid JSON response",
  MockEndpoints: []*servicemocks.MockEndpoint{
  servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredToken,
  },
  ErrCount: 1,
  },
  {
- Description: "sts:GetCallerIdentity expired token with valid response",
+ Description: "sts:GetCallerIdentity ExpiredToken with valid JSON response",
  MockEndpoints: []*servicemocks.MockEndpoint{
  servicemocks.MockStsGetCallerIdentityValidBodyExpiredToken,
  },
  ErrCount: 1,
  },
+ {
+ Description: "sts:GetCallerIdentity ExpiredTokenException with invalid JSON response",
+ MockEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredTokenException,
+ },
+ ErrCount: 1,
+ },
+ {
+ Description: "sts:GetCallerIdentity ExpiredTokenException with valid JSON response",
+ MockEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityValidBodyExpiredTokenException,
+ },
+ ErrCount: 1,
+ },
+ {
+ Description: "sts:GetCallerIdentity RequestExpired with invalid JSON response",
+ MockEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityInvalidBodyRequestExpired,
+ },
+ ErrCount: 1,
+ },
+ {
+ Description: "sts:GetCallerIdentity RequestExpired with valid JSON response",
+ MockEndpoints: []*servicemocks.MockEndpoint{
+ servicemocks.MockStsGetCallerIdentityValidBodyRequestExpired,
+ },
+ ErrCount: 1,
+ },
  {
  Description: "sts:GetCallerIdentity success",
  MockEndpoints: []*servicemocks.MockEndpoint{