From c4d0ab071c76e3260d8ca0e84fb324716d127fa1 Mon Sep 17 00:00:00 2001
From: Dirk Avery <dirk.avery@gmail.com>
Date: Thu, 16 Feb 2023 22:34:32 -0500
Subject: [PATCH] Add tests for mocks and to show lack of retries

---
 aws_config.go      |   2 +-
 aws_config_test.go | 117 +++++++++++++++++++++++++++++++++++++++++++++
 awsauth_test.go    |  32 ++++++++++++-
 3 files changed, 148 insertions(+), 3 deletions(-)

diff --git a/aws_config.go b/aws_config.go
index 9f4b5052..ba7cba5e 100644
--- a/aws_config.go
+++ b/aws_config.go
@@ -96,7 +96,7 @@ func GetAwsConfig(ctx context.Context, c *Config) (context.Context, aws.Config,
 
 	if !c.SkipCredsValidation {
 		if _, _, err := getAccountIDAndPartitionFromSTSGetCallerIdentity(baseCtx, stsClient(baseCtx, awsConfig, c)); err != nil {
-			return ctx, awsConfig, fmt.Errorf("error validating provider credentials: %w", err)
+			return ctx, awsConfig, fmt.Errorf("validating provider credentials: %w", err)
 		}
 	}
 
diff --git a/aws_config_test.go b/aws_config_test.go
index 14619667..fd9b4f47 100644
--- a/aws_config_test.go
+++ b/aws_config_test.go
@@ -22,6 +22,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/smithy-go"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"github.com/google/go-cmp/cmp"
@@ -94,6 +95,52 @@ func TestGetAwsConfig(t *testing.T) {
 				servicemocks.MockStsGetCallerIdentityValidEndpoint,
 			},
 		},
+		{
+			Config: &Config{
+				AccessKey:  servicemocks.MockStaticAccessKey,
+				Region:     "us-east-1",
+				SecretKey:  servicemocks.MockStaticSecretKey,
+				MaxRetries: 100,
+			},
+			Description:    "ExpiredToken",
+			ExpectedRegion: "us-east-1",
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "ExpiredToken")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredToken,
+			},
+		},
+		{
+			Config: &Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description:    "ExpiredTokenException",
+			ExpectedRegion: "us-east-1",
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "ExpiredTokenException")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredTokenException,
+			},
+		},
+		{
+			Config: &Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description:    "RequestExpired",
+			ExpectedRegion: "us-east-1",
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "RequestExpired")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyRequestExpired,
+			},
+		},
 		{
 			Config: &Config{
 				AccessKey: servicemocks.MockStaticAccessKey,
@@ -3043,6 +3090,76 @@ func TestRetryHandlers(t *testing.T) {
 				return results
 			}(),
 		},
+		"no retries for ExpiredToken": {
+			NextHandler: func() middleware.FinalizeHandler {
+				num := 0
+				reqsErrs := make([]error, 2)
+				for i := 0; i < 2; i++ {
+					reqsErrs[i] = &smithy.OperationError{
+						ServiceID:     "STS",
+						OperationName: "GetCallerIdentity",
+						Err: &smithyhttp.ResponseError{
+							Response: &smithyhttp.Response{
+								Response: &http.Response{
+									StatusCode: 403,
+								},
+							},
+							Err: &smithy.GenericAPIError{
+								Code:    "ExpiredToken",
+								Message: "The security token included in the request is expired",
+							},
+						},
+					}
+				}
+				return middleware.FinalizeHandlerFunc(func(ctx context.Context, in middleware.FinalizeInput) (out middleware.FinalizeOutput, metadata middleware.Metadata, err error) {
+					if num >= len(reqsErrs) {
+						err = fmt.Errorf("more requests than expected")
+					} else {
+						err = reqsErrs[num]
+						num++
+					}
+					return out, metadata, err
+				})
+			},
+			Err: &smithy.OperationError{
+				ServiceID:     "STS",
+				OperationName: "GetCallerIdentity",
+				Err: &smithyhttp.ResponseError{
+					Response: &smithyhttp.Response{
+						Response: &http.Response{
+							StatusCode: 403,
+						},
+					},
+					Err: &smithy.GenericAPIError{
+						Code:    "ExpiredToken",
+						Message: "The security token included in the request is expired",
+					},
+				},
+			},
+			ExpectResults: func() retry.AttemptResults {
+				results := retry.AttemptResults{
+					Results: make([]retry.AttemptResult, 1),
+				}
+				results.Results[0] = retry.AttemptResult{
+					Err: &smithy.OperationError{
+						ServiceID:     "STS",
+						OperationName: "GetCallerIdentity",
+						Err: &smithyhttp.ResponseError{
+							Response: &smithyhttp.Response{
+								Response: &http.Response{
+									StatusCode: 403,
+								},
+							},
+							Err: &smithy.GenericAPIError{
+								Code:    "ExpiredToken",
+								Message: "The security token included in the request is expired",
+							},
+						},
+					},
+				}
+				return results
+			}(),
+		},
 		"stops at maxRetries for other network errors": {
 			NextHandler: func() middleware.FinalizeHandler {
 				num := 0
diff --git a/awsauth_test.go b/awsauth_test.go
index eb6de15e..15492cfc 100644
--- a/awsauth_test.go
+++ b/awsauth_test.go
@@ -321,19 +321,47 @@ func TestGetAccountIDAndPartitionFromSTSGetCallerIdentity(t *testing.T) {
 			ErrCount: 1,
 		},
 		{
-			Description: "sts:GetCallerIdentity expired token with invalid response",
+			Description: "sts:GetCallerIdentity ExpiredToken with invalid JSON response",
 			MockEndpoints: []*servicemocks.MockEndpoint{
 				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredToken,
 			},
 			ErrCount: 1,
 		},
 		{
-			Description: "sts:GetCallerIdentity expired token with valid response",
+			Description: "sts:GetCallerIdentity ExpiredToken with valid JSON response",
 			MockEndpoints: []*servicemocks.MockEndpoint{
 				servicemocks.MockStsGetCallerIdentityValidBodyExpiredToken,
 			},
 			ErrCount: 1,
 		},
+		{
+			Description: "sts:GetCallerIdentity ExpiredTokenException with invalid JSON response",
+			MockEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredTokenException,
+			},
+			ErrCount: 1,
+		},
+		{
+			Description: "sts:GetCallerIdentity ExpiredTokenException with valid JSON response",
+			MockEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityValidBodyExpiredTokenException,
+			},
+			ErrCount: 1,
+		},
+		{
+			Description: "sts:GetCallerIdentity RequestExpired with invalid JSON response",
+			MockEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyRequestExpired,
+			},
+			ErrCount: 1,
+		},
+		{
+			Description: "sts:GetCallerIdentity RequestExpired with valid JSON response",
+			MockEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityValidBodyRequestExpired,
+			},
+			ErrCount: 1,
+		},
 		{
 			Description: "sts:GetCallerIdentity success",
 			MockEndpoints: []*servicemocks.MockEndpoint{