Add mocks for other possible expired credentials errors

hashicorp · Feb 17, 2023 · fb34edb · fb34edb
1 parent ea09e4c
commit fb34edb
Showing 1 changed file with 108 additions and 0 deletions.
diff --git a/servicemocks/mock.go b/servicemocks/mock.go
@@ -114,6 +114,8 @@ const (
 </Error>
 <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
 </ErrorResponse>`
+ // MockStsGetCallerIdentityValidResponseBodyExpiredToken uses code "ExpiredToken", seemingly the most common
+ // code. Errors usually have an invalid body but this may be fixed at some point.
  MockStsGetCallerIdentityValidResponseBodyExpiredToken = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
 <Error>
  <Type>Sender</Type>
@@ -124,13 +126,59 @@ const (
  <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
 </ResponseMetadata>
 </ErrorResponse>`
+ // MockStsGetCallerIdentityInvalidResponseBodyExpiredToken uses code "ExpiredToken", seemingly the most common
+ // code. Errors usually have an invalid body.
  MockStsGetCallerIdentityInvalidResponseBodyExpiredToken = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
 <Error>
  <Type>Sender</Type>
  <Code>ExpiredToken</Code>
  <Message>The security token included in the request is expired</Message>
 </Error>
 <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
+</ErrorResponse>`
+ // MockStsGetCallerIdentityValidResponseBodyExpiredTokenException uses code "ExpiredTokenException", a more rare code
+ // but used at least by Fargate. Errors usually have an invalid body but this may change.
+ MockStsGetCallerIdentityValidResponseBodyExpiredTokenException = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
+<Error>
+ <Type>Sender</Type>
+ <Code>ExpiredTokenException</Code>
+ <Message>The security token included in the request is expired</Message>
+</Error>
+<ResponseMetadata>
+ <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
+</ResponseMetadata>
+</ErrorResponse>`
+ // MockStsGetCallerIdentityInvalidResponseBodyExpiredTokenException uses code "ExpiredTokenException", a more rare code
+ // but used at least by Fargate. Errors usually have an invalid body but this may change.
+ MockStsGetCallerIdentityInvalidResponseBodyExpiredTokenException = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
+<Error>
+ <Type>Sender</Type>
+ <Code>ExpiredTokenException</Code>
+ <Message>The security token included in the request is expired</Message>
+</Error>
+<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
+</ErrorResponse>`
+ // MockStsGetCallerIdentityValidResponseBodyRequestExpired uses code "RequestExpired", a code only used in EC2.
+ // Errors usually have an invalid body but this may change.
+ MockStsGetCallerIdentityValidResponseBodyRequestExpired = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
+<Error>
+ <Type>Sender</Type>
+ <Code>RequestExpired</Code>
+ <Message>The security token included in the request is expired</Message>
+</Error>
+<ResponseMetadata>
+ <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
+</ResponseMetadata>
+</ErrorResponse>`
+ // MockStsGetCallerIdentityInvalidResponseBodyRequestExpired uses code "RequestExpired", a code only used in EC2.
+ // Errors usually have an invalid body but this may change.
+ MockStsGetCallerIdentityInvalidResponseBodyRequestExpired = `<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
+<Error>
+ <Type>Sender</Type>
+ <Code>RequestExpired</Code>
+ <Message>The security token included in the request is expired</Message>
+</Error>
+<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
 </ErrorResponse>`
  MockStsGetCallerIdentityPartition = `aws`
  MockStsGetCallerIdentityValidResponseBody = `<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
@@ -259,6 +307,66 @@ var (
  StatusCode: http.StatusForbidden,
  },
  }
+ MockStsGetCallerIdentityInvalidBodyExpiredTokenException = &MockEndpoint{
+ Request: &MockRequest{
+ Body: url.Values{
+ "Action": []string{"GetCallerIdentity"},
+ "Version": []string{"2011-06-15"},
+ }.Encode(),
+ Method: http.MethodPost,
+ Uri: "/",
+ },
+ Response: &MockResponse{
+ Body: MockStsGetCallerIdentityInvalidResponseBodyExpiredTokenException,
+ ContentType: "text/xml",
+ StatusCode: http.StatusForbidden,
+ },
+ }
+ MockStsGetCallerIdentityValidBodyExpiredTokenException = &MockEndpoint{
+ Request: &MockRequest{
+ Body: url.Values{
+ "Action": []string{"GetCallerIdentity"},
+ "Version": []string{"2011-06-15"},
+ }.Encode(),
+ Method: http.MethodPost,
+ Uri: "/",
+ },
+ Response: &MockResponse{
+ Body: MockStsGetCallerIdentityValidResponseBodyExpiredTokenException,
+ ContentType: "text/xml",
+ StatusCode: http.StatusForbidden,
+ },
+ }
+ MockStsGetCallerIdentityInvalidBodyRequestExpired = &MockEndpoint{
+ Request: &MockRequest{
+ Body: url.Values{
+ "Action": []string{"GetCallerIdentity"},
+ "Version": []string{"2011-06-15"},
+ }.Encode(),
+ Method: http.MethodPost,
+ Uri: "/",
+ },
+ Response: &MockResponse{
+ Body: MockStsGetCallerIdentityInvalidResponseBodyRequestExpired,
+ ContentType: "text/xml",
+ StatusCode: http.StatusForbidden,
+ },
+ }
+ MockStsGetCallerIdentityValidBodyRequestExpired = &MockEndpoint{
+ Request: &MockRequest{
+ Body: url.Values{
+ "Action": []string{"GetCallerIdentity"},
+ "Version": []string{"2011-06-15"},
+ }.Encode(),
+ Method: http.MethodPost,
+ Uri: "/",
+ },
+ Response: &MockResponse{
+ Body: MockStsGetCallerIdentityValidResponseBodyRequestExpired,
+ ContentType: "text/xml",
+ StatusCode: http.StatusForbidden,
+ },
+ }
  MockStsGetCallerIdentityValidEndpoint = &MockEndpoint{
  Request: &MockRequest{
  Body: url.Values{