fix: solve error in default credentials provider

Author: PanPanZou

aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs

@@ -51,6 +51,20 @@ public void GetAlibabaCloudClientCredentialWithException()
             Assert.Equal("There is no credential chain can use.", exception.Message);
         }
 
+        [Fact]
+        public void GetCredentialWithException()
+        {
+            var provider = new Mock<DefaultCredentialProvider>();
+            var defaultProvider = provider.Object;
+
+            var exception = Assert.Throws<ClientException>(() =>
+            {
+                var credential = defaultProvider.GetCredentials();
+            });
+
+            Assert.Equal("There is no credential chain can use.", exception.Message);
+        }
+
         /*
         Case: Test Credential File With default Client Name and file exist with ak value and type
         Result: should return AccessKeyCredential
@@ -59,6 +73,14 @@ Use credential chains
         [Fact]
         public void GetCredentialFileAlibabaCloudCredentialWithAKType()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+
             var profile = DefaultProfile.GetProfile();
             profile.DefaultClientName = "default";
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
@@ -71,6 +93,9 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKType()
             Assert.NotNull(credential);
             Assert.NotNull(credential.GetAccessKeyId());
             Assert.NotNull(credential.GetAccessKeySecret());
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
         }
 
         /*
@@ -81,6 +106,10 @@ Use credential chains
         [Fact]
         public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
@@ -97,12 +126,23 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty()
 
             TestHelper.DeleteIniFile();
 
-            Assert.Equal("Missing required variable option for 'default Client'", exception.Message);
+            Assert.Equal("Access key ID cannot be null.", exception.Message);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
         }
 
         [Fact]
         public void GetCredentialFileAlibabaCloudCredentialWithDefaultSection()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+
             TestHelper.CreateIniFileWithDefaultSection();
 
             var profile = DefaultProfile.GetProfile();
@@ -115,6 +155,37 @@ public void GetCredentialFileAlibabaCloudCredentialWithDefaultSection()
             TestHelper.DeleteIniFile();
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_CREDENTIALS_FILE", null);
             Assert.NotNull(credential);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
+
+        }
+
+        [Fact]
+        public void GetOIDCAlibabaCloudCredentialTest()
+        {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+            var cacheRegionId = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", "test");
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "test");
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", TestHelper.GetOIDCTokenFilePath());
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "us-west-1");
+            var profile = DefaultProfile.GetProfile();
+            profile.DefaultClientName = "default";
+            var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
+            var exception = Assert.Throws<ClientException>(() =>
+            {
+                var credential = defaultCredentialProvider.GetAlibabaCloudClientCredential();
+            });
+            Assert.Contains("Parameter OIDCProviderArn is not valid", exception.Message);
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", cacheRegionId);
         }
 
         /*
@@ -125,6 +196,14 @@ Use credential chains
         [Fact]
         public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+
             var ecsRamRoleCredential =
                 new InstanceProfileCredentials("fakeak", "fakeaks", "fakesession", DateTime.UtcNow.ToString(), 4000);
             var mockHomePath = EnvironmentUtil.GetHomePath();
@@ -144,6 +223,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole()
 
             TestHelper.DeleteIniFile();
             Assert.NotNull(credential);
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
         }
 
         /*
@@ -161,11 +244,9 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExist()
 
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
 
-            var credential = (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential();
-
+            var ex = Assert.Throws<ClientException>(() => (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential());
+            Assert.Equal("The configured client type is empty", ex.Message);
             TestHelper.DeleteIniFile();
-            Assert.NotNull(credential);
-            Assert.Equal("foo", credential.GetAccessKeyId());
         }
 
         /*
@@ -182,10 +263,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExistNotDefault(
 
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
 
-            var credential = defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential();
+            var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential());
+            Assert.Equal("The configured client type is empty", ex.Message);
 
             TestHelper.DeleteIniFile();
-            Assert.Null(credential);
         }
 
         /*
@@ -328,15 +409,15 @@ public void GetInstanceRamRoleAlibabaCloudCredential()
                 defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
             });
 
-            Assert.Equal("RegionID cannot be null or empty.", exception.Message);
+            Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
 
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id");
             profile.DefaultClientName = "test";
             defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
-            var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
+            var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential());
 
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
-            Assert.Null(credentialProvider);
+            Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
         }
 
         [Fact]
@@ -369,13 +450,13 @@ public void GetInstanceRamRoleAlibabaCloudCredential3()
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id");
             profile.DefaultClientName = "default";
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
-            var exception = Assert.Throws<ArgumentNullException>(() =>
+            var exception = Assert.Throws<ClientException>(() =>
             {
                 var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential();
             });
 
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
-            Assert.Equal("You must specifiy a valid role name.", exception.ParamName);
+            Assert.StartsWith("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message);
         }
 
         [Fact]
@@ -465,11 +546,10 @@ public void GetRsaKeyPairAlibabaCloudCredential()
             var defaultCredentialProvider =
                 new DefaultCredentialProvider(profile, "publicKeyId", "privateKeyFile", rsaProvider);
 
-            var actualCredentil = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential();
+            var ex = Assert.Throws<ClientException>(() => defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential());
 
             Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null);
-            Assert.NotNull(actualCredentil);
-            Assert.Equal("aks", actualCredentil.GetAccessKeySecret());
+            Assert.Equal("The configured public_key_id or private_key_file is empty", ex.Message);
         }
 
         [Fact]
@@ -496,6 +576,14 @@ public void GetRsaKeyPairAlibabaCloudCredential2()
         [Fact]
         public void GetRsaKeyPairAlibabaCloudCredentialWithException()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+
             var profile = DefaultProfile.GetProfile();
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
 
@@ -504,12 +592,23 @@ public void GetRsaKeyPairAlibabaCloudCredentialWithException()
                 var credential = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential();
             });
 
-            Assert.Equal("Missing required variable option for 'default Client'", exception.Message);
+            Assert.Equal("The configured private_key_file is empty", exception.Message);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
         }
 
         [Fact]
         public void GetOIDCAlibabaCloudCredential()
         {
+            var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN");
+            var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
+            var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
+
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+
             var profile = DefaultProfile.GetProfile();
             var defaultCredentialProvider = new DefaultCredentialProvider(profile, null);
             Assert.Null(defaultCredentialProvider.GetOIDCAlibabaCloudCredential());
@@ -529,9 +628,9 @@ public void GetOIDCAlibabaCloudCredential()
             Assert.Equal("fakesessiontoken", credential.GetSessionToken());
             Assert.False(credential.WillSoonExpire());
 
-            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null);
-            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null);
-            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn);
+            Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile);
         }
     }
 }

aliyun-net-sdk-core.Tests/Units/Http/HttpResponse.cs

@@ -174,4 +174,4 @@ public void SetContentWithEmptyHeaders()
             Assert.Equal(FormatType.JSON, instance.ContentType);
         }
     }
-}
+}

aliyun-net-sdk-core.Tests/Units/TestHelper.cs

@@ -74,6 +74,11 @@ public static string GetIniFilePath()
             return Directory.GetCurrentDirectory() + slash + "credentials.ini";
         }
 
+        public static string GetTestIniFilePath()
+        {
+            return HomePath + Slash + "configTest.ini";
+        }
+
         public static void DeleteIniFile()
         {
             File.Delete(homePath + slash + ".alibabacloud" + slash + "credentials.ini");

aliyun-net-sdk-core.Tests/Units/Utils/IniFileHelperTest.cs

@@ -61,5 +61,16 @@ public void TestGetValue()
             TestHelper.DeleteIniFile();
             Assert.Empty(value);
         }
+
+        [Fact]
+        public void TestIniReader()
+        {
+            var path = TestHelper.GetTestIniFilePath();
+            var iniReader = new IniReader(path);
+            var accessKeyId = iniReader.GetValue("access_key_id", "default");
+            var accessKeySecret = iniReader.GetValue("access_key_secret", "default");
+            Assert.Equal("foo", accessKeyId);
+            Assert.Equal("bar", accessKeySecret);
+        }
     }
 }

aliyun-net-sdk-core.Tests/aliyun-net-sdk-core-unit-tests.csproj

@@ -13,6 +13,9 @@
     <None Update="OIDCToken.txt">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Update="configTest.ini">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
   </ItemGroup>
 
   <ItemGroup>

aliyun-net-sdk-core.Tests/configTest.ini

@@ -0,0 +1,33 @@
+[default]                           
+enable = true                      
+type = access_key                  
+access_key_id = foo                
+access_key_secret = bar            
+region_id = cn-hangzhou                                 
+  
+[client1]
+enable = false                             
+type = ecs_ram_role                
+role_name = EcsRamRoleTest         
+
+
+[client2]                          
+enable = false                     
+type = ram_role_arn                
+access_key_id = foo
+access_key_secret = bar
+role_arn = role_arn
+role_session_name = session_name
+
+
+[client3]
+enable = false                            
+type = bearer_token                
+bearer_token = bearer_token        
+
+
+[client4]
+enable = false                             
+type = rsa_key_pair                
+public_key_id = publicKeyId        
+private_key_file = /your/pk.pem