mirror of
https://github.com/serverless/serverless.git
synced 2026-01-18 14:58:43 +00:00
248 lines
9.7 KiB
JavaScript
248 lines
9.7 KiB
JavaScript
'use strict';
|
|
|
|
const expect = require('chai').expect;
|
|
const sandbox = require('sinon');
|
|
const BbPromise = require('bluebird');
|
|
const { constants } = require('fs');
|
|
const fs = require('fs');
|
|
const fse = BbPromise.promisifyAll(require('fs-extra'));
|
|
const os = require('os');
|
|
const path = require('path');
|
|
const AwsConfigCredentials = require('./awsConfigCredentials');
|
|
const Serverless = require('../../../Serverless');
|
|
|
|
describe('AwsConfigCredentials', () => {
|
|
let awsConfigCredentials;
|
|
let serverless;
|
|
const homeDirPath = os.homedir();
|
|
const awsDirectoryPath = path.join(homeDirPath, '.aws');
|
|
const credentialsFilePath = path.join(awsDirectoryPath, 'credentials');
|
|
const credentialsFileContent = [
|
|
'[my-profile]',
|
|
'aws_access_key_id = my-old-profile-key',
|
|
'aws_secret_access_key = my-old-profile-secret',
|
|
].join('\n');
|
|
|
|
before(() => {
|
|
// Abort if credentials are found in home directory
|
|
// (it should not be the case, as home directory is mocked to point temp dir)
|
|
return fse.lstatAsync(awsDirectoryPath).then(
|
|
() => {
|
|
throw new Error('Unexpected ~/.aws directory, related tests aborted');
|
|
},
|
|
error => {
|
|
if (error.code === 'ENOENT') return;
|
|
throw error;
|
|
}
|
|
);
|
|
});
|
|
|
|
beforeEach(() => {
|
|
serverless = new Serverless();
|
|
return serverless.init().then(() => {
|
|
const options = {
|
|
provider: 'aws',
|
|
key: 'some-key',
|
|
secret: 'some-secret',
|
|
};
|
|
awsConfigCredentials = new AwsConfigCredentials(serverless, options);
|
|
});
|
|
});
|
|
|
|
afterEach(() => fse.removeAsync(awsDirectoryPath));
|
|
|
|
describe('#constructor()', () => {
|
|
it('should have the command "config"', () => {
|
|
expect(awsConfigCredentials.commands.config).to.not.equal(undefined);
|
|
});
|
|
|
|
it('should have the sub-command "credentials"', () => {
|
|
expect(awsConfigCredentials.commands.config.commands.credentials).to.not.equal(undefined);
|
|
});
|
|
|
|
it('should have no lifecycle event', () => {
|
|
expect(awsConfigCredentials.commands.config.lifecycleEvents).to.equal(undefined);
|
|
});
|
|
|
|
it('should have the lifecycle event "config" for the "credentials" sub-command', () => {
|
|
expect(
|
|
awsConfigCredentials.commands.config.commands.credentials.lifecycleEvents
|
|
).to.deep.equal(['config']);
|
|
});
|
|
|
|
it('should have the req. options "key" and "secret" for the "credentials" sub-command', () => {
|
|
// eslint-disable-next-line no-unused-expressions
|
|
expect(awsConfigCredentials.commands.config.commands.credentials.options.key.required).to.be
|
|
.true;
|
|
// eslint-disable-next-line no-unused-expressions
|
|
expect(awsConfigCredentials.commands.config.commands.credentials.options.secret.required).to
|
|
.be.true;
|
|
});
|
|
|
|
it('should have a "config:credentials:config" hook', () => {
|
|
expect(awsConfigCredentials.hooks['config:credentials:config']).to.not.equal(undefined);
|
|
});
|
|
|
|
it('should run promise chain in order for "config:credentials:config" hook', () => {
|
|
const awsConfigCredentialsStub = sandbox
|
|
.stub(awsConfigCredentials, 'configureCredentials')
|
|
.resolves();
|
|
|
|
return awsConfigCredentials.hooks['config:credentials:config']().then(() => {
|
|
expect(awsConfigCredentialsStub.calledOnce).to.equal(true);
|
|
|
|
awsConfigCredentials.configureCredentials.restore();
|
|
});
|
|
});
|
|
|
|
it('should throw an error if the home directory was not found', () => {
|
|
sandbox.stub(os, 'homedir').returns(null);
|
|
try {
|
|
expect(() => new AwsConfigCredentials(serverless, {})).to.throw(Error);
|
|
} finally {
|
|
sandbox.restore();
|
|
}
|
|
});
|
|
});
|
|
|
|
describe('#configureCredentials()', () => {
|
|
it('should lowercase the provider option', () => {
|
|
awsConfigCredentials.options.provider = 'SOMEPROVIDER';
|
|
|
|
return awsConfigCredentials.configureCredentials().then(() => {
|
|
expect(awsConfigCredentials.options.provider).to.equal('someprovider');
|
|
});
|
|
});
|
|
|
|
it('should use the "default" profile if option is not given', () =>
|
|
awsConfigCredentials.configureCredentials().then(() => {
|
|
expect(awsConfigCredentials.options.profile).to.equal('default');
|
|
}));
|
|
|
|
it('should resolve if the provider option is not "aws"', done => {
|
|
awsConfigCredentials.options.provider = 'invalid-provider';
|
|
|
|
awsConfigCredentials.configureCredentials().then(() => done());
|
|
});
|
|
|
|
it('should throw an error if the "key" and "secret" options are not given', () => {
|
|
awsConfigCredentials.options.key = false;
|
|
awsConfigCredentials.options.secret = false;
|
|
return awsConfigCredentials.configureCredentials().then(
|
|
() => {
|
|
throw new Error('Unexpected');
|
|
},
|
|
error =>
|
|
expect(error.message).to.include('Please include --key and --secret options for AWS')
|
|
);
|
|
});
|
|
|
|
it('should not update the profile if the overwrite flag is not set', () => {
|
|
awsConfigCredentials.options.profile = 'my-profile';
|
|
awsConfigCredentials.options.key = 'my-new-profile-key';
|
|
awsConfigCredentials.options.secret = 'my-new-profile-secret';
|
|
|
|
fse.outputFileSync(credentialsFilePath, credentialsFileContent);
|
|
|
|
return awsConfigCredentials.configureCredentials();
|
|
});
|
|
|
|
it('should update the profile', () => {
|
|
awsConfigCredentials.options.profile = 'my-profile';
|
|
awsConfigCredentials.options.key = 'my-new-profile-key';
|
|
awsConfigCredentials.options.secret = 'my-new-profile-secret';
|
|
awsConfigCredentials.options.overwrite = true;
|
|
|
|
fse.outputFileSync(credentialsFilePath, credentialsFileContent);
|
|
|
|
return awsConfigCredentials.configureCredentials().then(() => {
|
|
const UpdatedCredentialsFileContent = fs.readFileSync(credentialsFilePath).toString();
|
|
const lineByLineContent = UpdatedCredentialsFileContent.split('\n');
|
|
|
|
expect(lineByLineContent[0]).to.equal('[my-profile]');
|
|
expect(lineByLineContent[1]).to.equal('aws_access_key_id=my-new-profile-key');
|
|
expect(lineByLineContent[2]).to.equal('aws_secret_access_key=my-new-profile-secret');
|
|
});
|
|
});
|
|
|
|
it('should not alter other profiles when updating a profile', () => {
|
|
awsConfigCredentials.options.profile = 'my-profile';
|
|
awsConfigCredentials.options.key = 'my-new-profile-key';
|
|
awsConfigCredentials.options.secret = 'my-new-profile-secret';
|
|
awsConfigCredentials.options.overwrite = true;
|
|
|
|
const newCredentialsFileContent = [
|
|
credentialsFileContent,
|
|
'[my-other-profile]',
|
|
'aws_access_key_id = my-other-profile-key',
|
|
'aws_secret_access_key = my-other-profile-secret',
|
|
].join('\n');
|
|
|
|
fse.outputFileSync(credentialsFilePath, newCredentialsFileContent);
|
|
|
|
return awsConfigCredentials.configureCredentials().then(() => {
|
|
const UpdatedCredentialsFileContent = fs.readFileSync(credentialsFilePath).toString();
|
|
const lineByLineContent = UpdatedCredentialsFileContent.split('\n');
|
|
|
|
expect(lineByLineContent[0]).to.equal('[my-profile]');
|
|
expect(lineByLineContent[1]).to.equal('aws_access_key_id=my-new-profile-key');
|
|
expect(lineByLineContent[2]).to.equal('aws_secret_access_key=my-new-profile-secret');
|
|
expect(lineByLineContent[6]).to.equal('aws_secret_access_key=my-other-profile-secret');
|
|
});
|
|
});
|
|
|
|
it('should add the missing credentials to the updated profile', () => {
|
|
const newCredentialsFileContent = [
|
|
credentialsFileContent,
|
|
'[my-profile]',
|
|
'aws_secret_access_key = my-profile-secret',
|
|
].join('\n');
|
|
|
|
awsConfigCredentials.options.profile = 'my-profile';
|
|
awsConfigCredentials.options.key = 'my-new-profile-key';
|
|
awsConfigCredentials.options.secret = 'my-new-profile-secret';
|
|
awsConfigCredentials.options.overwrite = true;
|
|
|
|
fse.outputFileSync(credentialsFilePath, newCredentialsFileContent);
|
|
|
|
return awsConfigCredentials.configureCredentials().then(() => {
|
|
const UpdatedCredentialsFileContent = fs.readFileSync(credentialsFilePath).toString();
|
|
const lineByLineContent = UpdatedCredentialsFileContent.split('\n');
|
|
|
|
expect(lineByLineContent[0]).to.equal('[my-profile]');
|
|
expect(lineByLineContent[1]).to.equal('aws_access_key_id=my-new-profile-key');
|
|
expect(lineByLineContent[2]).to.equal('aws_secret_access_key=my-new-profile-secret');
|
|
});
|
|
});
|
|
|
|
it('should append the profile to the credentials file', () => {
|
|
awsConfigCredentials.options.profile = 'my-profile';
|
|
awsConfigCredentials.options.key = 'my-profile-key';
|
|
awsConfigCredentials.options.secret = 'my-profile-secret';
|
|
|
|
return awsConfigCredentials.configureCredentials().then(() => {
|
|
const UpdatedCredentialsFileContent = fs.readFileSync(credentialsFilePath).toString();
|
|
const lineByLineContent = UpdatedCredentialsFileContent.split('\n');
|
|
|
|
expect(lineByLineContent[0]).to.equal('[my-profile]');
|
|
expect(lineByLineContent[1]).to.equal('aws_access_key_id=my-profile-key');
|
|
expect(lineByLineContent[2]).to.equal('aws_secret_access_key=my-profile-secret');
|
|
});
|
|
});
|
|
|
|
if (os.platform() !== 'win32') {
|
|
it('should set the permissions of the credentials file to be owner-only read/write', () =>
|
|
awsConfigCredentials.configureCredentials().then(() => {
|
|
const fileMode = fs.statSync(credentialsFilePath).mode;
|
|
const filePermissions = fileMode & ~(fs.constants || constants).S_IFMT;
|
|
|
|
const readableByOwnerPermission = (fs.constants || constants).S_IRUSR;
|
|
const writableByOwnerPermission = (fs.constants || constants).S_IWUSR;
|
|
const expectedFilePermissions = readableByOwnerPermission | writableByOwnerPermission;
|
|
|
|
expect(filePermissions).to.equal(expectedFilePermissions);
|
|
}));
|
|
}
|
|
});
|
|
});
|