diff --git a/google/internal/externalaccount/aws.go b/google/internal/externalaccount/aws.go index 0f8c31c..3725a0f 100644 --- a/google/internal/externalaccount/aws.go +++ b/google/internal/externalaccount/aws.go @@ -256,7 +256,7 @@ type awsRequest struct { Headers []awsRequestHeader `json:"headers"` } -func (cs awsCredentialSource) request(req *http.Request) (*http.Response, error) { +func (cs awsCredentialSource) doRequest(req *http.Request) (*http.Response, error) { if cs.client == nil { cs.client = oauth2.NewClient(cs.ctx, nil) } @@ -351,7 +351,7 @@ func (cs *awsCredentialSource) getRegion() (string, error) { return "", err } - resp, err := cs.request(req) + resp, err := cs.doRequest(req) if err != nil { return "", err } @@ -416,7 +416,7 @@ func (cs *awsCredentialSource) getMetadataSecurityCredentials(roleName string) ( } req.Header.Add("Content-Type", "application/json") - resp, err := cs.request(req) + resp, err := cs.doRequest(req) if err != nil { return result, err } @@ -445,7 +445,7 @@ func (cs *awsCredentialSource) getMetadataRoleName() (string, error) { return "", err } - resp, err := cs.request(req) + resp, err := cs.doRequest(req) if err != nil { return "", err } diff --git a/google/internal/externalaccount/aws_test.go b/google/internal/externalaccount/aws_test.go index 08f366d..1a83a7b 100644 --- a/google/internal/externalaccount/aws_test.go +++ b/google/internal/externalaccount/aws_test.go @@ -41,7 +41,7 @@ var defaultRequestSigner = &awsRequestSigner{ } const ( - accessKeyId = "ASIARD4OQDT6A77FR3CL" + accessKeyID = "ASIARD4OQDT6A77FR3CL" secretAccessKey = "Y8AfSaucF37G4PpvfguKZ3/l7Id4uocLXxX0+VTx" securityToken = "IQoJb3JpZ2luX2VjEIz//////////wEaCXVzLWVhc3QtMiJGMEQCIH7MHX/Oy/OB8OlLQa9GrqU1B914+iMikqWQW7vPCKlgAiA/Lsv8Jcafn14owfxXn95FURZNKaaphj0ykpmS+Ki+CSq0AwhlEAAaDDA3NzA3MTM5MTk5NiIMx9sAeP1ovlMTMKLjKpEDwuJQg41/QUKx0laTZYjPlQvjwSqS3OB9P1KAXPWSLkliVMMqaHqelvMF/WO/glv3KwuTfQsavRNs3v5pcSEm4SPO3l7mCs7KrQUHwGP0neZhIKxEXy+Ls//1C/Bqt53NL+LSbaGv6RPHaX82laz2qElphg95aVLdYgIFY6JWV5fzyjgnhz0DQmy62/Vi8pNcM2/VnxeCQ8CC8dRDSt52ry2v+nc77vstuI9xV5k8mPtnaPoJDRANh0bjwY5Sdwkbp+mGRUJBAQRlNgHUJusefXQgVKBCiyJY4w3Csd8Bgj9IyDV+Azuy1jQqfFZWgP68LSz5bURyIjlWDQunO82stZ0BgplKKAa/KJHBPCp8Qi6i99uy7qh76FQAqgVTsnDuU6fGpHDcsDSGoCls2HgZjZFPeOj8mmRhFk1Xqvkbjuz8V1cJk54d3gIJvQt8gD2D6yJQZecnuGWd5K2e2HohvCc8Fc9kBl1300nUJPV+k4tr/A5R/0QfEKOZL1/k5lf1g9CREnrM8LVkGxCgdYMxLQow1uTL+QU67AHRRSp5PhhGX4Rek+01vdYSnJCMaPhSEgcLqDlQkhk6MPsyT91QMXcWmyO+cAZwUPwnRamFepuP4K8k2KVXs/LIJHLELwAZ0ekyaS7CptgOqS7uaSTFG3U+vzFZLEnGvWQ7y9IPNQZ+Dffgh4p3vF4J68y9049sI6Sr5d5wbKkcbm8hdCDHZcv4lnqohquPirLiFQ3q7B17V9krMPu3mz1cg4Ekgcrn/E09NTsxAqD8NcZ7C7ECom9r+X3zkDOxaajW6hu3Az8hGlyylDaMiFfRbBJpTIlxp7jfa7CxikNgNtEKLH9iCzvuSg2vhA==" ) @@ -49,7 +49,7 @@ const ( var requestSignerWithToken = &awsRequestSigner{ RegionName: "us-east-2", AwsSecurityCredentials: awsSecurityCredentials{ - AccessKeyID: accessKeyId, + AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, SecurityToken: securityToken, }, @@ -330,7 +330,7 @@ func TestAwsV4Signature_GetRequestWithSecurityToken(t *testing.T) { output, _ := http.NewRequest("GET", "https://ec2.us-east-2.amazonaws.com?Action=DescribeRegions&Version=2013-10-15", nil) output.Header = http.Header{ "Host": []string{"ec2.us-east-2.amazonaws.com"}, - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyId + "/20200811/us-east-2/ec2/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=631ea80cddfaa545fdadb120dc92c9f18166e38a5c47b50fab9fce476e022855"}, + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyID + "/20200811/us-east-2/ec2/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=631ea80cddfaa545fdadb120dc92c9f18166e38a5c47b50fab9fce476e022855"}, "X-Amz-Date": []string{"20200811T065522Z"}, "X-Amz-Security-Token": []string{securityToken}, } @@ -347,7 +347,7 @@ func TestAwsV4Signature_PostRequestWithSecurityToken(t *testing.T) { output, _ := http.NewRequest("POST", "https://sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15", nil) output.Header = http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyId + "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=73452984e4a880ffdc5c392355733ec3f5ba310d5e0609a89244440cadfe7a7a"}, + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyID + "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=73452984e4a880ffdc5c392355733ec3f5ba310d5e0609a89244440cadfe7a7a"}, "Host": []string{"sts.us-east-2.amazonaws.com"}, "X-Amz-Date": []string{"20200811T065522Z"}, "X-Amz-Security-Token": []string{securityToken}, @@ -368,7 +368,7 @@ func TestAwsV4Signature_PostRequestWithSecurityTokenAndAdditionalHeaders(t *test output, _ := http.NewRequest("POST", "https://dynamodb.us-east-2.amazonaws.com/", strings.NewReader(requestParams)) output.Header = http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyId + "/20200811/us-east-2/dynamodb/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=fdaa5b9cc9c86b80fe61eaf504141c0b3523780349120f2bd8145448456e0385"}, + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyID + "/20200811/us-east-2/dynamodb/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=fdaa5b9cc9c86b80fe61eaf504141c0b3523780349120f2bd8145448456e0385"}, "Host": []string{"dynamodb.us-east-2.amazonaws.com"}, "X-Amz-Date": []string{"20200811T065522Z"}, "Content-Type": []string{"application/x-amz-json-1.0"}, @@ -387,7 +387,7 @@ func TestAwsV4Signature_PostRequestWithAmzDateButNoSecurityToken(t *testing.T) { var requestSigner = &awsRequestSigner{ RegionName: "us-east-2", AwsSecurityCredentials: awsSecurityCredentials{ - AccessKeyID: accessKeyId, + AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, }, } @@ -396,7 +396,7 @@ func TestAwsV4Signature_PostRequestWithAmzDateButNoSecurityToken(t *testing.T) { output, _ := http.NewRequest("POST", "https://sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15", nil) output.Header = http.Header{ - "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyId + "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date, Signature=d095ba304919cd0d5570ba8a3787884ee78b860f268ed040ba23831d55536d56"}, + "Authorization": []string{"AWS4-HMAC-SHA256 Credential=" + accessKeyID + "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date, Signature=d095ba304919cd0d5570ba8a3787884ee78b860f268ed040ba23831d55536d56"}, "Host": []string{"sts.us-east-2.amazonaws.com"}, "X-Amz-Date": []string{"20200811T065522Z"}, } @@ -410,9 +410,9 @@ func TestAwsV4Signature_PostRequestWithAmzDateButNoSecurityToken(t *testing.T) { type testAwsServer struct { url string - securityCredentialUrl string - regionUrl string - regionalCredVerificationUrl string + securityCredentialURL string + regionURL string + regionalCredVerificationURL string Credentials map[string]string @@ -421,12 +421,12 @@ type testAwsServer struct { WriteRegion func(http.ResponseWriter) } -func createAwsTestServer(url, regionUrl, regionalCredVerificationUrl, rolename, region string, credentials map[string]string) *testAwsServer { +func createAwsTestServer(url, regionURL, regionalCredVerificationURL, rolename, region string, credentials map[string]string) *testAwsServer { server := &testAwsServer{ url: url, - securityCredentialUrl: fmt.Sprintf("%s/%s", url, rolename), - regionUrl: regionUrl, - regionalCredVerificationUrl: regionalCredVerificationUrl, + securityCredentialURL: fmt.Sprintf("%s/%s", url, rolename), + regionURL: regionURL, + regionalCredVerificationURL: regionalCredVerificationURL, Credentials: credentials, WriteRolename: func(w http.ResponseWriter) { w.Write([]byte(rolename)) @@ -453,7 +453,7 @@ func createDefaultAwsTestServer() *testAwsServer { "us-east-2b", map[string]string{ "SecretAccessKey": secretAccessKey, - "AccessKeyId": accessKeyId, + "AccessKeyId": accessKeyID, "Token": securityToken, }, ) @@ -463,9 +463,9 @@ func (server *testAwsServer) ServeHTTP(w http.ResponseWriter, r *http.Request) { switch p := r.URL.Path; p { case server.url: server.WriteRolename(w) - case server.securityCredentialUrl: + case server.securityCredentialURL: server.WriteSecurityCredentials(w) - case server.regionUrl: + case server.regionURL: server.WriteRegion(w) } } @@ -479,18 +479,18 @@ func (server *testAwsServer) getCredentialSource(url string) CredentialSource { return CredentialSource{ EnvironmentID: "aws1", URL: url + server.url, - RegionURL: url + server.regionUrl, - RegionalCredVerificationURL: server.regionalCredVerificationUrl, + RegionURL: url + server.regionURL, + RegionalCredVerificationURL: server.regionalCredVerificationURL, } } -func getExpectedSubjectToken(url, region, accessKeyId, secretAccessKey, securityToken string) string { +func getExpectedSubjectToken(url, region, accessKeyID, secretAccessKey, securityToken string) string { req, _ := http.NewRequest("POST", url, nil) req.Header.Add("x-goog-cloud-target-resource", testFileConfig.Audience) signer := &awsRequestSigner{ RegionName: region, AwsSecurityCredentials: awsSecurityCredentials{ - AccessKeyID: accessKeyId, + AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, SecurityToken: securityToken, }, @@ -554,7 +554,7 @@ func TestAwsCredential_BasicRequest(t *testing.T) { expected := getExpectedSubjectToken( "https://sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15", "us-east-2", - accessKeyId, + accessKeyID, secretAccessKey, securityToken, ) @@ -589,7 +589,7 @@ func TestAwsCredential_BasicRequestWithoutSecurityToken(t *testing.T) { expected := getExpectedSubjectToken( "https://sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15", "us-east-2", - accessKeyId, + accessKeyID, secretAccessKey, "", ) @@ -658,7 +658,7 @@ func TestAwsCredential_RequestWithBadVersion(t *testing.T) { } } -func TestAwsCredential_RequestWithNoRegionUrl(t *testing.T) { +func TestAwsCredential_RequestWithNoRegionURL(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) @@ -685,7 +685,7 @@ func TestAwsCredential_RequestWithNoRegionUrl(t *testing.T) { } } -func TestAwsCredential_RequestWithBadRegionUrl(t *testing.T) { +func TestAwsCredential_RequestWithBadRegionURL(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) server.WriteRegion = notFound @@ -745,7 +745,7 @@ func TestAwsCredential_RequestWithIncompleteCredential(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) server.WriteSecurityCredentials = func(w http.ResponseWriter) { - w.Write([]byte("{\"AccessKeyId\":\"FOOBARBAS\"}")) + w.Write([]byte(`{"AccessKeyId":"FOOBARBAS"}`)) } tfc := testFileConfig @@ -770,7 +770,7 @@ func TestAwsCredential_RequestWithIncompleteCredential(t *testing.T) { } } -func TestAwsCredential_RequestWithNoCredentialUrl(t *testing.T) { +func TestAwsCredential_RequestWithNoCredentialURL(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) @@ -797,7 +797,7 @@ func TestAwsCredential_RequestWithNoCredentialUrl(t *testing.T) { } } -func TestAwsCredential_RequestWithBadCredentialUrl(t *testing.T) { +func TestAwsCredential_RequestWithBadCredentialURL(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) server.WriteRolename = notFound @@ -824,7 +824,7 @@ func TestAwsCredential_RequestWithBadCredentialUrl(t *testing.T) { } } -func TestAwsCredential_RequestWithBadFinalCredentialUrl(t *testing.T) { +func TestAwsCredential_RequestWithBadFinalCredentialURL(t *testing.T) { server := createDefaultAwsTestServer() ts := httptest.NewServer(server) server.WriteSecurityCredentials = notFound