tests for disabled output-env-credentials
This commit is contained in:
Michael Lehmann
parent
3d90187bb1
commit
33adce1577
5 changed files with 50 additions and 2 deletions
|
|
@ -54,7 +54,7 @@ export function exportCredentials(
|
|||
|
||||
if (creds?.SessionToken) {
|
||||
core.setSecret(creds.SessionToken);
|
||||
}
|
||||
}
|
||||
|
||||
if (outputEnvCredentials) {
|
||||
if (creds?.AccessKeyId) {
|
||||
|
|
|
|||
|
|
@ -45,4 +45,9 @@ describe('Configure AWS Credentials cleanup', {}, () => {
|
|||
cleanup();
|
||||
expect(core.setFailed).toHaveBeenCalled();
|
||||
});
|
||||
it(`doesn't export credentials as empty env variables if asked not to`, {}, () => {
|
||||
vi.spyOn(core, 'getInput').mockImplementation(mocks.getInput(mocks.NO_ENV_CREDS_INPUTS));
|
||||
cleanup();
|
||||
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
||||
})
|
||||
});
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ describe('Configure AWS Credentials helpers', {}, () => {
|
|||
vi.spyOn(core, 'setOutput').mockImplementation(() => {});
|
||||
vi.spyOn(core, 'setSecret').mockImplementation(() => {});
|
||||
vi.spyOn(core, 'exportVariable').mockImplementation(() => {});
|
||||
helpers.exportCredentials({ AccessKeyId: 'test', SecretAccessKey: 'test', SessionToken: 'test', Expiration: new Date(8640000000000000) }, true);
|
||||
helpers.exportCredentials({ AccessKeyId: 'test', SecretAccessKey: 'test', SessionToken: 'test', Expiration: new Date(8640000000000000) }, true, true);
|
||||
expect(core.setOutput).toHaveBeenCalledTimes(4);
|
||||
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
||||
expect(core.exportVariable).toHaveBeenCalledTimes(3);
|
||||
|
|
@ -42,4 +42,15 @@ describe('Configure AWS Credentials helpers', {}, () => {
|
|||
expect(process.env.AWS_DEFAULT_REGION).toBeUndefined;
|
||||
process.env = env;
|
||||
});
|
||||
it(`won't output credentials to env if told not to`, {}, () => {
|
||||
vi.spyOn(core, 'setOutput').mockImplementation(() => {});
|
||||
vi.spyOn(core, 'setSecret').mockImplementation(() => {});
|
||||
vi.spyOn(core, 'exportVariable').mockImplementation(() => {});
|
||||
helpers.exportCredentials({ AccessKeyId: 'test', SecretAccessKey: 'test', SessionToken: 'test', Expiration: new Date(8640000000000000) }, true, false);
|
||||
helpers.unsetCredentials(false);
|
||||
helpers.exportRegion('fake-test-region', false);
|
||||
expect(core.setOutput).toHaveBeenCalledTimes(4);
|
||||
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
||||
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -312,5 +312,26 @@ describe('Configure AWS Credentials', {}, () => {
|
|||
await run();
|
||||
expect(core.setFailed).not.toHaveBeenCalled();
|
||||
})
|
||||
it('doesn\'t export credentials as environment variables if told not to', {}, async () => {
|
||||
mockedSTSClient.on(AssumeRoleWithWebIdentityCommand).resolvesOnce(mocks.outputs.STS_CREDENTIALS);
|
||||
vi.spyOn(core, 'getInput').mockImplementation(mocks.getInput(mocks.NO_ENV_CREDS_INPUTS));
|
||||
vi.spyOn(core, 'getIDToken').mockResolvedValue('testoidctoken');
|
||||
process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = 'fake-token';
|
||||
await run();
|
||||
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
||||
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
||||
expect(core.setFailed).not.toHaveBeenCalled();
|
||||
})
|
||||
it('can export creds as step outputs without exporting as env variables', {}, async () => {
|
||||
mockedSTSClient.on(AssumeRoleWithWebIdentityCommand).resolvesOnce(mocks.outputs.STS_CREDENTIALS);
|
||||
vi.spyOn(core, 'getInput').mockImplementation(mocks.getInput(mocks.STEP_BUT_NO_ENV_INPUTS));
|
||||
vi.spyOn(core, 'getIDToken').mockResolvedValue('testoidctoken');
|
||||
process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = 'fake-token';
|
||||
await run();
|
||||
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
||||
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
||||
expect(core.setOutput).toHaveBeenCalledTimes(4);
|
||||
expect(core.setFailed).not.toHaveBeenCalled();
|
||||
})
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -31,6 +31,17 @@ const inputs = {
|
|||
'aws-region': 'fake-region-1',
|
||||
'use-existing-credentials': 'true',
|
||||
'role-to-assume': 'arn:aws:iam::111111111111:role/MY-ROLE',
|
||||
},
|
||||
NO_ENV_CREDS_INPUTS: {
|
||||
'role-to-assume': 'arn:aws:iam::111111111111:role/MY-ROLE',
|
||||
'aws-region': 'fake-region-1',
|
||||
'output-env-credentials': 'false'
|
||||
},
|
||||
STEP_BUT_NO_ENV_INPUTS: {
|
||||
'role-to-assume': 'arn:aws:iam::111111111111:role/MY-ROLE',
|
||||
'aws-region': 'fake-region-1',
|
||||
'output-env-credentials': 'false',
|
||||
'output-credentials': 'true',
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue