require "spec_helper" require "omnibus/s3_helpers" module Omnibus describe S3Helpers do include Omnibus::S3Helpers context "when #s3_configuration is not defined" do describe "#client" do it "raises an error if it is not overridden" do expect { s3_configuration }.to raise_error(RuntimeError, "You must override s3_configuration") end it "raises an error stating that s3_configuration must be overriden" do expect { client }.to raise_error(RuntimeError, "You must override s3_configuration") end end end describe "#to_base64_digest" do it 'turns "c3b5247592ce694f7097873aa07d66fe" into "w7UkdZLOaU9wl4c6oH1m/g=="' do expect(to_base64_digest("c3b5247592ce694f7097873aa07d66fe")).to eql("w7UkdZLOaU9wl4c6oH1m/g==") end it "allows a nil input without error" do expect(to_base64_digest(nil)).to be_nil end end end context "when #s3_configuration is defined" do describe "#get_credentials" do let(:klass) do Class.new do include Omnibus::S3Helpers end end let(:instance) { klass.new } let(:key_pair) { { access_key_id: "key_id", secret_access_key: "access_key" } } let(:profile) { "my-profile" } let(:iam_role_arn) { "my-iam-role-arn" } let(:role_session_name) { "omnibus-assume-role-s3-access" } let(:config) { { bucket_name: "foo", region: "us-east-1" } } it "uses configured key pairs" do allow_any_instance_of(klass).to receive(:s3_configuration).and_return(config.merge!(key_pair)) expect(Aws::Credentials).to receive(:new).with( config[:access_key_id], config[:secret_access_key] ) expect(Aws::SharedCredentials).to_not receive(:new) instance.send(:get_credentials) end it "prefers shared credentials profiles over key pairs" do allow_any_instance_of(klass).to receive(:s3_configuration).and_return( { **config, **key_pair, iam_role_arn: nil, profile: profile, } ) expect(Aws::Credentials).to_not receive(:new) expect(Aws::AssumeRoleCredentials).to_not receive(:new) allow(Aws::SharedCredentials).to receive(:new).with(profile_name: profile) instance.send(:get_credentials) end it "prefers AWS IAM role arn over profiles and key pairs" do allow_any_instance_of(klass).to receive(:s3_configuration).and_return( { **config, **key_pair, profile: profile, iam_role_arn: iam_role_arn, } ) expect(Aws::Credentials).to_not receive(:new) expect(Aws::SharedCredentials).to_not receive(:new) allow(Aws::AssumeRoleCredentials).to receive(:new).with(role_arn: iam_role_arn, role_session_name: role_session_name) instance.send(:get_credentials) end end end end