HADOOP-15781 S3A assumed role tests failing due to changed error text in AWS exceptions. Contributed by Steve Loughran
This commit is contained in:
parent
3090922805
commit
c07715e378
@ -87,22 +87,10 @@ public class ITestAssumeRole extends AbstractS3ATestBase {
|
|||||||
private S3AFileSystem roleFS;
|
private S3AFileSystem roleFS;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Duration range exception text on SDKs which check client-side.
|
* Error code from STS server.
|
||||||
*/
|
*/
|
||||||
protected static final String E_DURATION_RANGE_1
|
protected static final String VALIDATION_ERROR
|
||||||
= "Assume Role session duration should be in the range of 15min - 1Hr";
|
= "ValidationError";
|
||||||
|
|
||||||
/**
|
|
||||||
* Duration range too high text on SDKs which check on the server.
|
|
||||||
*/
|
|
||||||
protected static final String E_DURATION_RANGE_2
|
|
||||||
= "Member must have value less than or equal to 43200";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Duration range too low text on SDKs which check on the server.
|
|
||||||
*/
|
|
||||||
protected static final String E_DURATION_RANGE_3
|
|
||||||
= "Member must have value greater than or equal to 900";
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setup() throws Exception {
|
public void setup() throws Exception {
|
||||||
@ -168,7 +156,7 @@ public void testAssumedInvalidRole() throws Throwable {
|
|||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
|
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
|
||||||
interceptClosing(AWSSecurityTokenServiceException.class,
|
interceptClosing(AWSSecurityTokenServiceException.class,
|
||||||
E_BAD_ROLE,
|
"",
|
||||||
() -> new AssumedRoleCredentialProvider(uri, conf));
|
() -> new AssumedRoleCredentialProvider(uri, conf));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -177,8 +165,7 @@ public void testAssumeRoleFSBadARN() throws Exception {
|
|||||||
describe("Attemnpt to create the FS with an invalid ARN");
|
describe("Attemnpt to create the FS with an invalid ARN");
|
||||||
Configuration conf = createAssumedRoleConfig();
|
Configuration conf = createAssumedRoleConfig();
|
||||||
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
|
conf.set(ASSUMED_ROLE_ARN, ROLE_ARN_EXAMPLE);
|
||||||
expectFileSystemCreateFailure(conf, AccessDeniedException.class,
|
expectFileSystemCreateFailure(conf, AccessDeniedException.class, "");
|
||||||
E_BAD_ROLE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -284,7 +271,7 @@ public void testAssumeRoleThreeHourSessionDuration() throws Exception {
|
|||||||
new Path(getFileSystem().getUri()).getFileSystem(conf).close();
|
new Path(getFileSystem().getUri()).getFileSystem(conf).close();
|
||||||
LOG.info("Successfully created token of a duration >3h");
|
LOG.info("Successfully created token of a duration >3h");
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
assertExceptionContains(E_DURATION_RANGE_1, ioe);
|
assertExceptionContains(VALIDATION_ERROR, ioe);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -293,8 +280,8 @@ public void testAssumeRoleThreeHourSessionDuration() throws Exception {
|
|||||||
* with the ability to extend durations deployed in March 2018.
|
* with the ability to extend durations deployed in March 2018.
|
||||||
* with the later SDKs, the checks go server-side and
|
* with the later SDKs, the checks go server-side and
|
||||||
* later SDKs will remove the client side checks.
|
* later SDKs will remove the client side checks.
|
||||||
* This test asks for a duration which will still be rejected, and
|
* This test doesn't look into the details of the exception
|
||||||
* looks for either of the error messages raised.
|
* to avoid being too brittle.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testAssumeRoleThirtySixHourSessionDuration() throws Exception {
|
public void testAssumeRoleThirtySixHourSessionDuration() throws Exception {
|
||||||
@ -304,21 +291,6 @@ public void testAssumeRoleThirtySixHourSessionDuration() throws Exception {
|
|||||||
conf.setInt(ASSUMED_ROLE_SESSION_DURATION, 36 * 60 * 60);
|
conf.setInt(ASSUMED_ROLE_SESSION_DURATION, 36 * 60 * 60);
|
||||||
IOException ioe = expectFileSystemCreateFailure(conf,
|
IOException ioe = expectFileSystemCreateFailure(conf,
|
||||||
IOException.class, null);
|
IOException.class, null);
|
||||||
assertIsRangeException(ioe);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Look for either the client-side or STS-side range exception
|
|
||||||
* @param e exception
|
|
||||||
* @throws Exception the exception, if its text doesn't match
|
|
||||||
*/
|
|
||||||
private void assertIsRangeException(final Exception e) throws Exception {
|
|
||||||
String message = e.toString();
|
|
||||||
if (!message.contains(E_DURATION_RANGE_1)
|
|
||||||
&& !message.contains(E_DURATION_RANGE_2)
|
|
||||||
&& !message.contains(E_DURATION_RANGE_3)) {
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -354,9 +326,8 @@ public void testAssumedIllegalDuration() throws Throwable {
|
|||||||
describe("Expect the constructor to fail if the session is to short");
|
describe("Expect the constructor to fail if the session is to short");
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set(ASSUMED_ROLE_SESSION_DURATION, "30s");
|
conf.set(ASSUMED_ROLE_SESSION_DURATION, "30s");
|
||||||
Exception ex = interceptClosing(Exception.class, "",
|
interceptClosing(AWSSecurityTokenServiceException.class, "",
|
||||||
() -> new AssumedRoleCredentialProvider(uri, conf));
|
() -> new AssumedRoleCredentialProvider(uri, conf));
|
||||||
assertIsRangeException(ex);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -76,12 +76,6 @@ public final class RoleTestUtils {
|
|||||||
DENY_S3_GET_OBJECT, STATEMENT_ALL_DDB, ALLOW_S3_GET_BUCKET_LOCATION
|
DENY_S3_GET_OBJECT, STATEMENT_ALL_DDB, ALLOW_S3_GET_BUCKET_LOCATION
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
|
||||||
* Error message to get from the AWS SDK if you can't assume the role.
|
|
||||||
*/
|
|
||||||
public static final String E_BAD_ROLE
|
|
||||||
= "Not authorized to perform sts:AssumeRole";
|
|
||||||
|
|
||||||
private RoleTestUtils() {
|
private RoleTestUtils() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user