fix: session token env in nginx-oss

chore: unit test for reading credentials fix: unused function fix: comment for title of unit tests
grepp · Mar 2, 2023 · 47d58be · 47d58be
1 parent ad5fe25
commit 47d58be
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 7 deletions.
diff --git a/standalone_ubuntu_oss_install.sh b/standalone_ubuntu_oss_install.sh
@@ -186,9 +186,13 @@ if [ $uses_iam_creds -eq 0 ]; then
 S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
 # AWS Secret access key
 S3_SECRET_KEY=${S3_SECRET_KEY}
+EOF
+  if [[ -v S3_SESSION_TOKEN ]]; then
+    cat >> "/etc/nginx/environment" << EOF
 # AWS Session Token
 S3_SESSION_TOKEN=${S3_SESSION_TOKEN}
 EOF
+  fi
 fi
 
 set +o nounset   # don't abort on unbound variable
@@ -287,6 +291,9 @@ if [ $uses_iam_creds -eq 0 ]; then
   cat >> "/etc/nginx/environment" << EOF
 env S3_ACCESS_KEY_ID;
 env S3_SECRET_KEY;
+EOF
+  if [[ -v S3_SESSION_TOKEN ]]; then
+    cat >> "/etc/nginx/environment" << EOF
 env S3_SESSION_TOKEN;
 EOF
 fi

diff --git a/test.sh b/test.sh
@@ -265,7 +265,7 @@ fi
 
 ### UNIT TESTS
 
-p "Running unit tests in Docker image"
+p "Running unit tests with an access key ID and a secret key in Docker image"
 #MSYS_NO_PATHCONV=1 added to resolve automatic path conversion
 # https://github.com/docker/for-win/issues/6754#issuecomment-629702199
 MSYS_NO_PATHCONV=1 "${docker_cmd}" run \
@@ -286,6 +286,27 @@ MSYS_NO_PATHCONV=1 "${docker_cmd}" run \
   --entrypoint /usr/bin/njs \
   nginx-s3-gateway -t module -p '/etc/nginx' /var/tmp/s3gateway_test.js
 
+p "Running unit tests with a session token in Docker image"
+#MSYS_NO_PATHCONV=1 added to resolve automatic path conversion
+# https://github.com/docker/for-win/issues/6754#issuecomment-629702199
+MSYS_NO_PATHCONV=1 "${docker_cmd}" run \
+  --rm \
+  -v "$(pwd)/test/unit:/var/tmp" \
+  --workdir /var/tmp \
+  -e "S3_DEBUG=true" \
+  -e "S3_STYLE=virtual" \
+  -e "S3_ACCESS_KEY_ID=unit_test" \
+  -e "S3_SECRET_KEY=unit_test" \
+  -e "S3_BUCKET_NAME=unit_test" \
+  -e "S3_SERVER=unit_test" \
+  -e "S3_SERVER_PROTO=https" \
+  -e "S3_SERVER_PORT=443" \
+  -e "S3_REGION=test-1" \
+  -e "AWS_SIGS_VERSION=4" \
+  --entrypoint /usr/bin/njs \
+  nginx-s3-gateway -t module -p '/etc/nginx' /var/tmp/s3gateway_test.js
+
+
 ### INTEGRATION TESTS
 
 p "Testing API with AWS Signature V2 and allow directory listing off"

diff --git a/test/unit/s3gateway_test.js b/test/unit/s3gateway_test.js
@@ -368,12 +368,14 @@ function testEscapeURIPathPreservesDoubleSlashes() {
     }
 }
 
-function testReadCredentialsWithAccessAndSecretKeySet() {
-    printHeader('testReadCredentialsWithAccessAndSecretKeySet');
+function testReadCredentialsWithAccessSecretKeyAndSessionTokenSet() {
+    printHeader('testReadCredentialsWithAccessSecretKeyAndSessionTokenSet');
     let r = {};
     process.env['S3_ACCESS_KEY_ID'] = 'SOME_ACCESS_KEY';
     process.env['S3_SECRET_KEY'] = 'SOME_SECRET_KEY';
-    process.env['S3_SESSION_TOKEN'] = 'SOME_SESSION_TOKEN';
+    if ('S3_SESSION_TOKEN' in process.env) {
+        process.env['S3_SESSION_TOKEN'] = 'SOME_SESSION_TOKEN';
+    }
 
     try {
         var credentials = s3gateway.readCredentials(r);
@@ -383,8 +385,14 @@ function testReadCredentialsWithAccessAndSecretKeySet() {
         if (credentials.secretAccessKey !== process.env['S3_SECRET_KEY']) {
             throw 'static credentials do not match returned value [secretAccessKey]';
         }
-        if (credentials.sessionToken !== process.env['S3_SESSION_TOKEN']) {
-            throw 'static credentials do not match returned value [sessionToken]';
+        if ('S3_SESSION_TOKEN' in process.env) {
+            if (credentials.sessionToken !== process.env['S3_SESSION_TOKEN']) {
+                throw 'static credentials do not match returned value [sessionToken]';
+            }
+        } else {
+            if (credentials.sessionToken !== null) {
+                throw 'static credentials do not match returned value [sessionToken]';
+            }
         }
         if (credentials.expiration !== null) {
             throw 'static credentials do not match returned value [expiration]';
@@ -710,7 +718,7 @@ async function test() {
     testEditHeaders();
     testEditHeadersHeadDirectory();
     testEscapeURIPathPreservesDoubleSlashes();
-    testReadCredentialsWithAccessAndSecretKeySet();
+    testReadCredentialsWithAccessSecretKeyAndSessionTokenSet();
     testReadCredentialsFromFilePath();
     testReadCredentialsFromNonexistentPath();
     testReadAndWriteCredentialsFromKeyValStore();