Merge branch 'master' into byoid-metrics

2023-09-12 13:28:38 -07:00
parent 2f8ab1bf0a 2d9e4a2adf
commit 20e5bf0914
13 changed files with 390 additions and 198 deletions
--- a/google/internal/externalaccount/aws_test.go
+++ b/google/internal/externalaccount/aws_test.go
@@ -585,25 +585,18 @@ func getExpectedSubjectToken(url, region, accessKeyID, secretAccessKey, security
 func TestAWSCredential_BasicRequest(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -631,25 +624,18 @@ func TestAWSCredential_BasicRequest(t *testing.T) {
 func TestAWSCredential_IMDSv2(t *testing.T) {
 	server := createDefaultAwsTestServerWithImdsv2(t)
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -677,10 +663,6 @@ func TestAWSCredential_IMDSv2(t *testing.T) {
 func TestAWSCredential_BasicRequestWithoutSecurityToken(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
 	delete(server.Credentials, "Token")

 	tfc := testFileConfig
@@ -688,15 +670,12 @@ func TestAWSCredential_BasicRequestWithoutSecurityToken(t *testing.T) {

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -724,21 +703,15 @@ func TestAWSCredential_BasicRequestWithoutSecurityToken(t *testing.T) {
 func TestAWSCredential_BasicRequestWithEnv(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID":     "AKIDEXAMPLE",
@@ -746,7 +719,6 @@ func TestAWSCredential_BasicRequestWithEnv(t *testing.T) {
 		"AWS_REGION":            "us-west-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -774,21 +746,15 @@ func TestAWSCredential_BasicRequestWithEnv(t *testing.T) {
 func TestAWSCredential_BasicRequestWithDefaultEnv(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID":     "AKIDEXAMPLE",
@@ -796,7 +762,6 @@ func TestAWSCredential_BasicRequestWithDefaultEnv(t *testing.T) {
 		"AWS_REGION":            "us-west-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -823,21 +788,15 @@ func TestAWSCredential_BasicRequestWithDefaultEnv(t *testing.T) {
 func TestAWSCredential_BasicRequestWithTwoRegions(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID":     "AKIDEXAMPLE",
@@ -846,7 +805,6 @@ func TestAWSCredential_BasicRequestWithTwoRegions(t *testing.T) {
 		"AWS_DEFAULT_REGION":    "us-east-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -873,25 +831,18 @@ func TestAWSCredential_BasicRequestWithTwoRegions(t *testing.T) {
 func TestAWSCredential_RequestWithBadVersion(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)
 	tfc.CredentialSource.EnvironmentID = "aws3"

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

-	_, err = tfc.parse(context.Background())
+	_, err := tfc.parse(context.Background())
 	if err == nil {
 		t.Fatalf("parse() should have failed")
 	}
@@ -903,23 +854,16 @@ func TestAWSCredential_RequestWithBadVersion(t *testing.T) {
 func TestAWSCredential_RequestWithNoRegionURL(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)
 	tfc.CredentialSource.RegionURL = ""

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -939,23 +883,17 @@ func TestAWSCredential_RequestWithNoRegionURL(t *testing.T) {
 func TestAWSCredential_RequestWithBadRegionURL(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
+
 	server.WriteRegion = notFound

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -975,10 +913,7 @@ func TestAWSCredential_RequestWithBadRegionURL(t *testing.T) {
 func TestAWSCredential_RequestWithMissingCredential(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
+
 	server.WriteSecurityCredentials = func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("{}"))
 	}
@@ -987,13 +922,10 @@ func TestAWSCredential_RequestWithMissingCredential(t *testing.T) {
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1013,10 +945,7 @@ func TestAWSCredential_RequestWithMissingCredential(t *testing.T) {
 func TestAWSCredential_RequestWithIncompleteCredential(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
+
 	server.WriteSecurityCredentials = func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte(`{"AccessKeyId":"FOOBARBAS"}`))
 	}
@@ -1025,13 +954,10 @@ func TestAWSCredential_RequestWithIncompleteCredential(t *testing.T) {
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1051,23 +977,16 @@ func TestAWSCredential_RequestWithIncompleteCredential(t *testing.T) {
 func TestAWSCredential_RequestWithNoCredentialURL(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)
 	tfc.CredentialSource.URL = ""

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1087,23 +1006,16 @@ func TestAWSCredential_RequestWithNoCredentialURL(t *testing.T) {
 func TestAWSCredential_RequestWithBadCredentialURL(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
 	server.WriteRolename = notFound

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1123,23 +1035,16 @@ func TestAWSCredential_RequestWithBadCredentialURL(t *testing.T) {
 func TestAWSCredential_RequestWithBadFinalCredentialURL(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}
 	server.WriteSecurityCredentials = notFound

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{})
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1159,10 +1064,6 @@ func TestAWSCredential_RequestWithBadFinalCredentialURL(t *testing.T) {
 func TestAWSCredential_ShouldNotCallMetadataEndpointWhenCredsAreInEnv(t *testing.T) {
 	server := createDefaultAwsTestServer()
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	metadataTs := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		t.Error("Metadata server should not have been called.")
@@ -1174,11 +1075,9 @@ func TestAWSCredential_ShouldNotCallMetadataEndpointWhenCredsAreInEnv(t *testing

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID":     "AKIDEXAMPLE",
@@ -1186,7 +1085,6 @@ func TestAWSCredential_ShouldNotCallMetadataEndpointWhenCredsAreInEnv(t *testing
 		"AWS_REGION":            "us-west-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1214,28 +1112,21 @@ func TestAWSCredential_ShouldNotCallMetadataEndpointWhenCredsAreInEnv(t *testing
 func TestAWSCredential_ShouldCallMetadataEndpointWhenNoRegion(t *testing.T) {
 	server := createDefaultAwsTestServerWithImdsv2(t)
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID":     accessKeyID,
 		"AWS_SECRET_ACCESS_KEY": secretAccessKey,
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1263,28 +1154,21 @@ func TestAWSCredential_ShouldCallMetadataEndpointWhenNoRegion(t *testing.T) {
 func TestAWSCredential_ShouldCallMetadataEndpointWhenNoAccessKey(t *testing.T) {
 	server := createDefaultAwsTestServerWithImdsv2(t)
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
 		"AWS_REGION":            "us-west-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {
@@ -1312,28 +1196,21 @@ func TestAWSCredential_ShouldCallMetadataEndpointWhenNoAccessKey(t *testing.T) {
 func TestAWSCredential_ShouldCallMetadataEndpointWhenNoSecretAccessKey(t *testing.T) {
 	server := createDefaultAwsTestServerWithImdsv2(t)
 	ts := httptest.NewServer(server)
-	tsURL, err := neturl.Parse(ts.URL)
-	if err != nil {
-		t.Fatalf("couldn't parse httptest servername")
-	}

 	tfc := testFileConfig
 	tfc.CredentialSource = server.getCredentialSource(ts.URL)

 	oldGetenv := getenv
 	oldNow := now
-	oldValidHostnames := validHostnames
 	defer func() {
 		getenv = oldGetenv
 		now = oldNow
-		validHostnames = oldValidHostnames
 	}()
 	getenv = setEnvironment(map[string]string{
 		"AWS_ACCESS_KEY_ID": "AKIDEXAMPLE",
 		"AWS_REGION":        "us-west-1",
 	})
 	now = setTime(defaultTime)
-	validHostnames = []string{tsURL.Hostname()}

 	base, err := tfc.parse(context.Background())
 	if err != nil {