Documentation
¶
Index ¶
- Constants
- Variables
- type Credentials
- type Identity
- func (i *Identity) Authenticate(ctx context.Context, baseCreds types.ICredentials) (types.ICredentials, error)
- func (i *Identity) CredentialsExist() (bool, error)
- func (i *Identity) Environment() (map[string]string, error)
- func (i *Identity) GetProviderName() (string, error)
- func (i *Identity) Kind() string
- func (i *Identity) LoadCredentials(ctx context.Context) (types.ICredentials, error)
- func (i *Identity) Logout(ctx context.Context) error
- func (i *Identity) Paths() ([]types.Path, error)
- func (i *Identity) PostAuthenticate(ctx context.Context, params *types.PostAuthenticateParams) error
- func (i *Identity) PrepareEnvironment(_ context.Context, environ map[string]string) (map[string]string, error)
- func (i *Identity) SetRealm(realm string)
- func (i *Identity) Validate() error
- type Provider
- func (p *Provider) Authenticate(ctx context.Context) (types.ICredentials, error)
- func (p *Provider) Environment() (map[string]string, error)
- func (p *Provider) GetFilesDisplayPath() string
- func (p *Provider) Kind() string
- func (p *Provider) Logout(ctx context.Context) error
- func (p *Provider) Name() string
- func (p *Provider) Paths() ([]types.Path, error)
- func (p *Provider) PreAuthenticate(manager types.AuthManager) error
- func (p *Provider) PrepareEnvironment(_ context.Context, environ map[string]string) (map[string]string, error)
- func (p *Provider) SetRealm(realm string)
- func (p *Provider) Validate() error
Constants ¶
const ( // MockRegion is the default AWS region for mock credentials. MockRegion = "us-east-1" // MockFilePermissions are the file permissions for credential files (owner read/write only). MockFilePermissions = 0o600 )
const ( // MockExpirationYear is the fixed year used for deterministic testing timestamps. // Using a far-future year ensures tests don't become flaky due to expiration checks. MockExpirationYear = 2099 // MockExpirationMonth is the fixed month used for deterministic testing timestamps. MockExpirationMonth = 12 // MockExpirationDay is the fixed day used for deterministic testing timestamps. MockExpirationDay = 31 // MockExpirationHour is the fixed hour used for deterministic testing timestamps. MockExpirationHour = 23 // MockExpirationMinute is the fixed minute used for deterministic testing timestamps. MockExpirationMinute = 59 // MockExpirationSecond is the fixed second used for deterministic testing timestamps. MockExpirationSecond = 59 )
Variables ¶
var ErrNoStoredCredentials = errors.New("mock identity has no stored credentials")
ErrNoStoredCredentials indicates storage is supported but currently empty. This error is returned when LoadCredentials is called before authentication.
Functions ¶
This section is empty.
Types ¶
type Credentials ¶
type Credentials struct {
AccessKeyID string
SecretAccessKey string
SessionToken string
Region string
Expiration time.Time
}
Credentials represents mock AWS-like credentials for testing.
func (*Credentials) BuildWhoamiInfo ¶
func (c *Credentials) BuildWhoamiInfo(info *types.WhoamiInfo)
BuildWhoamiInfo populates WhoamiInfo with mock credential information. Sensitive credentials are stored in info.Credentials (non-serializable). Only non-sensitive environment variables are placed in info.Environment.
func (*Credentials) GetExpiration ¶
func (c *Credentials) GetExpiration() (*time.Time, error)
GetExpiration returns the expiration time of the credentials.
func (*Credentials) IsExpired ¶
func (c *Credentials) IsExpired() bool
IsExpired checks if the credentials are expired.
func (*Credentials) Validate ¶
func (c *Credentials) Validate(ctx context.Context) (*types.ValidationInfo, error)
Validate is a no-op for mock credentials (always valid). Returns validation info with mock principal and expiration.
type Identity ¶
type Identity struct {
// contains filtered or unexported fields
}
Identity is a mock authentication identity for testing purposes only. It simulates provider-agnostic credential storage behavior by persisting credentials to disk (like AWS writing to ~/.aws/credentials, or GitHub storing a token in a file). This allows credentials to persist across process invocations.
func NewIdentity ¶
NewIdentity creates a new mock identity.
func (*Identity) Authenticate ¶
func (i *Identity) Authenticate(ctx context.Context, baseCreds types.ICredentials) (types.ICredentials, error)
Authenticate performs mock authentication.
func (*Identity) CredentialsExist ¶
CredentialsExist always returns true for mock identities (credentials are in-memory).
func (*Identity) Environment ¶
Environment returns mock environment variables. For generic mock identities, we only return non-provider-specific variables. AWS-specific variables are handled by mock/aws provider.
func (*Identity) GetProviderName ¶
GetProviderName returns the provider name for this identity.
func (*Identity) LoadCredentials ¶
LoadCredentials simulates loading credentials from persistent storage. This method implements provider-agnostic credential loading behavior: - Returns ErrNoStoredCredentials if credentials haven't been stored yet (no authentication performed). - Returns credentials if they were previously stored via PostAuthenticate.
This mimics real provider behavior across different storage mechanisms: - AWS: Loading from XDG directories (~/.config/atmos/aws/{provider}/) after SSO login. - GitHub: Loading token from environment variable or file. - Azure: Loading from XDG directories after authentication. - Google Cloud: Loading from XDG directories after auth.
func (*Identity) Logout ¶
Logout simulates removing credentials from persistent storage. This deletes the credentials file, requiring re-authentication.
func (*Identity) Paths ¶ added in v1.201.0
Paths returns credential files/directories used by this identity.
func (*Identity) PostAuthenticate ¶
func (i *Identity) PostAuthenticate(ctx context.Context, params *types.PostAuthenticateParams) error
PostAuthenticate simulates writing credentials to persistent storage. For mock identities, this writes credentials to a temporary file to persist them. This mimics real provider behavior where authentication results in credentials being written to disk (AWS ~/.aws/credentials), environment variables (GitHub token), or other storage.
func (*Identity) PrepareEnvironment ¶
func (i *Identity) PrepareEnvironment(_ context.Context, environ map[string]string) (map[string]string, error)
PrepareEnvironment prepares environment variables for external processes. For mock identities, we set ATMOS_IDENTITY to verify that authentication is working correctly in integration tests.
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider is a mock authentication provider for testing purposes only. It simulates authentication without requiring real cloud credentials.
func NewProvider ¶
NewProvider creates a new mock provider.
func (*Provider) Authenticate ¶
Authenticate returns mock credentials.
func (*Provider) Environment ¶
Environment returns mock environment variables.
func (*Provider) GetFilesDisplayPath ¶
GetFilesDisplayPath returns the mock display path.
func (*Provider) Paths ¶ added in v1.201.0
Paths returns credential files/directories used by this provider.
func (*Provider) PreAuthenticate ¶
func (p *Provider) PreAuthenticate(manager types.AuthManager) error
PreAuthenticate is a no-op for the mock provider.
func (*Provider) PrepareEnvironment ¶
func (p *Provider) PrepareEnvironment(_ context.Context, environ map[string]string) (map[string]string, error)
PrepareEnvironment prepares environment variables for external processes. For mock providers, we don't modify the environment since mock credentials are only for testing and don't interact with real cloud SDKs.
Source Files
Directories