Merge pull request #88 from servian/exception_coverage

Exception coverage.
tristanmorgan · Oct 31, 2022 · d648dcf · d648dcf
2 parents 203533c + dce7988
commit d648dcf
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 28 deletions.
diff --git a/lib/awskeyring_command.rb b/lib/awskeyring_command.rb
@@ -364,21 +364,16 @@ def token(account = nil, role = nil, code = nil) # rubocop:disable Metrics/AbcSi
     end
     item_hash = age_check_and_get(account: account, no_token: true)
 
-    begin
-      new_creds = Awskeyring::Awsapi.get_token(
-        code: code,
-        role_arn: (Awskeyring.get_role_arn(role_name: role) if role),
-        duration: default_duration(options[:duration], role, code),
-        mfa: item_hash[:mfa],
-        key: item_hash[:key],
-        secret: item_hash[:secret],
-        user: ENV.fetch('USER', 'awskeyring')
-      )
-      Awskeyring.delete_token(account: account, message: '# Removing STS credentials')
-    rescue Aws::Errors::ServiceError => e
-      warn e.to_s
-      exit 1
-    end
+    new_creds = Awskeyring::Awsapi.get_token(
+      code: code,
+      role_arn: (Awskeyring.get_role_arn(role_name: role) if role),
+      duration: default_duration(options[:duration], role, code),
+      mfa: item_hash[:mfa],
+      key: item_hash[:key],
+      secret: item_hash[:secret],
+      user: ENV.fetch('USER', 'awskeyring')
+    )
+    Awskeyring.delete_token(account: account, message: '# Removing STS credentials')
 
     Awskeyring.add_token(
       account: account,
@@ -409,18 +404,13 @@ def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLeng
 
     path = options[:path] || 'console'
 
-    begin
-      login_url = Awskeyring::Awsapi.get_login_url(
-        key: cred[:key],
-        secret: cred[:secret],
-        token: cred[:token],
-        path: path,
-        user: ENV.fetch('USER', 'awskeyring')
-      )
-    rescue Aws::Errors::ServiceError => e
-      warn e.to_s
-      exit 1
-    end
+    login_url = Awskeyring::Awsapi.get_login_url(
+      key: cred[:key],
+      secret: cred[:secret],
+      token: cred[:token],
+      path: path,
+      user: ENV.fetch('USER', 'awskeyring')
+    )
 
     if options['no-open']
       puts login_url

diff --git a/man/awskeyring.5 b/man/awskeyring.5
@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "August 2022" "" ""
+.TH "AWSKEYRING" "5" "October 2022" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain

diff --git a/spec/lib/awskeyring_command_exceptional_spec.rb b/spec/lib/awskeyring_command_exceptional_spec.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'thor'
+require_relative '../../lib/awskeyring_command'
+
+describe AwskeyringCommand do
+  context 'when everything raises an exception' do
+    let(:iam_client) { instance_double(Aws::IAM::Client) }
+    let(:sts_client) { instance_double(Aws::STS::Client) }
+
+    before do
+      allow(Awskeyring).to receive(:get_valid_creds).and_return(
+        account: 'test',
+        key: 'ASIATESTTEST',
+        secret: 'bigerlongbase64',
+        token: nil,
+        updated: Time.parse('2011-08-01T22:20:01Z')
+      )
+      allow(Process).to receive(:spawn) do
+        raise Errno::ENOENT
+      end
+      allow(Process).to receive(:wait).exactly(1).with(9999)
+      allow(Awskeyring).to receive(:account_exists).and_return('test')
+      allow(Awskeyring).to receive(:list_account_names).and_return(['test'])
+      allow(Time).to receive(:new).and_return(Time.parse('2011-07-11T19:55:29.611Z'))
+
+      allow(Aws::IAM::Client).to receive(:new).and_return(iam_client)
+      allow(iam_client).to receive(:list_access_keys) do
+        raise(Aws::Errors::ServiceError.new(nil, 'The security token included in the request is invalid'))
+      end
+      allow(Aws::STS::Client).to receive(:new).and_return(sts_client)
+      allow(sts_client).to receive(:get_federation_token) do
+        raise(Aws::STS::Errors::AccessDenied.new(
+                nil,
+                'The security token included in the request is invalid'
+              ))
+      end
+    end
+
+    it 'fails to run an external command' do
+      expect do
+        described_class.start(%w[exec test test-exec with params])
+      end.to raise_error(SystemExit).and output(/No such file or directory/).to_stderr
+    end
+
+    it 'fails to rotate access keys' do
+      expect do
+        described_class.start(%w[rotate test])
+      end.to raise_error(SystemExit).and output(/The security token included in the request is invalid/).to_stderr
+    end
+
+    it 'fails to fetch a new token' do
+      expect do
+        described_class.start(%w[token test])
+      end.to raise_error(SystemExit).and output(/The security token included in the request is invalid/).to_stderr
+    end
+
+    it 'fails to open the console' do
+      expect do
+        described_class.start(%w[console test])
+      end.to raise_error(SystemExit).and output(/The security token included in the request is invalid/).to_stderr
+    end
+  end
+end