Add unit tests

pkg/sessions/redis/aws-iam/auth.go

@@ -42,7 +42,7 @@ type iamTokenGenerator struct {
 }
 
 // New creates a new IAMTokenGenerator instance
-func New(serviceName, clusterName, userName string) (*IAMTokenGenerator, error) {
+func New(serviceName, clusterName, userName string) (TokenGenerator, error) {
 
 	ctx := context.Background()
 	cfg, err := config.LoadDefaultConfig(ctx)

pkg/sessions/redis/aws-iam/auth_test.go

@@ -0,0 +1,35 @@
+package auth
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAWSIAMTokenGenerator(t *testing.T) {
+	// Set up the environment, so we don't make any external calls to AWS
+	t.Setenv("AWS_CONFIG_FILE", "file_not_exists")
+	t.Setenv("AWS_SHARED_CREDENTIALS_FILE", "file_not_exists")
+	t.Setenv("AWS_ENDPOINT_URL", "http://localhost:9999/aws")
+	t.Setenv("AWS_ACCESS_KEY_ID", "access_key")
+	t.Setenv("AWS_SECRET_ACCESS_KEY", "secret_key")
+	t.Setenv("AWS_REGION", "us-east-1")
+
+	tokenGenerator, err := New("elasticache", "test-cluster", "test-user")
+	require.NotNil(t, tokenGenerator)
+	require.NoError(t, err)
+
+	token, err := tokenGenerator.GenerateToken()
+	require.NoError(t, err)
+	require.NotEmpty(t, token)
+	require.Contains(t, token, "X-Amz-Algorithm", "signed token should contain algorithm attribute")
+	require.Contains(t, token, "User=test-user", "signed token should contain user parameter")
+	require.Contains(t, token, "X-Amz-Credential", "signed token should contain credential attribute")
+	require.Contains(t, token, "X-Amz-Date", "signed token should contain date attribute")
+	require.Contains(t, token, "X-Amz-Expires", "signed token should contain expires attribute")
+	require.Contains(t, token, "X-Amz-SignedHeaders", "signed token should contain signed headers attribute")
+	require.Contains(t, token, "X-Amz-Signature", "signed token should contain signature attribute")
+	require.Contains(t, token, "Action=connect", "signed token should contain connect action")
+	require.False(t, strings.HasPrefix(token, "http://"), "token should not have http:// scheme")
+}

pkg/sessions/redis/redis_store_test.go

@@ -11,6 +11,7 @@ import (
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/sessions/tests"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"github.com/redis/go-redis/v9"
 )
 
 const (
@@ -271,4 +272,41 @@ var _ = Describe("Redis SessionStore Tests", func() {
 			Expect(opts).To(BeNil())
 		})
 	})
+
+	Describe("AWSIAMAuth", func() {
+		Context("with AWS IAM options", func() {
+			It("should initialize CredentialsProvider when AWSIAMConfig is present", func() {
+				redisOpts := options.RedisStoreOptions{
+					AWSIAMConfig: &options.AWSIAMOptions{
+						ServiceName: "elasticache",
+						ClusterName: "test-cluster",
+						Username:    "test-user",
+					},
+				}
+
+				var opt *redis.Options
+				opt = &redis.Options{}
+
+				err := setupAWSIAMAuth(redisOpts, opt)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(opt.CredentialsProvider).ToNot(BeNil())
+
+				// Verify the CredentialsProvider returns the expected username
+				username, _ := opt.CredentialsProvider()
+				Expect(username).To(Equal("test-user"))
+			})
+			It("should not initialize CredentialsProvider when AWSIAMConfig is nil", func() {
+				redisOpts := options.RedisStoreOptions{
+					AWSIAMConfig: nil,
+				}
+
+				var opt *redis.Options
+				opt = &redis.Options{}
+
+				err := setupAWSIAMAuth(redisOpts, opt)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(opt.CredentialsProvider).To(BeNil())
+			})
+		})
+	})
 })