Improved test reliability.

1. Allow integration tests to pass when using session credentials. In the process, some tests were deleted, but they were only validating behavior that was validated by other mean already.
2. Verify buckets exist before attempting to delete them.

Author: millems

services/dynamodb/src/it/java/software/amazon/awssdk/services/dynamodb/DynamoDbJavaClientExceptionIntegrationTest.java

@@ -19,17 +19,8 @@
 import junit.framework.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
-import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
-import software.amazon.awssdk.awscore.exception.AwsServiceException;
-import software.amazon.awssdk.core.exception.SdkServiceException;
-import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.dynamodb.model.DescribeTableRequest;
-import software.amazon.awssdk.services.dynamodb.model.ListTablesRequest;
 import software.amazon.awssdk.services.dynamodb.model.ResourceNotFoundException;
-import software.amazon.awssdk.services.sts.StsClient;
-import software.amazon.awssdk.services.sts.model.Credentials;
-import software.amazon.awssdk.services.sts.model.GetFederationTokenRequest;
 import software.amazon.awssdk.testutils.service.AwsTestBase;
 
 /**
@@ -56,33 +47,4 @@ public void testResourceNotFoundException() {
             Assert.assertNotNull(e.awsErrorDetails().rawResponse());
         }
     }
-
-    @Test
-    public void testPermissionError() {
-        StsClient sts = StsClient.builder()
-                .credentialsProvider(CREDENTIALS_PROVIDER_CHAIN)
-                .region(Region.US_EAST_1)
-                .build();
-
-        Credentials creds = sts.getFederationToken(GetFederationTokenRequest.builder()
-                .name("NoAccess")
-                .policy(
-                        "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"*\",\"Resource\":\"*\"}]}")
-                .durationSeconds(900).build()).credentials();
-
-
-        DynamoDbClient client = DynamoDbClient.builder().credentialsProvider(
-                StaticCredentialsProvider.create(AwsSessionCredentials.create(
-                creds.accessKeyId(),
-                creds.secretAccessKey(),
-                creds.sessionToken()))).build();
-
-        try {
-            client.listTables(ListTablesRequest.builder().build());
-        } catch (AwsServiceException e) {
-            Assert.assertEquals("AccessDeniedException", e.awsErrorDetails().errorCode());
-            Assert.assertNotNull(e.awsErrorDetails().errorMessage());
-            Assert.assertNotNull(e.getMessage());
-        }
-    }
 }

services/s3/src/it/java/software/amazon/awssdk/services/s3/utils/S3TestUtils.java

@@ -30,12 +30,20 @@
 import software.amazon.awssdk.services.s3.model.ListObjectsRequest;
 import software.amazon.awssdk.services.s3.model.ListObjectsResponse;
 import software.amazon.awssdk.services.s3.model.S3Object;
+import software.amazon.awssdk.testutils.Waiter;
 import software.amazon.awssdk.utils.BinaryUtils;
 import software.amazon.awssdk.utils.IoUtils;
 
 public class S3TestUtils {
 
     public static void deleteBucketAndAllContents(S3Client s3, String bucketName) {
+        if (!Waiter.run(s3::listBuckets)
+                   .until(r -> r.buckets().stream().anyMatch(b -> b.name().equals(bucketName)))
+                   .orReturnFalse()) {
+            // The bucket did not show up after 30 seconds, so it probably doesn't exist.
+            return;
+        }
+
         System.out.println("Deleting S3 bucket: " + bucketName);
         ListObjectsResponse response = s3.listObjects(ListObjectsRequest.builder().bucket(bucketName).build());
         List<S3Object> objectListing = response.contents();

services/sqs/src/it/java/software/amazon/awssdk/services/sqs/SessionBasedAuthenticationIntegrationTest.java

@@ -19,20 +19,29 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.core.SdkGlobalTime;
 import software.amazon.awssdk.services.sts.model.GetFederationTokenRequest;
 import software.amazon.awssdk.services.sts.model.GetFederationTokenResponse;
 import software.amazon.awssdk.services.sts.model.GetSessionTokenRequest;
 import software.amazon.awssdk.services.sts.model.GetSessionTokenResponse;
+import software.amazon.awssdk.utils.Logger;
 
 
 public class SecurityTokenServiceIntegrationTest extends IntegrationTestBase {
+    private static final Logger log = Logger.loggerFor(SecurityTokenServiceIntegrationTest.class);
 
     private static final int SESSION_DURATION = 60 * 60;
 
     /** Tests that we can call GetSession to start a session. */
     @Test
     public void testGetSessionToken() throws Exception {
+        if (CREDENTIALS_PROVIDER_CHAIN.resolveCredentials() instanceof AwsSessionCredentials) {
+            log.warn(() -> "testGetSessionToken() skipped due to the current credentials being session credentials. " +
+                           "Session credentials cannot be used to get other session tokens.");
+            return;
+        }
+
         GetSessionTokenRequest request = GetSessionTokenRequest.builder().durationSeconds(SESSION_DURATION).build();
         GetSessionTokenResponse result = sts.getSessionToken(request);
 
@@ -45,6 +54,12 @@ public void testGetSessionToken() throws Exception {
     /** Tests that we can call GetFederatedSession to start a federated session. */
     @Test
     public void testGetFederatedSessionToken() throws Exception {
+        if (CREDENTIALS_PROVIDER_CHAIN.resolveCredentials() instanceof AwsSessionCredentials) {
+            log.warn(() -> "testGetFederatedSessionToken() skipped due to the current credentials being session credentials. " +
+                           "Session credentials cannot be used to get federation tokens.");
+            return;
+        }
+
         GetFederationTokenRequest request = GetFederationTokenRequest.builder()
                                                                      .durationSeconds(SESSION_DURATION)
                                                                      .name("Name").build();
@@ -57,25 +72,5 @@ public void testGetFederatedSessionToken() throws Exception {
 
         assertNotNull(result.federatedUser().arn());
         assertNotNull(result.federatedUser().federatedUserId());
-
-
-    }
-
-    /**
-     * In the following test, we purposely setting the time offset to trigger a clock skew error.
-     * The time offset must be fixed and then we validate the global value for time offset has been
-     * update.
-     */
-    @Test
-    public void testClockSkew() {
-        SdkGlobalTime.setGlobalTimeOffset(3600);
-        assertTrue(SdkGlobalTime.getGlobalTimeOffset() == 3600);
-        sts = StsClient.builder().credentialsProvider(CREDENTIALS_PROVIDER_CHAIN).build();
-        sts.getSessionToken(GetSessionTokenRequest.builder().build());
-        assertTrue("Clockskew is fixed!", SdkGlobalTime.getGlobalTimeOffset() < 3600);
-        // subsequent changes to the global time offset won't affect existing client
-        SdkGlobalTime.setGlobalTimeOffset(3600);
-        sts.getSessionToken(GetSessionTokenRequest.builder().build());
-        assertTrue(SdkGlobalTime.getGlobalTimeOffset() == 3600);
     }
 }

services/sts/src/it/java/software/amazon/awssdk/services/sts/SecurityTokenServiceIntegrationTest.java

@@ -97,6 +97,18 @@ public final Waiter<T> ignoringException(Class<? extends Throwable>... whatToIgn
         return this;
     }
 
+    /**
+     * Execute the function, returning true if the thing we're trying does not succeed after 30 seconds.
+     */
+    public boolean orReturnFalse() {
+        try {
+            orFail();
+            return true;
+        } catch (AssertionError e) {
+            return false;
+        }
+    }
+
     /**
      * Execute the function, throwing an assertion error if the thing we're trying does not succeed after 30 seconds.
      */