RubyGems - hybrid_platforms_conductor - Versions diffs - 33.3.0 → 33.7.0 - Mend

hybrid_platforms_conductor 33.3.0 → 33.7.0

Files changed (76) hide show

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/connections_spec.rb CHANGED Viewed

@@ -132,6 +132,36 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
+      it 'creates SSH master to several nodes differing only by the SSH port' do
+        with_test_platform(
+          {
+            nodes: {
+              'node1' => { meta: { host_ip: '192.168.42.1', ssh_port: 6661 } },
+              'node2' => { meta: { host_ip: '192.168.42.1', ssh_port: 6662 } },
+              'node3' => { meta: { host_ip: '192.168.42.1', ssh_port: 6663 } }
+            }
+          }
+        ) do
+          with_cmd_runner_mocked(
+            [
+              ['which env', proc { [0, "/usr/bin/env\n", ''] }],
+              ['ssh -V 2>&1', proc { [0, "OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u  20 Dec 2019\n", ''] }]
+            ] + ssh_expected_commands_for(
+              {
+                'node1' => { connection: '192.168.42.1', user: 'test_user', port: 6661 },
+                'node2' => { connection: '192.168.42.1', user: 'test_user', port: 6662 },
+                'node3' => { connection: '192.168.42.1', user: 'test_user', port: 6663 }
+              }
+            )
+          ) do
+            test_connector.ssh_user = 'test_user'
+            test_connector.with_connection_to(%w[node1 node2 node3]) do |connected_nodes|
+              expect(connected_nodes.sort).to eq %w[node1 node2 node3].sort
+            end
+          end
+        end
+      end
       it 'creates SSH master to several nodes with ssh connections transformed' do
         with_test_platform(
           { nodes: {

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/global_helpers_spec.rb CHANGED Viewed

@@ -175,6 +175,16 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
+      it 'generates a simple config for a node with host_ip and a given SSH port' do
+        with_test_platform({ nodes: { 'node' => { meta: { host_ip: '192.168.42.42', ssh_port: 666 } } } }) do
+          expect(ssh_config_for('node')).to eq <<~EO_SSH_CONFIG
+            Host hpc.node
+              Hostname 192.168.42.42
+              Port 666
+          EO_SSH_CONFIG
+        end
+      end
       it 'generates a simple config for several nodes' do
         with_test_platform(
           {

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/remote_actions_spec.rb CHANGED Viewed

@@ -13,6 +13,15 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
+      it 'executes bash commands remotely from a SecretString' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [[%r{.+/ssh hpc\.node /bin/bash <<'HPC_EOF'\nbash_cmd.bash\nHPC_EOF}, proc { [0, 'Bash commands executed on node', ''] }]],
+          expected_stdout: 'Bash commands executed on node'
+        ) do
+          test_connector.remote_bash(SecretString.new('bash_cmd.bash', silenced_str: '__INVALID_BASH__'))
+        end
+      end
       it 'executes bash commands remotely with timeout' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
@@ -88,6 +97,25 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
+      it 'executes really big bash commands remotely using a SecretString' do
+        cmd = "echo #{'1' * 131_060}"
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              %r{.+/hpc_temp_cmds_.+\.sh$},
+              proc do |received_cmd|
+                expect(File.read(received_cmd)).to match(%r{.+/ssh hpc\.node /bin/bash <<'HPC_EOF'\n#{Regexp.escape(cmd)}\nHPC_EOF})
+                [0, 'Bash commands executed on node', '']
+              end
+            ]
+          ],
+          expected_stdout: 'Bash commands executed on node'
+        ) do
+          # Use an argument that exceeds the max arg length limit
+          test_connector.remote_bash(SecretString.new(cmd, silenced_str: '__INVALID_BASH__'))
+        end
+      end
       it 'copies files remotely with sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
@@ -153,6 +181,16 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
+      it 'executes bash commands remotely without Session Exec capabilities using a SecretString' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [[%r{^\{ cat \| .+/ssh hpc\.node -T; \} <<'HPC_EOF'\nbash_cmd.bash\nHPC_EOF$}, proc { [0, 'Bash commands executed on node', ''] }]],
+          expected_stdout: 'Bash commands executed on node',
+          session_exec: false
+        ) do
+          test_connector.remote_bash(SecretString.new('bash_cmd.bash', silenced_str: '__INVALID_BASH__'))
+        end
+      end
       it 'copies files remotely without Session Exec capabilities' do
         with_test_platform_for_remote_testing(
           expected_cmds: [

data/spec/hybrid_platforms_conductor_test/api/actions_executor/helpers_spec.rb ADDED Viewed

@@ -0,0 +1,195 @@
+describe HybridPlatformsConductor::ActionsExecutor do
+  context 'when checking helpers' do
+    it 'gives access to connectors' do
+      with_test_platform({}) do
+        expect(test_actions_executor.connector(:ssh)).not_to be_nil
+      end
+    end
+    it 'returns if a user has privileged access on a node' do
+      with_test_platform({ nodes: { 'node' => {} } }) do
+        test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+        expect(test_actions_executor.privileged_access?('node')).to eq false
+      end
+    end
+    it 'returns if a user has privileged access on a node when connecting with root' do
+      with_test_platform({ nodes: { 'node' => {} } }) do
+        test_actions_executor.connector(:ssh).ssh_user = 'root'
+        expect(test_actions_executor.privileged_access?('node')).to eq true
+      end
+    end
+    it 'returns if a user has privileged access on a local node' do
+      with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.privileged_access?('node')).to eq false
+        end
+      end
+    end
+    it 'returns if a user has privileged access on a local node when local user is root' do
+      with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.privileged_access?('node')).to eq true
+        end
+      end
+    end
+    context 'with connection on a remote node' do
+      it 'returns the correct sudo prefix' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node')).to eq 'sudo -u root '
+        end
+      end
+      it 'returns the correct sudo prefix with env forwarding' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'sudo -u root -E '
+        end
+      end
+      it 'returns the correct sudo prefix when connecting as root' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'root'
+          expect(test_actions_executor.sudo_prefix('node')).to eq ''
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node')).to eq 'other_sudo --user root '
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo and env forwarding' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'other_sudo --user root -E '
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo when connecting as root' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'root'
+          expect(test_actions_executor.sudo_prefix('node')).to eq ''
+        end
+      end
+    end
+    context 'with connection on a local node' do
+      it 'returns the correct sudo prefix' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq 'sudo -u root '
+          end
+        end
+      end
+      it 'returns the correct sudo prefix with env forwarding' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'sudo -u root -E '
+          end
+        end
+      end
+      it 'returns the correct sudo prefix when connecting as root' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq ''
+          end
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq 'other_sudo --user root '
+          end
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo and env forwarding' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'other_sudo --user root -E '
+          end
+        end
+      end
+      it 'returns the correct sudo prefix with a different sudo when connecting as root' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq ''
+          end
+        end
+      end
+    end
+  end
+end

data/spec/hybrid_platforms_conductor_test/api/cmd_runner_spec.rb CHANGED Viewed

@@ -7,6 +7,13 @@ describe HybridPlatformsConductor::CmdRunner do
     end
   end
+  it 'runs a simple bash command in a SecretString' do
+    with_repository do |repository|
+      test_cmd_runner.run_cmd SecretString.new("echo TestContent >#{repository}/test_file", silenced_str: '__INVALID_BASH__')
+      expect(File.read("#{repository}/test_file")).to eq "TestContent\n"
+    end
+  end
   it 'runs a simple bash command and returns exit code, stdout and stderr correctly' do
     with_repository do
       expect(test_cmd_runner.run_cmd('echo TestStderr 1>&2 ; echo TestStdout')).to eq [0, "TestStdout\n", "TestStderr\n"]
@@ -20,6 +27,13 @@ describe HybridPlatformsConductor::CmdRunner do
     end
   end
+  it 'runs a simple bash command and forces usage of bash in a SecretString' do
+    with_repository do
+      # Use set -o pipefail that does not work in /bin/sh
+      expect(test_cmd_runner.run_cmd(SecretString.new('set -o pipefail ; echo TestStderr 1>&2 ; echo TestStdout', silenced_str: '__INVALID_BASH__'), force_bash: true)).to eq [0, "TestStdout\n", "TestStderr\n"]
+    end
+  end
   it 'runs a simple bash command and logs stdout and stderr to a file' do
     with_repository do |repository|
       test_cmd_runner.run_cmd 'echo TestStderr 1>&2 ; sleep 1 ; echo TestStdout', log_to_file: "#{repository}/test_file"

data/spec/hybrid_platforms_conductor_test/api/config_spec.rb CHANGED Viewed

@@ -29,6 +29,17 @@ describe HybridPlatformsConductor::Config do
     end
   end
+  it 'can check if we are in debug mode' do
+    with_platforms(
+      <<~EO_CONFIG
+        os_image :image_1, '/path/to/image_1' if log_debug?
+        os_image :image_2, '/path/to/image_2'
+      EO_CONFIG
+    ) do
+      expect(test_config.known_os_images.sort).to eq %i[image_2].sort
+    end
+  end
   it 'returns the tests provisioner correctly' do
     with_platforms 'tests_provisioner :test_provisioner' do
       expect(test_config.tests_provisioner_id).to eq :test_provisioner

data/spec/hybrid_platforms_conductor_test/api/credentials_spec.rb ADDED Viewed

@@ -0,0 +1,251 @@
+describe HybridPlatformsConductor::Credentials do
+  # Create a container class for the credential Mixin to be tested, as a plugin as credentials can be used in any plugin.
+  let(:credential_tester_class) do
+    Class.new(HybridPlatformsConductor::Plugin) do
+      include HybridPlatformsConductor::Credentials
+    end
+  end
+  # Expect credentials to be as a given user and password
+  #
+  # Parameters::
+  # * *expected_user* (String or nil): The expected user
+  # * *expected_password* (String or nil): The expected password
+  # * *resource* (String or nil): The resource for which we query the credentials, or nil if none [default: nil]
+  def expect_credentials_to_be(expected_user, expected_password, resource: nil)
+    creds = {}
+    password_class = nil
+    credential_tester_class.new(logger: logger, logger_stderr: logger, config: test_config).instance_exec do
+      with_credentials_for(:test_credential, resource: resource) do |user, password|
+        password_class = password.class
+        creds = {
+          user: user,
+          # We clone the value as for security reasons it is removed when exiting the block
+          password: password&.to_unprotected.clone
+        }
+      end
+    end
+    # Make sure we always return a SecretString for the password
+    expect(password_class).to be SecretString unless password_class == NilClass
+    expect(creds).to eq(
+      user: expected_user,
+      password: expected_password
+    )
+  end
+  it 'returns no credentials when they are not set' do
+    with_platforms '' do
+      # Check that .netrc won't be read
+      expect(::Netrc).not_to receive(:read)
+      expect_credentials_to_be nil, nil
+    end
+  end
+  it 'returns credentials taken from environment variables' do
+    with_platforms '' do
+      ENV['hpc_user_for_test_credential'] = 'env_test_user'
+      ENV['hpc_password_for_test_credential'] = 'env_test_password'
+      begin
+        # Check that .netrc won't be read
+        expect(::Netrc).not_to receive(:read)
+        expect_credentials_to_be 'env_test_user', 'env_test_password'
+      ensure
+        ENV.delete('hpc_user_for_test_credential')
+        ENV.delete('hpc_password_for_test_credential')
+      end
+    end
+  end
+  it 'erases the value of the password taken from environment variable after usage' do
+    with_platforms '' do
+      ENV['hpc_user_for_test_credential'] = 'env_test_user'
+      ENV['hpc_password_for_test_credential'] = 'env_test_password'
+      begin
+        leaked_password = nil
+        credential_tester_class.new(logger: logger, logger_stderr: logger, config: test_config).instance_exec do
+          with_credentials_for(:test_credential) do |_user, password|
+            leaked_password = password
+          end
+        end
+        expect(leaked_password.to_unprotected).to eq "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+      ensure
+        ENV.delete('hpc_user_for_test_credential')
+        ENV.delete('hpc_password_for_test_credential')
+      end
+    end
+  end
+  it 'returns credentials taken from .netrc when a resource is specified' do
+    with_platforms '' do
+      expect(::Netrc).to receive(:read) do
+        mocked_netrc = instance_double(::Netrc)
+        expect(mocked_netrc).to receive(:[]).with('my_domain.com').and_return %w[test_user test_password]
+        expect(mocked_netrc).to receive(:instance_variable_get).with(:@data).and_return []
+        mocked_netrc
+      end
+      expect_credentials_to_be 'test_user', 'test_password', resource: 'http://My_Domain.com/path/to/resource'
+    end
+  end
+  it 'returns credentials taken from .netrc when a non-URL resource is specified' do
+    with_platforms '' do
+      expect(::Netrc).to receive(:read) do
+        mocked_netrc = instance_double(::Netrc)
+        expect(mocked_netrc).to receive(:[]).with('This is:not/ a URL!').and_return %w[test_user test_password]
+        expect(mocked_netrc).to receive(:instance_variable_get).with(:@data).and_return []
+        mocked_netrc
+      end
+      expect_credentials_to_be 'test_user', 'test_password', resource: 'This is:not/ a URL!'
+    end
+  end
+  it 'erases the value of the password taken from netrc after usage' do
+    with_platforms '' do
+      netrc_data = [['mocked_data']]
+      expect(::Netrc).to receive(:read) do
+        mocked_netrc = instance_double(::Netrc)
+        expect(mocked_netrc).to receive(:[]).with('my_domain.com').and_return %w[test_user test_password]
+        expect(mocked_netrc).to receive(:instance_variable_get).with(:@data).and_return netrc_data
+        mocked_netrc
+      end
+      leaked_password = nil
+      credential_tester_class.new(logger: logger, logger_stderr: logger, config: test_config).instance_exec do
+        with_credentials_for(:test_credential, resource: 'http://My_Domain.com/path/to/resource') do |_user, password|
+          leaked_password = password
+        end
+      end
+      expect(leaked_password).to eq "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+      expect(netrc_data).to eq [['GotYou!!!' * 100]]
+    end
+  end
+  it 'returns credentials taken from config' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential) do |resource, requester|
+          requester.call "user_for_#{resource}", "password_for_#{resource}"
+        end
+      EO_CONFIG
+    ) do
+      # Check that netrc is not called when config is used, and that env vars are ignored
+      ENV['hpc_user_for_test_credential'] = 'env_test_user'
+      ENV['hpc_password_for_test_credential'] = 'env_test_password'
+      begin
+        # Check that .netrc won't be read
+        expect(::Netrc).not_to receive(:read)
+        expect_credentials_to_be 'user_for_', 'password_for_'
+      ensure
+        ENV.delete('hpc_user_for_test_credential')
+        ENV.delete('hpc_password_for_test_credential')
+      end
+    end
+  end
+  it 'returns credentials taken from config for a given resource' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential) do |resource, requester|
+          requester.call "user_for_#{resource}", "password_for_#{resource}"
+        end
+      EO_CONFIG
+    ) do
+      # Check that netrc is not called when config is used, and that env vars are ignored
+      ENV['hpc_user_for_test_credential'] = 'env_test_user'
+      ENV['hpc_password_for_test_credential'] = 'env_test_password'
+      begin
+        # Check that .netrc won't be read
+        expect(::Netrc).not_to receive(:read)
+        expect_credentials_to_be 'user_for_test_resource', 'password_for_test_resource', resource: 'test_resource'
+      ensure
+        ENV.delete('hpc_user_for_test_credential')
+        ENV.delete('hpc_password_for_test_credential')
+      end
+    end
+  end
+  it 'returns credentials taken from config for a given resource even when they are nil' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential) do |resource, requester|
+          requester.call nil, nil
+        end
+      EO_CONFIG
+    ) do
+      # Check that netrc is not called when config is used, and that env vars are ignored
+      ENV['hpc_user_for_test_credential'] = 'env_test_user'
+      ENV['hpc_password_for_test_credential'] = 'env_test_password'
+      begin
+        # Check that .netrc won't be read
+        expect(::Netrc).not_to receive(:read)
+        expect_credentials_to_be nil, nil, resource: 'test_resource'
+      ensure
+        ENV.delete('hpc_user_for_test_credential')
+        ENV.delete('hpc_password_for_test_credential')
+      end
+    end
+  end
+  it 'returns credentials taken from config after filtering the resource name' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential, resource: 'another_resource') do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: /test_.*/) do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: /_resource/) do |resource, requester|
+          requester.call "correct_user_for_#{resource}", "correct_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: 'test_resource2') do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+      EO_CONFIG
+    ) do
+      expect_credentials_to_be 'correct_user_for_test_resource', 'correct_password_for_test_resource', resource: 'test_resource'
+    end
+  end
+  it 'returns credentials taken from config after filtering the resource name when no resource is given' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential, resource: 'another_resource') do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: /test_.*/) do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+        credentials_for(:test_credential) do |resource, requester|
+          requester.call "correct_user_for_#{resource}", "correct_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: /_resource/) do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+        credentials_for(:test_credential, resource: 'test_resource2') do |resource, requester|
+          requester.call "wrong_user_for_#{resource}", "wrong_password_for_#{resource}"
+        end
+      EO_CONFIG
+    ) do
+      expect_credentials_to_be 'correct_user_for_', 'correct_password_for_'
+    end
+  end
+  it 'fails if the requester is not called from config' do
+    with_platforms(
+      <<~'EO_CONFIG'
+        credentials_for(:test_credential) do |resource, requester|
+        end
+      EO_CONFIG
+    ) do
+      expect do
+        credential_tester_class.new(logger: logger, logger_stderr: logger, config: test_config).instance_exec do
+          with_credentials_for(:test_credential) do |_user, _password|
+            nil
+          end
+        end
+      end.to raise_error 'Requester not called by the credentials provider for test_credential (resource: ) - Please check the credentials_for code in your configuration.'
+    end
+  end
+end