krombel/oauth2
1
0
Fork 0
forked from remote/oauth2
Code Pull Requests 1 Activity

adding test for workforce pools for new option as requested by bojeil@; adding unit testing; go fmt

Browse Source
This commit is contained in:
Ryan Kohler
2021-10-01 12:43:41 -07:00
parent 7969d9bbda
commit 2c06da4207
3 changed files with 57 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
google/internal/externalaccount/basecredentials.go
View File

@@ -78,6 +78,7 @@ var (
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
}
validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
)
func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
@@ -91,14 +92,17 @@ func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
toTest := parsed.Host
for _, pattern := range patterns {
if valid := pattern.MatchString(toTest); valid {
if pattern.MatchString(toTest) {
return true
}
}
return false
}
func validateWorkforceAudience(input string) bool {
return validWorkforceAudiencePattern.MatchString(input)
}
// TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns, "https")
@@ -120,6 +124,13 @@ func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Re
}
}
if c.WorkforcePoolUserProject != "" {
valid := validateWorkforceAudience(c.Audience)
if !valid {
return nil, fmt.Errorf("oauth2/google: invalid Workforce Pool Audience provided while constructing tokenSource")
}
}
ts := tokenSource{
ctx: ctx,
conf: c,
@@ -229,10 +240,10 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
ClientID: conf.ClientID,
ClientSecret: conf.ClientSecret,
}
var options map[string]string
if (ts.Config.WorkforcePoolUserProject != "") {
options = map[string]string{
"userProject": ts.Config.WorkforcePoolUserProject,
var options map[string]interface{}
if conf.WorkforcePoolUserProject != "" {
options = map[string]interface{}{
"userProject": conf.WorkforcePoolUserProject,
}
}
stsResp, err := exchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options)