google: add Credentials.GetUniverseDomain with GCE MDS support

* Deprecate Credentials.UniverseDomain Change-Id: I1cbc842fbfce35540c8dff99fec09e036b9e2cdf Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/554215 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Cody Oss <codyoss@google.com> Auto-Submit: Cody Oss <codyoss@google.com> Reviewed-by: Cody Oss <codyoss@google.com> Reviewed-by: Viacheslav Rostovtsev <virost@google.com>
2023-12-26 15:08:10 -07:00
parent 1e6999b1be
commit 4ce7bbb2ff
3 changed files with 173 additions and 0 deletions
--- a/google/default_test.go
+++ b/google/default_test.go
@@ -6,6 +6,9 @@ package google

 import (
 	"context"
+	"net/http"
+	"net/http/httptest"
+	"strings"
 	"testing"
 )

@@ -74,6 +77,9 @@ func TestCredentialsFromJSONWithParams_SA(t *testing.T) {
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
+	if want := "googleapis.com"; creds.UniverseDomain() != want {
+		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
+	}
 }

 func TestCredentialsFromJSONWithParams_SA_Params_UniverseDomain(t *testing.T) {
@@ -94,6 +100,9 @@ func TestCredentialsFromJSONWithParams_SA_Params_UniverseDomain(t *testing.T) {
 	if creds.UniverseDomain() != universeDomain2 {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
 	}
+	if creds.UniverseDomain() != universeDomain2 {
+		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
+	}
 }

 func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
@@ -113,6 +122,13 @@ func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
 	if creds.UniverseDomain() != universeDomain {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got != universeDomain {
+		t.Fatalf("got %q, want %q", got, universeDomain)
+	}
 }

 func TestCredentialsFromJSONWithParams_SA_UniverseDomain_Params_UniverseDomain(t *testing.T) {
@@ -133,6 +149,13 @@ func TestCredentialsFromJSONWithParams_SA_UniverseDomain_Params_UniverseDomain(t
 	if creds.UniverseDomain() != universeDomain2 {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got != universeDomain2 {
+		t.Fatalf("got %q, want %q", got, universeDomain2)
+	}
 }

 func TestCredentialsFromJSONWithParams_User(t *testing.T) {
@@ -149,6 +172,13 @@ func TestCredentialsFromJSONWithParams_User(t *testing.T) {
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if want := "googleapis.com"; got != want {
+		t.Fatalf("got %q, want %q", got, want)
+	}
 }

 func TestCredentialsFromJSONWithParams_User_Params_UniverseDomain(t *testing.T) {
@@ -166,6 +196,13 @@ func TestCredentialsFromJSONWithParams_User_Params_UniverseDomain(t *testing.T)
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if want := "googleapis.com"; got != want {
+		t.Fatalf("got %q, want %q", got, want)
+	}
 }

 func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
@@ -182,6 +219,13 @@ func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if want := "googleapis.com"; got != want {
+		t.Fatalf("got %q, want %q", got, want)
+	}
 }

 func TestCredentialsFromJSONWithParams_User_UniverseDomain_Params_UniverseDomain(t *testing.T) {
@@ -199,4 +243,55 @@ func TestCredentialsFromJSONWithParams_User_UniverseDomain_Params_UniverseDomain
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
+	got, err := creds.GetUniverseDomain()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if want := "googleapis.com"; got != want {
+		t.Fatalf("got %q, want %q", got, want)
+	}
+}
+
+func TestComputeUniverseDomain(t *testing.T) {
+	universeDomainPath := "/computeMetadata/v1/universe/universe_domain"
+	universeDomainResponseBody := "example.com"
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != universeDomainPath {
+			t.Errorf("got %s, want %s", r.URL.Path, universeDomainPath)
+		}
+		w.Write([]byte(universeDomainResponseBody))
+	}))
+	defer s.Close()
+	t.Setenv("GCE_METADATA_HOST", strings.TrimPrefix(s.URL, "http://"))
+
+	scope := "https://www.googleapis.com/auth/cloud-platform"
+	params := CredentialsParams{
+		Scopes: []string{scope},
+	}
+	// Copied from FindDefaultCredentialsWithParams, metadata.OnGCE() = true block
+	creds := &Credentials{
+		ProjectID:      "fake_project",
+		TokenSource:    computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
+		universeDomain: params.UniverseDomain, // empty
+	}
+	c := make(chan bool)
+	go func() {
+		got, err := creds.GetUniverseDomain() // First conflicting access.
+		if err != nil {
+			t.Error(err)
+		}
+		if want := universeDomainResponseBody; got != want {
+			t.Errorf("got %q, want %q", got, want)
+		}
+		c <- true
+	}()
+	got, err := creds.GetUniverseDomain() // Second conflicting access.
+	<-c
+	if err != nil {
+		t.Error(err)
+	}
+	if want := universeDomainResponseBody; got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+
 }