google/externalaccount: moves externalaccount package out of internal and exports it

go/programmable-auth-design for context. Adds support for user defined supplier methods to return subject tokens and AWS security credentials. Change-Id: I7bc41f8c5202ae933fce516632f5049bbeb3d378 GitHub-Last-Rev: ac519b242f8315df572f1b205b0670f139bfc6c3 GitHub-Pull-Request: golang/oauth2#690 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/550835 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Leo Siracusa <leosiracusa@google.com> Reviewed-by: Chris Smith <chrisdsmith@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cody Oss <codyoss@google.com>
2024-02-26 18:02:12 +00:00
parent ebe81ad837
commit 95bec95381
23 changed files with 1191 additions and 647 deletions
--- a/google/externalaccount/programmaticrefreshcredsource_test.go
+++ b/google/externalaccount/programmaticrefreshcredsource_test.go
@@ -0,0 +1,122 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccount
+
+import (
+	"context"
+	"errors"
+	"testing"
+)
+
+func TestRetrieveSubjectToken_ProgrammaticAuth(t *testing.T) {
+	tfc := testConfig
+
+	tfc.SubjectTokenSupplier = testSubjectTokenSupplier{
+		subjectToken: "subjectToken",
+	}
+
+	base, err := tfc.parse(context.Background())
+	if err != nil {
+		t.Fatalf("parse() failed %v", err)
+	}
+
+	out, err := base.subjectToken()
+	if err != nil {
+		t.Fatalf("retrieveSubjectToken() failed: %v", err)
+	}
+
+	if out != "subjectToken" {
+		t.Errorf("subjectToken = \n%q\n want \nSubjectToken", out)
+	}
+}
+
+func TestRetrieveSubjectToken_ProgrammaticAuthFails(t *testing.T) {
+	tfc := testConfig
+	testError := errors.New("test error")
+
+	tfc.SubjectTokenSupplier = testSubjectTokenSupplier{
+		err: testError,
+	}
+
+	base, err := tfc.parse(context.Background())
+	if err != nil {
+		t.Fatalf("parse() failed %v", err)
+	}
+
+	_, err = base.subjectToken()
+	if err == nil {
+		t.Fatalf("subjectToken() should have failed")
+	}
+	if testError != err {
+		t.Errorf("subjectToken = %e, want %e", err, testError)
+	}
+}
+
+func TestRetrieveSubjectToken_ProgrammaticAuthOptions(t *testing.T) {
+	tfc := testConfig
+	expectedOptions := SupplierOptions{Audience: tfc.Audience, SubjectTokenType: tfc.SubjectTokenType}
+
+	tfc.SubjectTokenSupplier = testSubjectTokenSupplier{
+		subjectToken:    "subjectToken",
+		expectedOptions: &expectedOptions,
+	}
+
+	base, err := tfc.parse(context.Background())
+	if err != nil {
+		t.Fatalf("parse() failed %v", err)
+	}
+
+	_, err = base.subjectToken()
+	if err != nil {
+		t.Fatalf("retrieveSubjectToken() failed: %v", err)
+	}
+}
+
+func TestRetrieveSubjectToken_ProgrammaticAuthContext(t *testing.T) {
+	tfc := testConfig
+	ctx := context.Background()
+
+	tfc.SubjectTokenSupplier = testSubjectTokenSupplier{
+		subjectToken:    "subjectToken",
+		expectedContext: ctx,
+	}
+
+	base, err := tfc.parse(ctx)
+	if err != nil {
+		t.Fatalf("parse() failed %v", err)
+	}
+
+	_, err = base.subjectToken()
+	if err != nil {
+		t.Fatalf("retrieveSubjectToken() failed: %v", err)
+	}
+}
+
+type testSubjectTokenSupplier struct {
+	err             error
+	subjectToken    string
+	expectedOptions *SupplierOptions
+	expectedContext context.Context
+}
+
+func (supp testSubjectTokenSupplier) SubjectToken(ctx context.Context, options SupplierOptions) (string, error) {
+	if supp.err != nil {
+		return "", supp.err
+	}
+	if supp.expectedOptions != nil {
+		if supp.expectedOptions.Audience != options.Audience {
+			return "", errors.New("Audience does not match")
+		}
+		if supp.expectedOptions.SubjectTokenType != options.SubjectTokenType {
+			return "", errors.New("Audience does not match")
+		}
+	}
+	if supp.expectedContext != nil {
+		if supp.expectedContext != ctx {
+			return "", errors.New("Context does not match")
+		}
+	}
+	return supp.subjectToken, nil
+}