google/downscope: add DownscopingConfig.UniverseDomain to support TPC

Change-Id: I3669352b382414ea640ca176afa4071995fc5ff1 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/557135 Reviewed-by: Cody Oss <codyoss@google.com> TryBot-Bypass: Cody Oss <codyoss@google.com> Auto-Submit: Cody Oss <codyoss@google.com>
2024-01-19 11:51:13 -07:00
parent 39adbb7807
commit deefa7e836
2 changed files with 56 additions and 9 deletions
--- a/google/downscope/downscoping_test.go
+++ b/google/downscope/downscoping_test.go
@@ -38,18 +38,43 @@ func Test_DownscopedTokenSource(t *testing.T) {
 		w.Write([]byte(standardRespBody))

 	}))
-	new := []AccessBoundaryRule{
+	myTok := oauth2.Token{AccessToken: "Mellon"}
+	tmpSrc := oauth2.StaticTokenSource(&myTok)
+	rules := []AccessBoundaryRule{
 		{
 			AvailableResource:    "test1",
 			AvailablePermissions: []string{"Perm1", "Perm2"},
 		},
 	}
-	myTok := oauth2.Token{AccessToken: "Mellon"}
-	tmpSrc := oauth2.StaticTokenSource(&myTok)
-	dts := downscopingTokenSource{context.Background(), DownscopingConfig{tmpSrc, new}}
-	identityBindingEndpoint = ts.URL
+	dts := downscopingTokenSource{
+		ctx: context.Background(),
+		config: DownscopingConfig{
+			RootSource: tmpSrc,
+			Rules:      rules,
+		},
+		identityBindingEndpoint: ts.URL,
+	}
 	_, err := dts.Token()
 	if err != nil {
 		t.Fatalf("NewDownscopedTokenSource failed with error: %v", err)
 	}
 }
+
+func Test_DownscopingConfig(t *testing.T) {
+	tests := []struct {
+		universeDomain string
+		want           string
+	}{
+		{"", "https://sts.googleapis.com/v1/token"},
+		{"googleapis.com", "https://sts.googleapis.com/v1/token"},
+		{"example.com", "https://sts.example.com/v1/token"},
+	}
+	for _, tt := range tests {
+		c := DownscopingConfig{
+			UniverseDomain: tt.universeDomain,
+		}
+		if got := c.identityBindingEndpoint(); got != tt.want {
+			t.Errorf("got %q, want %q", got, tt.want)
+		}
+	}
+}