forked from remote/oauth2
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 452d0a63bf | |||
|
ebe81ad837 | ||
|
|
adffd94437 | ||
|
|
deefa7e836 |
8
go.mod
8
go.mod
@@ -5,12 +5,6 @@ go 1.18
|
|||||||
require (
|
require (
|
||||||
cloud.google.com/go/compute/metadata v0.2.3
|
cloud.google.com/go/compute/metadata v0.2.3
|
||||||
github.com/google/go-cmp v0.5.9
|
github.com/google/go-cmp v0.5.9
|
||||||
google.golang.org/appengine v1.6.7
|
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require cloud.google.com/go/compute v1.20.1 // indirect
|
||||||
cloud.google.com/go/compute v1.20.1 // indirect
|
|
||||||
github.com/golang/protobuf v1.5.3 // indirect
|
|
||||||
golang.org/x/net v0.20.0 // indirect
|
|
||||||
google.golang.org/protobuf v1.31.0 // indirect
|
|
||||||
)
|
|
||||||
|
|||||||
20
go.sum
20
go.sum
@@ -2,25 +2,5 @@ cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZN
|
|||||||
cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
|
cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
|
||||||
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
|
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
|
||||||
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
|
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
|
||||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
|
||||||
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
|
||||||
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
|
|
||||||
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
|
||||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
|
||||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
||||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
|
||||||
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
|
|
||||||
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
|
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
|
||||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
|
||||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
|
||||||
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
|
|
||||||
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
|
||||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
|
||||||
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
|
||||||
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
|
|
||||||
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
|
||||||
|
|||||||
@@ -1,38 +0,0 @@
|
|||||||
// Copyright 2014 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package google
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
|
|
||||||
var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error)
|
|
||||||
|
|
||||||
// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
|
|
||||||
var appengineAppIDFunc func(c context.Context) string
|
|
||||||
|
|
||||||
// AppEngineTokenSource returns a token source that fetches tokens from either
|
|
||||||
// the current application's service account or from the metadata server,
|
|
||||||
// depending on the App Engine environment. See below for environment-specific
|
|
||||||
// details. If you are implementing a 3-legged OAuth 2.0 flow on App Engine that
|
|
||||||
// involves user accounts, see oauth2.Config instead.
|
|
||||||
//
|
|
||||||
// First generation App Engine runtimes (<= Go 1.9):
|
|
||||||
// AppEngineTokenSource returns a token source that fetches tokens issued to the
|
|
||||||
// current App Engine application's service account. The provided context must have
|
|
||||||
// come from appengine.NewContext.
|
|
||||||
//
|
|
||||||
// Second generation App Engine runtimes (>= Go 1.11) and App Engine flexible:
|
|
||||||
// AppEngineTokenSource is DEPRECATED on second generation runtimes and on the
|
|
||||||
// flexible environment. It delegates to ComputeTokenSource, and the provided
|
|
||||||
// context and scopes are not used. Please use DefaultTokenSource (or ComputeTokenSource,
|
|
||||||
// which DefaultTokenSource will use in this case) instead.
|
|
||||||
func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
|
|
||||||
return appEngineTokenSource(ctx, scope...)
|
|
||||||
}
|
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
// Copyright 2018 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
//go:build appengine
|
|
||||||
|
|
||||||
// This file applies to App Engine first generation runtimes (<= Go 1.9).
|
|
||||||
|
|
||||||
package google
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"sort"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
|
||||||
"google.golang.org/appengine"
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
appengineTokenFunc = appengine.AccessToken
|
|
||||||
appengineAppIDFunc = appengine.AppID
|
|
||||||
}
|
|
||||||
|
|
||||||
// See comment on AppEngineTokenSource in appengine.go.
|
|
||||||
func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
|
|
||||||
scopes := append([]string{}, scope...)
|
|
||||||
sort.Strings(scopes)
|
|
||||||
return &gaeTokenSource{
|
|
||||||
ctx: ctx,
|
|
||||||
scopes: scopes,
|
|
||||||
key: strings.Join(scopes, " "),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// aeTokens helps the fetched tokens to be reused until their expiration.
|
|
||||||
var (
|
|
||||||
aeTokensMu sync.Mutex
|
|
||||||
aeTokens = make(map[string]*tokenLock) // key is space-separated scopes
|
|
||||||
)
|
|
||||||
|
|
||||||
type tokenLock struct {
|
|
||||||
mu sync.Mutex // guards t; held while fetching or updating t
|
|
||||||
t *oauth2.Token
|
|
||||||
}
|
|
||||||
|
|
||||||
type gaeTokenSource struct {
|
|
||||||
ctx context.Context
|
|
||||||
scopes []string
|
|
||||||
key string // to aeTokens map; space-separated scopes
|
|
||||||
}
|
|
||||||
|
|
||||||
func (ts *gaeTokenSource) Token() (*oauth2.Token, error) {
|
|
||||||
aeTokensMu.Lock()
|
|
||||||
tok, ok := aeTokens[ts.key]
|
|
||||||
if !ok {
|
|
||||||
tok = &tokenLock{}
|
|
||||||
aeTokens[ts.key] = tok
|
|
||||||
}
|
|
||||||
aeTokensMu.Unlock()
|
|
||||||
|
|
||||||
tok.mu.Lock()
|
|
||||||
defer tok.mu.Unlock()
|
|
||||||
if tok.t.Valid() {
|
|
||||||
return tok.t, nil
|
|
||||||
}
|
|
||||||
access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
tok.t = &oauth2.Token{
|
|
||||||
AccessToken: access,
|
|
||||||
Expiry: exp,
|
|
||||||
}
|
|
||||||
return tok.t, nil
|
|
||||||
}
|
|
||||||
@@ -1,27 +0,0 @@
|
|||||||
// Copyright 2018 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
//go:build !appengine
|
|
||||||
|
|
||||||
// This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible.
|
|
||||||
|
|
||||||
package google
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"log"
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
|
||||||
)
|
|
||||||
|
|
||||||
var logOnce sync.Once // only spam about deprecation once
|
|
||||||
|
|
||||||
// See comment on AppEngineTokenSource in appengine.go.
|
|
||||||
func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
|
|
||||||
logOnce.Do(func() {
|
|
||||||
log.Print("google: AppEngineTokenSource is deprecated on App Engine standard second generation runtimes (>= Go 1.11) and App Engine flexible. Please use DefaultTokenSource or ComputeTokenSource.")
|
|
||||||
})
|
|
||||||
return ComputeTokenSource("")
|
|
||||||
}
|
|
||||||
@@ -224,16 +224,6 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
|
|||||||
return CredentialsFromJSONWithParams(ctx, b, params)
|
return CredentialsFromJSONWithParams(ctx, b, params)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)
|
|
||||||
// use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
|
|
||||||
// and App Engine flexible use ComputeTokenSource and the metadata server.
|
|
||||||
if appengineTokenFunc != nil {
|
|
||||||
return &Credentials{
|
|
||||||
ProjectID: appengineAppIDFunc(ctx),
|
|
||||||
TokenSource: AppEngineTokenSource(ctx, params.Scopes...),
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fourth, if we're on Google Compute Engine, an App Engine standard second generation runtime,
|
// Fourth, if we're on Google Compute Engine, an App Engine standard second generation runtime,
|
||||||
// or App Engine flexible, use the metadata server.
|
// or App Engine flexible, use the metadata server.
|
||||||
if metadata.OnGCE() {
|
if metadata.OnGCE() {
|
||||||
|
|||||||
@@ -42,13 +42,16 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
const (
|
||||||
identityBindingEndpoint = "https://sts.googleapis.com/v1/token"
|
universeDomainPlaceholder = "UNIVERSE_DOMAIN"
|
||||||
|
identityBindingEndpointTemplate = "https://sts.UNIVERSE_DOMAIN/v1/token"
|
||||||
|
universeDomainDefault = "googleapis.com"
|
||||||
)
|
)
|
||||||
|
|
||||||
type accessBoundary struct {
|
type accessBoundary struct {
|
||||||
@@ -105,6 +108,18 @@ type DownscopingConfig struct {
|
|||||||
// access (or set of accesses) that the new token has to a given resource.
|
// access (or set of accesses) that the new token has to a given resource.
|
||||||
// There can be a maximum of 10 AccessBoundaryRules.
|
// There can be a maximum of 10 AccessBoundaryRules.
|
||||||
Rules []AccessBoundaryRule
|
Rules []AccessBoundaryRule
|
||||||
|
// UniverseDomain is the default service domain for a given Cloud universe.
|
||||||
|
// The default value is "googleapis.com". Optional.
|
||||||
|
UniverseDomain string
|
||||||
|
}
|
||||||
|
|
||||||
|
// identityBindingEndpoint returns the identity binding endpoint with the
|
||||||
|
// configured universe domain.
|
||||||
|
func (dc *DownscopingConfig) identityBindingEndpoint() string {
|
||||||
|
if dc.UniverseDomain == "" {
|
||||||
|
return strings.Replace(identityBindingEndpointTemplate, universeDomainPlaceholder, universeDomainDefault, 1)
|
||||||
|
}
|
||||||
|
return strings.Replace(identityBindingEndpointTemplate, universeDomainPlaceholder, dc.UniverseDomain, 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
// A downscopingTokenSource is used to retrieve a downscoped token with restricted
|
// A downscopingTokenSource is used to retrieve a downscoped token with restricted
|
||||||
@@ -114,6 +129,9 @@ type downscopingTokenSource struct {
|
|||||||
ctx context.Context
|
ctx context.Context
|
||||||
// config holds the information necessary to generate a downscoped Token.
|
// config holds the information necessary to generate a downscoped Token.
|
||||||
config DownscopingConfig
|
config DownscopingConfig
|
||||||
|
// identityBindingEndpoint is the identity binding endpoint with the
|
||||||
|
// configured universe domain.
|
||||||
|
identityBindingEndpoint string
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewTokenSource returns a configured downscopingTokenSource.
|
// NewTokenSource returns a configured downscopingTokenSource.
|
||||||
@@ -135,7 +153,11 @@ func NewTokenSource(ctx context.Context, conf DownscopingConfig) (oauth2.TokenSo
|
|||||||
return nil, fmt.Errorf("downscope: all rules must provide at least one permission: %+v", val)
|
return nil, fmt.Errorf("downscope: all rules must provide at least one permission: %+v", val)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return downscopingTokenSource{ctx: ctx, config: conf}, nil
|
return downscopingTokenSource{
|
||||||
|
ctx: ctx,
|
||||||
|
config: conf,
|
||||||
|
identityBindingEndpoint: conf.identityBindingEndpoint(),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token() uses a downscopingTokenSource to generate an oauth2 Token.
|
// Token() uses a downscopingTokenSource to generate an oauth2 Token.
|
||||||
@@ -171,7 +193,7 @@ func (dts downscopingTokenSource) Token() (*oauth2.Token, error) {
|
|||||||
form.Add("options", string(b))
|
form.Add("options", string(b))
|
||||||
|
|
||||||
myClient := oauth2.NewClient(dts.ctx, nil)
|
myClient := oauth2.NewClient(dts.ctx, nil)
|
||||||
resp, err := myClient.PostForm(identityBindingEndpoint, form)
|
resp, err := myClient.PostForm(dts.identityBindingEndpoint, form)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to generate POST Request %v", err)
|
return nil, fmt.Errorf("unable to generate POST Request %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,18 +38,43 @@ func Test_DownscopedTokenSource(t *testing.T) {
|
|||||||
w.Write([]byte(standardRespBody))
|
w.Write([]byte(standardRespBody))
|
||||||
|
|
||||||
}))
|
}))
|
||||||
new := []AccessBoundaryRule{
|
myTok := oauth2.Token{AccessToken: "Mellon"}
|
||||||
|
tmpSrc := oauth2.StaticTokenSource(&myTok)
|
||||||
|
rules := []AccessBoundaryRule{
|
||||||
{
|
{
|
||||||
AvailableResource: "test1",
|
AvailableResource: "test1",
|
||||||
AvailablePermissions: []string{"Perm1", "Perm2"},
|
AvailablePermissions: []string{"Perm1", "Perm2"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
myTok := oauth2.Token{AccessToken: "Mellon"}
|
dts := downscopingTokenSource{
|
||||||
tmpSrc := oauth2.StaticTokenSource(&myTok)
|
ctx: context.Background(),
|
||||||
dts := downscopingTokenSource{context.Background(), DownscopingConfig{tmpSrc, new}}
|
config: DownscopingConfig{
|
||||||
identityBindingEndpoint = ts.URL
|
RootSource: tmpSrc,
|
||||||
|
Rules: rules,
|
||||||
|
},
|
||||||
|
identityBindingEndpoint: ts.URL,
|
||||||
|
}
|
||||||
_, err := dts.Token()
|
_, err := dts.Token()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("NewDownscopedTokenSource failed with error: %v", err)
|
t.Fatalf("NewDownscopedTokenSource failed with error: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Test_DownscopingConfig(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
universeDomain string
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{"", "https://sts.googleapis.com/v1/token"},
|
||||||
|
{"googleapis.com", "https://sts.googleapis.com/v1/token"},
|
||||||
|
{"example.com", "https://sts.example.com/v1/token"},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
c := DownscopingConfig{
|
||||||
|
UniverseDomain: tt.universeDomain,
|
||||||
|
}
|
||||||
|
if got := c.identityBindingEndpoint(); got != tt.want {
|
||||||
|
t.Errorf("got %q, want %q", got, tt.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var serviceAccountImpersonationRE = regexp.MustCompile("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/(.*@.*):generateAccessToken")
|
var serviceAccountImpersonationRE = regexp.MustCompile("https://iamcredentials\\..+/v1/projects/-/serviceAccounts/(.*@.*):generateAccessToken")
|
||||||
|
|
||||||
const (
|
const (
|
||||||
executableSupportedMaxVersion = 1
|
executableSupportedMaxVersion = 1
|
||||||
|
|||||||
@@ -1021,3 +1021,37 @@ func TestRetrieveOutputFileSubjectTokenJwt(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestServiceAccountImpersonationRE(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
serviceAccountImpersonationURL string
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "universe domain Google Default Universe (GDU) googleapis.com",
|
||||||
|
serviceAccountImpersonationURL: "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/test@project.iam.gserviceaccount.com:generateAccessToken",
|
||||||
|
want: "test@project.iam.gserviceaccount.com",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "email does not match",
|
||||||
|
serviceAccountImpersonationURL: "test@project.iam.gserviceaccount.com",
|
||||||
|
want: "",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "universe domain non-GDU",
|
||||||
|
serviceAccountImpersonationURL: "https://iamcredentials.apis-tpclp.goog/v1/projects/-/serviceAccounts/test@project.iam.gserviceaccount.com:generateAccessToken",
|
||||||
|
want: "test@project.iam.gserviceaccount.com",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
matches := serviceAccountImpersonationRE.FindStringSubmatch(tt.serviceAccountImpersonationURL)
|
||||||
|
if matches == nil {
|
||||||
|
if tt.want != "" {
|
||||||
|
t.Errorf("%q: got nil, want %q", tt.name, tt.want)
|
||||||
|
}
|
||||||
|
} else if matches[1] != tt.want {
|
||||||
|
t.Errorf("%q: got %q, want %q", tt.name, matches[1], tt.want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
// Copyright 2018 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
//go:build appengine
|
|
||||||
|
|
||||||
package internal
|
|
||||||
|
|
||||||
import "google.golang.org/appengine/urlfetch"
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
appengineClientHook = urlfetch.Client
|
|
||||||
}
|
|
||||||
@@ -18,16 +18,11 @@ var HTTPClient ContextKey
|
|||||||
// because nobody else can create a ContextKey, being unexported.
|
// because nobody else can create a ContextKey, being unexported.
|
||||||
type ContextKey struct{}
|
type ContextKey struct{}
|
||||||
|
|
||||||
var appengineClientHook func(context.Context) *http.Client
|
|
||||||
|
|
||||||
func ContextClient(ctx context.Context) *http.Client {
|
func ContextClient(ctx context.Context) *http.Client {
|
||||||
if ctx != nil {
|
if ctx != nil {
|
||||||
if hc, ok := ctx.Value(HTTPClient).(*http.Client); ok {
|
if hc, ok := ctx.Value(HTTPClient).(*http.Client); ok {
|
||||||
return hc
|
return hc
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if appengineClientHook != nil {
|
|
||||||
return appengineClientHook(ctx)
|
|
||||||
}
|
|
||||||
return http.DefaultClient
|
return http.DefaultClient
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user