forked from remote/oauth2
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
62b4eedd72 | ||
|
|
885f294722 | ||
|
|
6f9c1a18cc | ||
|
|
c82d0e16dc | ||
|
|
adbaf66a0b | ||
|
|
e07593a4c4 |
2
go.mod
2
go.mod
@@ -5,11 +5,11 @@ go 1.17
|
||||
require (
|
||||
cloud.google.com/go/compute/metadata v0.2.0
|
||||
github.com/google/go-cmp v0.5.8
|
||||
golang.org/x/net v0.5.0
|
||||
google.golang.org/appengine v1.6.7
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
golang.org/x/net v0.8.0 // indirect
|
||||
google.golang.org/protobuf v1.28.0 // indirect
|
||||
)
|
||||
|
||||
17
go.sum
17
go.sum
@@ -11,31 +11,38 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
|
||||
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
|
||||
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
|
||||
|
||||
@@ -62,6 +62,10 @@ type CredentialsParams struct {
|
||||
|
||||
// PKCE is used to support PKCE flow. Optional for 3LO flow.
|
||||
PKCE *authhandler.PKCEParams
|
||||
|
||||
// The OAuth2 TokenURL default override. This value overrides the default TokenURL,
|
||||
// unless explicitly specified by the credentials config file. Optional.
|
||||
TokenURL string
|
||||
}
|
||||
|
||||
func (params CredentialsParams) deepCopy() CredentialsParams {
|
||||
@@ -137,7 +141,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
|
||||
// use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
|
||||
// and App Engine flexible use ComputeTokenSource and the metadata server.
|
||||
if appengineTokenFunc != nil {
|
||||
return &DefaultCredentials{
|
||||
return &Credentials{
|
||||
ProjectID: appengineAppIDFunc(ctx),
|
||||
TokenSource: AppEngineTokenSource(ctx, params.Scopes...),
|
||||
}, nil
|
||||
@@ -147,7 +151,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
|
||||
// or App Engine flexible, use the metadata server.
|
||||
if metadata.OnGCE() {
|
||||
id, _ := metadata.ProjectID()
|
||||
return &DefaultCredentials{
|
||||
return &Credentials{
|
||||
ProjectID: id,
|
||||
TokenSource: ComputeTokenSource("", params.Scopes...),
|
||||
}, nil
|
||||
@@ -194,7 +198,7 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
|
||||
return nil, err
|
||||
}
|
||||
ts = newErrWrappingTokenSource(ts)
|
||||
return &DefaultCredentials{
|
||||
return &Credentials{
|
||||
ProjectID: f.ProjectID,
|
||||
TokenSource: ts,
|
||||
JSON: jsonData,
|
||||
@@ -216,7 +220,7 @@ func wellKnownFile() string {
|
||||
return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", f)
|
||||
}
|
||||
|
||||
func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*DefaultCredentials, error) {
|
||||
func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*Credentials, error) {
|
||||
b, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -57,6 +57,11 @@
|
||||
// executable-sourced credentials), please check out:
|
||||
// https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc
|
||||
//
|
||||
// Note that this library does not perform any validation on the token_url, token_info_url,
|
||||
// or service_account_impersonation_url fields of the credential configuration.
|
||||
// It is not recommended to use a credential configuration that you did not generate with
|
||||
// the gcloud CLI unless you verify that the URL fields point to a googleapis.com domain.
|
||||
//
|
||||
// # Credentials
|
||||
//
|
||||
// The Credentials type represents Google credentials, including Application Default
|
||||
@@ -81,4 +86,5 @@
|
||||
// same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
|
||||
// JWTConfigFromJSON, but the Credentials may contain additional information
|
||||
// that is useful is some circumstances.
|
||||
//
|
||||
package google // import "golang.org/x/oauth2/google"
|
||||
|
||||
@@ -26,6 +26,9 @@ var Endpoint = oauth2.Endpoint{
|
||||
AuthStyle: oauth2.AuthStyleInParams,
|
||||
}
|
||||
|
||||
// MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
|
||||
const MTLSTokenURL = "https://oauth2.mtls.googleapis.com/token"
|
||||
|
||||
// JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
|
||||
const JWTTokenURL = "https://oauth2.googleapis.com/token"
|
||||
|
||||
@@ -172,7 +175,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
|
||||
cfg.Endpoint.AuthURL = Endpoint.AuthURL
|
||||
}
|
||||
if cfg.Endpoint.TokenURL == "" {
|
||||
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
||||
if params.TokenURL != "" {
|
||||
cfg.Endpoint.TokenURL = params.TokenURL
|
||||
} else {
|
||||
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
||||
}
|
||||
}
|
||||
tok := &oauth2.Token{RefreshToken: f.RefreshToken}
|
||||
return cfg.TokenSource(ctx, tok), nil
|
||||
|
||||
@@ -67,22 +67,6 @@ type Config struct {
|
||||
// that include all elements in a given list, in that order.
|
||||
|
||||
var (
|
||||
validTokenURLPatterns = []*regexp.Regexp{
|
||||
// The complicated part in the middle matches any number of characters that
|
||||
// aren't period, spaces, or slashes.
|
||||
regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
|
||||
regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
|
||||
}
|
||||
validImpersonateURLPatterns = []*regexp.Regexp{
|
||||
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
|
||||
regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
|
||||
}
|
||||
validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
|
||||
)
|
||||
|
||||
@@ -110,25 +94,13 @@ func validateWorkforceAudience(input string) bool {
|
||||
|
||||
// TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
|
||||
func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
|
||||
return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns, "https")
|
||||
return c.tokenSource(ctx, "https")
|
||||
}
|
||||
|
||||
// tokenSource is a private function that's directly called by some of the tests,
|
||||
// because the unit test URLs are mocked, and would otherwise fail the
|
||||
// validity check.
|
||||
func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
|
||||
valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
|
||||
if !valid {
|
||||
return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
|
||||
}
|
||||
|
||||
if c.ServiceAccountImpersonationURL != "" {
|
||||
valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
|
||||
if !valid {
|
||||
return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Config) tokenSource(ctx context.Context, scheme string) (oauth2.TokenSource, error) {
|
||||
if c.WorkforcePoolUserProject != "" {
|
||||
valid := validateWorkforceAudience(c.Audience)
|
||||
if !valid {
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -208,140 +207,6 @@ func TestNonworkforceWithWorkforcePoolUserProject(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURLTokenURL(t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
tokURL string
|
||||
expectSuccess bool
|
||||
}{
|
||||
{"https://east.sts.googleapis.com", true},
|
||||
{"https://sts.googleapis.com", true},
|
||||
{"https://sts.asfeasfesef.googleapis.com", true},
|
||||
{"https://us-east-1-sts.googleapis.com", true},
|
||||
{"https://sts.googleapis.com/your/path/here", true},
|
||||
{"https://.sts.googleapis.com", false},
|
||||
{"https://badsts.googleapis.com", false},
|
||||
{"https://sts.asfe.asfesef.googleapis.com", false},
|
||||
{"https://sts..googleapis.com", false},
|
||||
{"https://-sts.googleapis.com", false},
|
||||
{"https://us-ea.st-1-sts.googleapis.com", false},
|
||||
{"https://sts.googleapis.com.evil.com/whatever/path", false},
|
||||
{"https://us-eas\\t-1.sts.googleapis.com", false},
|
||||
{"https:/us-ea/st-1.sts.googleapis.com", false},
|
||||
{"https:/us-east 1.sts.googleapis.com", false},
|
||||
{"https://", false},
|
||||
{"http://us-east-1.sts.googleapis.com", false},
|
||||
{"https://us-east-1.sts.googleapis.comevil.com", false},
|
||||
{"https://sts-xyz.p.googleapis.com", true},
|
||||
{"https://sts.pgoogleapis.com", false},
|
||||
{"https://p.googleapis.com", false},
|
||||
{"https://sts.p.com", false},
|
||||
{"http://sts.p.googleapis.com", false},
|
||||
{"https://xyz-sts.p.googleapis.com", false},
|
||||
{"https://sts-xyz.123.p.googleapis.com", false},
|
||||
{"https://sts-xyz.p1.googleapis.com", false},
|
||||
{"https://sts-xyz.p.foo.com", false},
|
||||
{"https://sts-xyz.p.foo.googleapis.com", false},
|
||||
}
|
||||
ctx := context.Background()
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.tokURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
config := testConfig
|
||||
config.TokenURL = tt.tokURL
|
||||
_, err := config.TokenSource(ctx)
|
||||
|
||||
if tt.expectSuccess && err != nil {
|
||||
t.Errorf("got %v but want nil", err)
|
||||
} else if !tt.expectSuccess && err == nil {
|
||||
t.Errorf("got nil but expected an error")
|
||||
}
|
||||
})
|
||||
}
|
||||
for _, el := range urlValidityTests {
|
||||
el.tokURL = strings.ToUpper(el.tokURL)
|
||||
}
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.tokURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
config := testConfig
|
||||
config.TokenURL = tt.tokURL
|
||||
_, err := config.TokenSource(ctx)
|
||||
|
||||
if tt.expectSuccess && err != nil {
|
||||
t.Errorf("got %v but want nil", err)
|
||||
} else if !tt.expectSuccess && err == nil {
|
||||
t.Errorf("got nil but expected an error")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateURLImpersonateURL(t *testing.T) {
|
||||
var urlValidityTests = []struct {
|
||||
impURL string
|
||||
expectSuccess bool
|
||||
}{
|
||||
{"https://east.iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.asfeasfesef.googleapis.com", true},
|
||||
{"https://us-east-1-iamcredentials.googleapis.com", true},
|
||||
{"https://iamcredentials.googleapis.com/your/path/here", true},
|
||||
{"https://.iamcredentials.googleapis.com", false},
|
||||
{"https://badiamcredentials.googleapis.com", false},
|
||||
{"https://iamcredentials.asfe.asfesef.googleapis.com", false},
|
||||
{"https://iamcredentials..googleapis.com", false},
|
||||
{"https://-iamcredentials.googleapis.com", false},
|
||||
{"https://us-ea.st-1-iamcredentials.googleapis.com", false},
|
||||
{"https://iamcredentials.googleapis.com.evil.com/whatever/path", false},
|
||||
{"https://us-eas\\t-1.iamcredentials.googleapis.com", false},
|
||||
{"https:/us-ea/st-1.iamcredentials.googleapis.com", false},
|
||||
{"https:/us-east 1.iamcredentials.googleapis.com", false},
|
||||
{"https://", false},
|
||||
{"http://us-east-1.iamcredentials.googleapis.com", false},
|
||||
{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
|
||||
{"https://iamcredentials-xyz.p.googleapis.com", true},
|
||||
{"https://iamcredentials.pgoogleapis.com", false},
|
||||
{"https://p.googleapis.com", false},
|
||||
{"https://iamcredentials.p.com", false},
|
||||
{"http://iamcredentials.p.googleapis.com", false},
|
||||
{"https://xyz-iamcredentials.p.googleapis.com", false},
|
||||
{"https://iamcredentials-xyz.123.p.googleapis.com", false},
|
||||
{"https://iamcredentials-xyz.p1.googleapis.com", false},
|
||||
{"https://iamcredentials-xyz.p.foo.com", false},
|
||||
{"https://iamcredentials-xyz.p.foo.googleapis.com", false},
|
||||
}
|
||||
ctx := context.Background()
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.impURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
config := testConfig
|
||||
config.TokenURL = "https://sts.googleapis.com" // Setting the most basic acceptable tokenURL
|
||||
config.ServiceAccountImpersonationURL = tt.impURL
|
||||
_, err := config.TokenSource(ctx)
|
||||
|
||||
if tt.expectSuccess && err != nil {
|
||||
t.Errorf("got %v but want nil", err)
|
||||
} else if !tt.expectSuccess && err == nil {
|
||||
t.Errorf("got nil but expected an error")
|
||||
}
|
||||
})
|
||||
}
|
||||
for _, el := range urlValidityTests {
|
||||
el.impURL = strings.ToUpper(el.impURL)
|
||||
}
|
||||
for _, tt := range urlValidityTests {
|
||||
t.Run(" "+tt.impURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
|
||||
config := testConfig
|
||||
config.TokenURL = "https://sts.googleapis.com" // Setting the most basic acceptable tokenURL
|
||||
config.ServiceAccountImpersonationURL = tt.impURL
|
||||
_, err := config.TokenSource(ctx)
|
||||
|
||||
if tt.expectSuccess && err != nil {
|
||||
t.Errorf("got %v but want nil", err)
|
||||
} else if !tt.expectSuccess && err == nil {
|
||||
t.Errorf("got nil but expected an error")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestWorkforcePoolCreation(t *testing.T) {
|
||||
var audienceValidatyTests = []struct {
|
||||
audience string
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"regexp"
|
||||
"testing"
|
||||
)
|
||||
|
||||
@@ -114,8 +113,7 @@ func TestImpersonation(t *testing.T) {
|
||||
defer targetServer.Close()
|
||||
testImpersonateConfig.TokenURL = targetServer.URL
|
||||
|
||||
allURLs := regexp.MustCompile(".+")
|
||||
ourTS, err := testImpersonateConfig.tokenSource(context.Background(), []*regexp.Regexp{allURLs}, []*regexp.Regexp{allURLs}, "http")
|
||||
ourTS, err := testImpersonateConfig.tokenSource(context.Background(), "http")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create TokenSource: %v", err)
|
||||
}
|
||||
|
||||
@@ -19,8 +19,6 @@ import (
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context/ctxhttp"
|
||||
)
|
||||
|
||||
// Token represents the credentials used to authorize
|
||||
@@ -229,7 +227,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
|
||||
}
|
||||
|
||||
func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
|
||||
r, err := ctxhttp.Do(ctx, ContextClient(ctx), req)
|
||||
r, err := ContextClient(ctx).Do(req.WithContext(ctx))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user