...

Source file src/cloud.google.com/go/auth/credentials/internal/gdch/gdch_test.go

Documentation: cloud.google.com/go/auth/credentials/internal/gdch

     1  // Copyright 2023 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package gdch
    16  
    17  import (
    18  	"context"
    19  	"encoding/base64"
    20  	"encoding/json"
    21  	"fmt"
    22  	"net/http"
    23  	"net/http/httptest"
    24  	"os"
    25  	"strings"
    26  	"testing"
    27  
    28  	"cloud.google.com/go/auth/internal"
    29  	"cloud.google.com/go/auth/internal/credsfile"
    30  	"cloud.google.com/go/auth/internal/jwt"
    31  )
    32  
    33  func TestTokenProvider(t *testing.T) {
    34  	aud := "http://sampele-aud.com/"
    35  	b, err := os.ReadFile("../../../internal/testdata/gdch.json")
    36  	if err != nil {
    37  		t.Fatal(err)
    38  	}
    39  	f, err := credsfile.ParseGDCHServiceAccount(b)
    40  	if err != nil {
    41  		t.Fatal(err)
    42  	}
    43  	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    44  		if r.Method != "POST" {
    45  			t.Errorf("unexpected request method: %v", r.Method)
    46  		}
    47  		if err := r.ParseForm(); err != nil {
    48  			t.Error(err)
    49  		}
    50  		parts := strings.Split(r.FormValue("subject_token"), ".")
    51  		var header jwt.Header
    52  		var claims jwt.Claims
    53  		b, err = base64.RawURLEncoding.DecodeString(parts[0])
    54  		if err != nil {
    55  			t.Fatal(err)
    56  		}
    57  		if err := json.Unmarshal(b, &header); err != nil {
    58  			t.Fatal(err)
    59  		}
    60  		b, err = base64.RawURLEncoding.DecodeString(parts[1])
    61  		if err != nil {
    62  			t.Fatal(err)
    63  		}
    64  		if err := json.Unmarshal(b, &claims); err != nil {
    65  			t.Fatal(err)
    66  		}
    67  
    68  		if got := r.FormValue("audience"); got != aud {
    69  			t.Errorf("got audience %v, want %v", got, GrantType)
    70  		}
    71  		if want := jwt.HeaderAlgRSA256; header.Algorithm != want {
    72  			t.Errorf("got alg %q, want %q", header.Algorithm, want)
    73  		}
    74  		if want := jwt.HeaderType; header.Type != want {
    75  			t.Errorf("got typ %q, want %q", header.Type, want)
    76  		}
    77  		if want := "abcdef1234567890"; header.KeyID != want {
    78  			t.Errorf("got kid %q, want %q", header.KeyID, want)
    79  		}
    80  
    81  		if want := "system:serviceaccount:fake_project:sa_name"; claims.Iss != want {
    82  			t.Errorf("got iss %q, want %q", claims.Iss, want)
    83  		}
    84  		if want := "system:serviceaccount:fake_project:sa_name"; claims.Sub != want {
    85  			t.Errorf("got sub %q, want %q", claims.Sub, want)
    86  		}
    87  		if want := fmt.Sprintf("http://%s", r.Host); claims.Aud != want {
    88  			t.Errorf("got aud %q, want %q", claims.Aud, want)
    89  		}
    90  		w.Write([]byte(`{
    91  			"access_token": "a_fake_token",
    92  			"token_type": "Bearer",
    93  			"expires_in": 60
    94  		}`))
    95  	}))
    96  	f.TokenURL = ts.URL
    97  	f.CertPath = "../../../internal/testdata/cert.pem"
    98  	b, err = json.Marshal(&f)
    99  	if err != nil {
   100  		t.Fatal(err)
   101  	}
   102  
   103  	if _, err := NewTokenProvider(f, &Options{}); err == nil {
   104  		t.Fatal("STSAudience should be required")
   105  	}
   106  
   107  	cred, err := NewTokenProvider(f, &Options{
   108  		STSAudience: aud,
   109  		Client:      internal.CloneDefaultClient(),
   110  	})
   111  	if err != nil {
   112  		t.Fatal(err)
   113  	}
   114  
   115  	tok, err := cred.Token(context.Background())
   116  	if err != nil {
   117  		t.Fatal(err)
   118  	}
   119  	if want := "a_fake_token"; tok.Value != want {
   120  		t.Fatalf("got AccessToken %q, want %q", tok.Value, want)
   121  	}
   122  	if want := internal.TokenTypeBearer; tok.Type != want {
   123  		t.Fatalf("got TokenType %q, want %q", tok.Type, want)
   124  	}
   125  }
   126  

View as plain text