Skip to content

Commit 0a7e112

Browse files
ScruffyProdigyScruffyProdigy
committed
adding test to make sure workforce pool requests include options={userProject:"myProject"}
1 parent 2c06da4 commit 0a7e112

File tree

1 file changed

+57
-5
lines changed

1 file changed

+57
-5
lines changed

google/internal/externalaccount/basecredentials_test.go

Lines changed: 57 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,17 +35,17 @@ var testConfig = Config{
3535
}
3636

3737
var (
38-
baseCredsRequestBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
39-
baseCredsResponseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}`
40-
correctAT = "Sample.Access.Token"
41-
expiry int64 = 234852
38+
baseCredsRequestBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
39+
baseCredsResponseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}`
40+
workforcePoolRequestBody = "audience=%2F%2Fiam.googleapis.com%2Flocations%2Feu%2FworkforcePools%2Fpool-id%2Fproviders%2Fprovider-id&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=%7B%22userProject%22%3A%22myProject%22%7D&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
41+
correctAT = "Sample.Access.Token"
42+
expiry int64 = 234852
4243
)
4344
var (
4445
testNow = func() time.Time { return time.Unix(expiry, 0) }
4546
)
4647

4748
func TestToken(t *testing.T) {
48-
4949
targetServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
5050
if got, want := r.URL.String(), "/"; got != want {
5151
t.Errorf("URL.String(): got %v but want %v", got, want)
@@ -94,7 +94,59 @@ func TestToken(t *testing.T) {
9494
if got, want := tok.Expiry, now().Add(time.Duration(3600)*time.Second); got != want {
9595
t.Errorf("Unexpected Expiry: got %v, but wanted %v", got, want)
9696
}
97+
}
98+
99+
func TestWorkforcePoolToken(t *testing.T) {
100+
targetServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
101+
if got, want := r.URL.String(), "/"; got != want {
102+
t.Errorf("URL.String(): got %v but want %v", got, want)
103+
}
104+
headerAuth := r.Header.Get("Authorization")
105+
if got, want := headerAuth, "Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="; got != want {
106+
t.Errorf("got %v but want %v", got, want)
107+
}
108+
headerContentType := r.Header.Get("Content-Type")
109+
if got, want := headerContentType, "application/x-www-form-urlencoded"; got != want {
110+
t.Errorf("got %v but want %v", got, want)
111+
}
112+
body, err := ioutil.ReadAll(r.Body)
113+
if err != nil {
114+
t.Fatalf("Failed reading request body: %s.", err)
115+
}
116+
if got, want := string(body), workforcePoolRequestBody; got != want {
117+
t.Errorf("Unexpected exchange payload: got %v but want %v", got, want)
118+
}
119+
w.Header().Set("Content-Type", "application/json")
120+
w.Write([]byte(baseCredsResponseBody))
121+
}))
122+
defer targetServer.Close()
97123

124+
testConfig.TokenURL = targetServer.URL
125+
testConfig.WorkforcePoolUserProject = "myProject"
126+
testConfig.Audience = "//iam.googleapis.com/locations/eu/workforcePools/pool-id/providers/provider-id"
127+
ourTS := tokenSource{
128+
ctx: context.Background(),
129+
conf: &testConfig,
130+
}
131+
132+
oldNow := now
133+
defer func() { now = oldNow }()
134+
now = testNow
135+
136+
tok, err := ourTS.Token()
137+
if err != nil {
138+
t.Fatalf("Unexpected error: %e", err)
139+
}
140+
if got, want := tok.AccessToken, correctAT; got != want {
141+
t.Errorf("Unexpected access token: got %v, but wanted %v", got, want)
142+
}
143+
if got, want := tok.TokenType, "Bearer"; got != want {
144+
t.Errorf("Unexpected TokenType: got %v, but wanted %v", got, want)
145+
}
146+
147+
if got, want := tok.Expiry, now().Add(time.Duration(3600)*time.Second); got != want {
148+
t.Errorf("Unexpected Expiry: got %v, but wanted %v", got, want)
149+
}
98150
}
99151

100152
func TestValidateURLTokenURL(t *testing.T) {

0 commit comments

Comments
 (0)