golang.org/x/oauth2@v0.18.0/google/default_test.go (about) 1 // Copyright 2023 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package google 6 7 import ( 8 "context" 9 "net/http" 10 "net/http/httptest" 11 "strings" 12 "testing" 13 ) 14 15 var saJSONJWT = []byte(`{ 16 "type": "service_account", 17 "project_id": "fake_project", 18 "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b", 19 "private_key": "super secret key", 20 "client_email": "gopher@developer.gserviceaccount.com", 21 "client_id": "gopher.apps.googleusercontent.com", 22 "auth_uri": "https://accounts.google.com/o/oauth2/auth", 23 "token_uri": "https://oauth2.googleapis.com/token", 24 "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 25 "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com" 26 }`) 27 28 var saJSONJWTUniverseDomain = []byte(`{ 29 "type": "service_account", 30 "project_id": "fake_project", 31 "universe_domain": "example.com", 32 "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b", 33 "private_key": "super secret key", 34 "client_email": "gopher@developer.gserviceaccount.com", 35 "client_id": "gopher.apps.googleusercontent.com", 36 "auth_uri": "https://accounts.google.com/o/oauth2/auth", 37 "token_uri": "https://oauth2.googleapis.com/token", 38 "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 39 "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com" 40 }`) 41 42 var userJSON = []byte(`{ 43 "client_id": "abc123.apps.googleusercontent.com", 44 "client_secret": "shh", 45 "refresh_token": "refreshing", 46 "type": "authorized_user", 47 "quota_project_id": "fake_project2" 48 }`) 49 50 var userJSONUniverseDomain = []byte(`{ 51 "client_id": "abc123.apps.googleusercontent.com", 52 "client_secret": "shh", 53 "refresh_token": "refreshing", 54 "type": "authorized_user", 55 "quota_project_id": "fake_project2", 56 "universe_domain": "example.com" 57 }`) 58 59 var universeDomain = "example.com" 60 61 var universeDomain2 = "apis-tpclp.goog" 62 63 func TestCredentialsFromJSONWithParams_SA(t *testing.T) { 64 ctx := context.Background() 65 scope := "https://www.googleapis.com/auth/cloud-platform" 66 params := CredentialsParams{ 67 Scopes: []string{scope}, 68 } 69 creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params) 70 if err != nil { 71 t.Fatal(err) 72 } 73 74 if want := "fake_project"; creds.ProjectID != want { 75 t.Fatalf("got %q, want %q", creds.ProjectID, want) 76 } 77 if want := "googleapis.com"; creds.UniverseDomain() != want { 78 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 79 } 80 if want := "googleapis.com"; creds.UniverseDomain() != want { 81 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 82 } 83 } 84 85 func TestCredentialsFromJSONWithParams_SA_Params_UniverseDomain(t *testing.T) { 86 ctx := context.Background() 87 scope := "https://www.googleapis.com/auth/cloud-platform" 88 params := CredentialsParams{ 89 Scopes: []string{scope}, 90 UniverseDomain: universeDomain2, 91 } 92 creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params) 93 if err != nil { 94 t.Fatal(err) 95 } 96 97 if want := "fake_project"; creds.ProjectID != want { 98 t.Fatalf("got %q, want %q", creds.ProjectID, want) 99 } 100 if creds.UniverseDomain() != universeDomain2 { 101 t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2) 102 } 103 if creds.UniverseDomain() != universeDomain2 { 104 t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2) 105 } 106 } 107 108 func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) { 109 ctx := context.Background() 110 scope := "https://www.googleapis.com/auth/cloud-platform" 111 params := CredentialsParams{ 112 Scopes: []string{scope}, 113 } 114 creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params) 115 if err != nil { 116 t.Fatal(err) 117 } 118 119 if want := "fake_project"; creds.ProjectID != want { 120 t.Fatalf("got %q, want %q", creds.ProjectID, want) 121 } 122 if creds.UniverseDomain() != universeDomain { 123 t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain) 124 } 125 got, err := creds.GetUniverseDomain() 126 if err != nil { 127 t.Fatal(err) 128 } 129 if got != universeDomain { 130 t.Fatalf("got %q, want %q", got, universeDomain) 131 } 132 } 133 134 func TestCredentialsFromJSONWithParams_SA_UniverseDomain_Params_UniverseDomain(t *testing.T) { 135 ctx := context.Background() 136 scope := "https://www.googleapis.com/auth/cloud-platform" 137 params := CredentialsParams{ 138 Scopes: []string{scope}, 139 UniverseDomain: universeDomain2, 140 } 141 creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params) 142 if err != nil { 143 t.Fatal(err) 144 } 145 146 if want := "fake_project"; creds.ProjectID != want { 147 t.Fatalf("got %q, want %q", creds.ProjectID, want) 148 } 149 if creds.UniverseDomain() != universeDomain2 { 150 t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2) 151 } 152 got, err := creds.GetUniverseDomain() 153 if err != nil { 154 t.Fatal(err) 155 } 156 if got != universeDomain2 { 157 t.Fatalf("got %q, want %q", got, universeDomain2) 158 } 159 } 160 161 func TestCredentialsFromJSONWithParams_User(t *testing.T) { 162 ctx := context.Background() 163 scope := "https://www.googleapis.com/auth/cloud-platform" 164 params := CredentialsParams{ 165 Scopes: []string{scope}, 166 } 167 creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params) 168 if err != nil { 169 t.Fatal(err) 170 } 171 172 if want := "googleapis.com"; creds.UniverseDomain() != want { 173 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 174 } 175 got, err := creds.GetUniverseDomain() 176 if err != nil { 177 t.Fatal(err) 178 } 179 if want := "googleapis.com"; got != want { 180 t.Fatalf("got %q, want %q", got, want) 181 } 182 } 183 184 func TestCredentialsFromJSONWithParams_User_Params_UniverseDomain(t *testing.T) { 185 ctx := context.Background() 186 scope := "https://www.googleapis.com/auth/cloud-platform" 187 params := CredentialsParams{ 188 Scopes: []string{scope}, 189 UniverseDomain: universeDomain2, 190 } 191 creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params) 192 if err != nil { 193 t.Fatal(err) 194 } 195 196 if want := "googleapis.com"; creds.UniverseDomain() != want { 197 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 198 } 199 got, err := creds.GetUniverseDomain() 200 if err != nil { 201 t.Fatal(err) 202 } 203 if want := "googleapis.com"; got != want { 204 t.Fatalf("got %q, want %q", got, want) 205 } 206 } 207 208 func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) { 209 ctx := context.Background() 210 scope := "https://www.googleapis.com/auth/cloud-platform" 211 params := CredentialsParams{ 212 Scopes: []string{scope}, 213 } 214 creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params) 215 if err != nil { 216 t.Fatal(err) 217 } 218 219 if want := "googleapis.com"; creds.UniverseDomain() != want { 220 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 221 } 222 got, err := creds.GetUniverseDomain() 223 if err != nil { 224 t.Fatal(err) 225 } 226 if want := "googleapis.com"; got != want { 227 t.Fatalf("got %q, want %q", got, want) 228 } 229 } 230 231 func TestCredentialsFromJSONWithParams_User_UniverseDomain_Params_UniverseDomain(t *testing.T) { 232 ctx := context.Background() 233 scope := "https://www.googleapis.com/auth/cloud-platform" 234 params := CredentialsParams{ 235 Scopes: []string{scope}, 236 UniverseDomain: universeDomain2, 237 } 238 creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params) 239 if err != nil { 240 t.Fatal(err) 241 } 242 243 if want := "googleapis.com"; creds.UniverseDomain() != want { 244 t.Fatalf("got %q, want %q", creds.UniverseDomain(), want) 245 } 246 got, err := creds.GetUniverseDomain() 247 if err != nil { 248 t.Fatal(err) 249 } 250 if want := "googleapis.com"; got != want { 251 t.Fatalf("got %q, want %q", got, want) 252 } 253 } 254 255 func TestComputeUniverseDomain(t *testing.T) { 256 universeDomainPath := "/computeMetadata/v1/universe/universe_domain" 257 universeDomainResponseBody := "example.com" 258 s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 259 if r.URL.Path != universeDomainPath { 260 t.Errorf("got %s, want %s", r.URL.Path, universeDomainPath) 261 } 262 w.Write([]byte(universeDomainResponseBody)) 263 })) 264 defer s.Close() 265 t.Setenv("GCE_METADATA_HOST", strings.TrimPrefix(s.URL, "http://")) 266 267 scope := "https://www.googleapis.com/auth/cloud-platform" 268 params := CredentialsParams{ 269 Scopes: []string{scope}, 270 } 271 // Copied from FindDefaultCredentialsWithParams, metadata.OnGCE() = true block 272 creds := &Credentials{ 273 ProjectID: "fake_project", 274 TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...), 275 universeDomain: params.UniverseDomain, // empty 276 } 277 c := make(chan bool) 278 go func() { 279 got, err := creds.GetUniverseDomain() // First conflicting access. 280 if err != nil { 281 t.Error(err) 282 } 283 if want := universeDomainResponseBody; got != want { 284 t.Errorf("got %q, want %q", got, want) 285 } 286 c <- true 287 }() 288 got, err := creds.GetUniverseDomain() // Second conflicting access. 289 <-c 290 if err != nil { 291 t.Error(err) 292 } 293 if want := universeDomainResponseBody; got != want { 294 t.Errorf("got %q, want %q", got, want) 295 } 296 297 }