made some changes

2021-08-09 14:38:40 -07:00 · 2021-08-09 14:38:40 -07:00 · 109292283c
parent 57c99ca18a
commit 109292283c
5 changed files with 56 additions and 48 deletions
--- a/google/internal/externalaccount/aws_test.go
+++ b/google/internal/externalaccount/aws_test.go
@ -28,8 +28,7 @@ func setTime(testTime time.Time) func() time.Time {

 func setEnvironment(env map[string]string) func(string) string {
 	return func(key string) string {
-		value, _ := env[key]
-		return value
+		return env[key]
 	}
 }

--- a/google/internal/externalaccount/basecredentials.go
+++ b/google/internal/externalaccount/basecredentials.go
@ -55,62 +55,52 @@ type Config struct {

 // Each element consists of a list of patterns.  validateURLs checks for matches
 // that include all elements in a given list, in that order.
+
 var (
-	validTokenURLPatterns = []string{
-		"https://[^\\.]+\\.sts\\.googleapis\\.com",
-		"https://sts\\.googleapis\\.com",
-		"https://sts\\.[^\\.]+\\.googleapis\\.com",
-		"https://[^\\.]+-sts\\.googleapis\\.com",
+	validTokenURLPatterns = []*regexp.Regexp{
+		regexp.MustCompile("https://[^\\.]+\\.sts\\.googleapis\\.com"),
+		regexp.MustCompile("https://sts\\.googleapis\\.com"),
+		regexp.MustCompile("https://sts\\.[^\\.]+\\.googleapis\\.com"),
+		regexp.MustCompile("https://[^\\.]+-sts\\.googleapis\\.com"),
 	}
-	validImpersonateURLPatterns = []string{
-		"https://[^\\.]+\\.iamcredentials\\.googleapis\\.com",
-		"https://iamcredentials\\.googleapis\\.com",
-		"https://iamcredentials\\.[^\\.]+\\.googleapis\\.com",
-		"https://[^\\.]+-iamcredentials\\.googleapis\\.com",
+	validImpersonateURLPatterns = []*regexp.Regexp{
+		regexp.MustCompile("https://[^\\.]+\\.iamcredentials\\.googleapis\\.com"),
+		regexp.MustCompile("https://iamcredentials\\.googleapis\\.com"),
+		regexp.MustCompile("https://iamcredentials\\.[^\\.]+\\.googleapis\\.com"),
+		regexp.MustCompile("https://[^\\.]+-iamcredentials\\.googleapis\\.com"),
 	}
 )

-func validateURL(input string, patterns []string) (bool, error) {
+func validateURL(input string, patterns []*regexp.Regexp) bool {
 	for _, pattern := range patterns {
-		valid, err := regexp.MatchString(pattern, input)
-		if err != nil {
-			return false, err
-		}
+		valid := pattern.MatchString(input)
 		if valid {
-			return true, nil
+			return true
 		}
 	}
-	return false, nil
+	return false
 }

 // TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
 func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
-	return c.tokenSource(ctx, false)
+	return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns)
 }

 // tokenSource is a private function that's directly called by some of the tests,
 // because the unit test URLs are mocked, and would otherwise fail the
 // validity check.
-func (c *Config) tokenSource(ctx context.Context, testing bool) (oauth2.TokenSource, error) {
-	if !testing {
-		// Check the validity of TokenURL.
-		valid, err := validateURL(c.TokenURL, validTokenURLPatterns)
-		if err != nil {
-			return nil, err
-		}
-		if !valid {
-			return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
-		}
+func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp) (oauth2.TokenSource, error) {
+	// Check the validity of TokenURL.
+	valid := validateURL(c.TokenURL, tokenURLValidPats)
+	if !valid {
+		return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
+	}

-		// If ServiceAccountImpersonationURL is present, check its validity.
-		if c.ServiceAccountImpersonationURL != "" {
-			valid, err := validateURL(c.ServiceAccountImpersonationURL, validImpersonateURLPatterns)
-			if err != nil {
-				return nil, err
-			}
-			if !valid {
-				return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
-			}
+	// If ServiceAccountImpersonationURL is present, check its validity.
+	if c.ServiceAccountImpersonationURL != "" {
+		valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats)
+		if !valid {
+			return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
 		}
 	}

--- a/google/internal/externalaccount/basecredentials_test.go
+++ b/google/internal/externalaccount/basecredentials_test.go
@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"regexp"
 	"testing"
 	"time"
 )
@ -96,10 +97,10 @@ func TestToken(t *testing.T) {

 }

-func TestValidateURL(t *testing.T) {
+func TestValidateURLTokenURL(t *testing.T) {
 	var urlValidityTests = []struct {
 		input   string
-		pattern []string
+		pattern []*regexp.Regexp
 		result  bool
 	}{
 		{"https://east.sts.googleapis.com", validTokenURLPatterns, true},
@ -112,7 +113,23 @@ func TestValidateURL(t *testing.T) {
 		{"https://sts..googleapis.com", validTokenURLPatterns, false},
 		{"https://-sts.googleapis.com", validTokenURLPatterns, false},
 		{"https://us-ea.st-1-sts.googleapis.com", validTokenURLPatterns, false},
-		// Repeat for iamcredentials as well
+	}
+	for _, tt := range urlValidityTests {
+		t.Run(" "+tt.input, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
+			valid := validateURL(tt.input, tt.pattern)
+			if valid != tt.result {
+				t.Errorf("got %v, want %v", valid, tt.result)
+			}
+		})
+	}
+}
+
+func TestValidateURLImpersonateURL (t *testing.T) {
+	var urlValidityTests = []struct {
+		input   string
+		pattern []*regexp.Regexp
+		result  bool
+	}{
 		{"https://east.iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
 		{"https://iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
 		{"https://iamcredentials.asfeasfesef.googleapis.com", validImpersonateURLPatterns, true},
@ -126,11 +143,7 @@ func TestValidateURL(t *testing.T) {
 	}
 	for _, tt := range urlValidityTests {
 		t.Run(" "+tt.input, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
-			valid, err := validateURL(tt.input, tt.pattern)
-			if err != nil {
-				t.Errorf("validateURL returned an error: %v", err)
-				return
-			}
+			valid := validateURL(tt.input, tt.pattern)
 			if valid != tt.result {
 				t.Errorf("got %v, want %v", valid, tt.result)
 			}
--- a/google/internal/externalaccount/impersonate_test.go
+++ b/google/internal/externalaccount/impersonate_test.go
@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"regexp"
 	"testing"
 )

@ -77,7 +78,9 @@ func TestImpersonation(t *testing.T) {
 	defer targetServer.Close()

 	testImpersonateConfig.TokenURL = targetServer.URL
-	ourTS, err := testImpersonateConfig.tokenSource(context.Background(), true)
+	allURLs := regexp.MustCompile(".*")
+	fmt.Println(allURLs)
+	ourTS, err := testImpersonateConfig.tokenSource(context.Background(), []*regexp.Regexp{allURLs}, []*regexp.Regexp{allURLs})
 	if err != nil {
 		fmt.Println(testImpersonateConfig.TokenURL)
 		t.Fatalf("Failed to create TokenSource: %v", err)
--- a/google/internal/externalaccount/sts_exchange_test.go
+++ b/google/internal/externalaccount/sts_exchange_test.go
@ -128,6 +128,9 @@ func TestExchangeToken_Opts(t *testing.T) {
 		}
 		var opts map[string]interface{}
 		err = json.Unmarshal([]byte(strOpts[0]), &opts)
+		if err != nil {
+			t.Fatalf("Couldn't parse received \"options\" field.")
+		}
 		if len(opts) < 2 {
 			t.Errorf("Too few options received.")
 		}