forked from Mirrors/oauth2
google/internal/externalaccount: allowing PSC Urls
Change-Id: I46c337f162bf84cbcfa068ce1680e5428c46286a
GitHub-Last-Rev: 4d1190b904
GitHub-Pull-Request: golang/oauth2#596
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/439677
Auto-Submit: Cody Oss <codyoss@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
Reviewed-by: Leo Siracusa <leosiracusa@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Ryan Kohler
Gopher Robot
parent
b44042a4b9
commit
6fdb5e3db7
|
|
@ -74,12 +74,14 @@ var (
|
||||||
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
|
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
|
||||||
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
|
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||||
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
|
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
|
||||||
|
regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
|
||||||
}
|
}
|
||||||
validImpersonateURLPatterns = []*regexp.Regexp{
|
validImpersonateURLPatterns = []*regexp.Regexp{
|
||||||
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
|
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
|
||||||
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
|
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
|
||||||
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
|
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
|
||||||
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
|
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
|
||||||
|
regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
|
||||||
}
|
}
|
||||||
validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
|
validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,16 @@ func TestValidateURLTokenURL(t *testing.T) {
|
||||||
{"https://", false},
|
{"https://", false},
|
||||||
{"http://us-east-1.sts.googleapis.com", false},
|
{"http://us-east-1.sts.googleapis.com", false},
|
||||||
{"https://us-east-1.sts.googleapis.comevil.com", false},
|
{"https://us-east-1.sts.googleapis.comevil.com", false},
|
||||||
|
{"https://sts-xyz.p.googleapis.com", true},
|
||||||
|
{"https://sts.pgoogleapis.com", false},
|
||||||
|
{"https://p.googleapis.com", false},
|
||||||
|
{"https://sts.p.com", false},
|
||||||
|
{"http://sts.p.googleapis.com", false},
|
||||||
|
{"https://xyz-sts.p.googleapis.com", false},
|
||||||
|
{"https://sts-xyz.123.p.googleapis.com", false},
|
||||||
|
{"https://sts-xyz.p1.googleapis.com", false},
|
||||||
|
{"https://sts-xyz.p.foo.com", false},
|
||||||
|
{"https://sts-xyz.p.foo.googleapis.com", false},
|
||||||
}
|
}
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
for _, tt := range urlValidityTests {
|
for _, tt := range urlValidityTests {
|
||||||
|
|
@ -287,6 +297,16 @@ func TestValidateURLImpersonateURL(t *testing.T) {
|
||||||
{"https://", false},
|
{"https://", false},
|
||||||
{"http://us-east-1.iamcredentials.googleapis.com", false},
|
{"http://us-east-1.iamcredentials.googleapis.com", false},
|
||||||
{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
|
{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
|
||||||
|
{"https://iamcredentials-xyz.p.googleapis.com", true},
|
||||||
|
{"https://iamcredentials.pgoogleapis.com", false},
|
||||||
|
{"https://p.googleapis.com", false},
|
||||||
|
{"https://iamcredentials.p.com", false},
|
||||||
|
{"http://iamcredentials.p.googleapis.com", false},
|
||||||
|
{"https://xyz-iamcredentials.p.googleapis.com", false},
|
||||||
|
{"https://iamcredentials-xyz.123.p.googleapis.com", false},
|
||||||
|
{"https://iamcredentials-xyz.p1.googleapis.com", false},
|
||||||
|
{"https://iamcredentials-xyz.p.foo.com", false},
|
||||||
|
{"https://iamcredentials-xyz.p.foo.googleapis.com", false},
|
||||||
}
|
}
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
for _, tt := range urlValidityTests {
|
for _, tt := range urlValidityTests {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue