From 96eb2344dee49b7c08aca5c728c0f4d9ec4634b8 Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 19 Jul 2022 13:48:15 -0700 Subject: [PATCH] google:fix missing expiration_time field isn't a problem for executables --- .../externalaccount/executablecredsource.go | 10 +++---- .../executablecredsource_test.go | 26 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/google/internal/externalaccount/executablecredsource.go b/google/internal/externalaccount/executablecredsource.go index 6ecbe6e..7e8f85b 100644 --- a/google/internal/externalaccount/executablecredsource.go +++ b/google/internal/externalaccount/executablecredsource.go @@ -178,7 +178,7 @@ type executableResponse struct { Message string `json:"message,omitempty"` } -func parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) { +func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) { var result executableResponse if err := json.Unmarshal(response, &result); err != nil { return "", jsonParsingError(source, string(response)) @@ -203,7 +203,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str return "", unsupportedVersionError(source, result.Version) } - if result.ExpirationTime == 0 { + if result.ExpirationTime == 0 && cs.OutputFile != "" { return "", missingFieldError(source, "expiration_time") } @@ -211,7 +211,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str return "", missingFieldError(source, "token_type") } - if result.ExpirationTime < now { + if result.ExpirationTime != 0 && result.ExpirationTime < now { return "", tokenExpiredError() } @@ -259,7 +259,7 @@ func (cs executableCredentialSource) getTokenFromOutputFile() (token string, err return "", nil } - token, err = parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix()) + token, err = cs.parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix()) if err != nil { if _, ok := err.(nonCacheableError); ok { // If the cached token is expired we need a new token, @@ -304,5 +304,5 @@ func (cs executableCredentialSource) getTokenFromExecutableCommand() (string, er if err != nil { return "", err } - return parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix()) + return cs.parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix()) } diff --git a/google/internal/externalaccount/executablecredsource_test.go b/google/internal/externalaccount/executablecredsource_test.go index f115b29..074dfc4 100644 --- a/google/internal/externalaccount/executablecredsource_test.go +++ b/google/internal/externalaccount/executablecredsource_test.go @@ -388,19 +388,6 @@ var failureTests = []struct { expectedErr: missingFieldError(executableSource, "token_type"), }, - { - name: "Missing Expiration", - testEnvironment: testEnvironment{ - envVars: executablesAllowed, - jsonResponse: &executableResponse{ - Success: Bool(true), - Version: 1, - TokenType: "urn:ietf:params:oauth:token-type:jwt", - }, - }, - expectedErr: missingFieldError(executableSource, "expiration_time"), - }, - { name: "Token Expired", testEnvironment: testEnvironment{ @@ -564,6 +551,19 @@ var successTests = []struct { }, }, }, + + { + name: "Missing Expiration", + testEnvironment: testEnvironment{ + envVars: executablesAllowed, + jsonResponse: &executableResponse{ + Success: Bool(true), + Version: 1, + TokenType: "urn:ietf:params:oauth:token-type:jwt", + IdToken: "tokentokentoken", + }, + }, + }, } func TestRetrieveExecutableSubjectTokenSuccesses(t *testing.T) {