google:fix missing expiration_time field isn't a problem for executables

This commit is contained in:
Ryan Kohler 2022-07-19 13:48:15 -07:00
parent 2104d58473
commit 96eb2344de
2 changed files with 18 additions and 18 deletions

View File

@ -178,7 +178,7 @@ type executableResponse struct {
Message string `json:"message,omitempty"` Message string `json:"message,omitempty"`
} }
func parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) { func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
var result executableResponse var result executableResponse
if err := json.Unmarshal(response, &result); err != nil { if err := json.Unmarshal(response, &result); err != nil {
return "", jsonParsingError(source, string(response)) return "", jsonParsingError(source, string(response))
@ -203,7 +203,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
return "", unsupportedVersionError(source, result.Version) return "", unsupportedVersionError(source, result.Version)
} }
if result.ExpirationTime == 0 { if result.ExpirationTime == 0 && cs.OutputFile != "" {
return "", missingFieldError(source, "expiration_time") return "", missingFieldError(source, "expiration_time")
} }
@ -211,7 +211,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
return "", missingFieldError(source, "token_type") return "", missingFieldError(source, "token_type")
} }
if result.ExpirationTime < now { if result.ExpirationTime != 0 && result.ExpirationTime < now {
return "", tokenExpiredError() return "", tokenExpiredError()
} }
@ -259,7 +259,7 @@ func (cs executableCredentialSource) getTokenFromOutputFile() (token string, err
return "", nil return "", nil
} }
token, err = parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix()) token, err = cs.parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix())
if err != nil { if err != nil {
if _, ok := err.(nonCacheableError); ok { if _, ok := err.(nonCacheableError); ok {
// If the cached token is expired we need a new token, // If the cached token is expired we need a new token,
@ -304,5 +304,5 @@ func (cs executableCredentialSource) getTokenFromExecutableCommand() (string, er
if err != nil { if err != nil {
return "", err return "", err
} }
return parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix()) return cs.parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix())
} }

View File

@ -388,19 +388,6 @@ var failureTests = []struct {
expectedErr: missingFieldError(executableSource, "token_type"), expectedErr: missingFieldError(executableSource, "token_type"),
}, },
{
name: "Missing Expiration",
testEnvironment: testEnvironment{
envVars: executablesAllowed,
jsonResponse: &executableResponse{
Success: Bool(true),
Version: 1,
TokenType: "urn:ietf:params:oauth:token-type:jwt",
},
},
expectedErr: missingFieldError(executableSource, "expiration_time"),
},
{ {
name: "Token Expired", name: "Token Expired",
testEnvironment: testEnvironment{ testEnvironment: testEnvironment{
@ -564,6 +551,19 @@ var successTests = []struct {
}, },
}, },
}, },
{
name: "Missing Expiration",
testEnvironment: testEnvironment{
envVars: executablesAllowed,
jsonResponse: &executableResponse{
Success: Bool(true),
Version: 1,
TokenType: "urn:ietf:params:oauth:token-type:jwt",
IdToken: "tokentokentoken",
},
},
},
} }
func TestRetrieveExecutableSubjectTokenSuccesses(t *testing.T) { func TestRetrieveExecutableSubjectTokenSuccesses(t *testing.T) {