google: add support for url-sourced file credentials.

Change-Id: I1eddacc506f9268aafc61ba4727ccd75c8d46d28
2021-01-12 12:56:40 -08:00 · 2021-01-12 12:56:40 -08:00 · bf1e0506de
parent d2fc13d268
commit bf1e0506de
2 changed files with 167 additions and 0 deletions
--- a/google/internal/externalaccount/urlcredsource.go
+++ b/google/internal/externalaccount/urlcredsource.go
@ -0,0 +1,67 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccount
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+type urlCredentialSource struct {
+	URL string
+	Headers map[string]string
+	Format format
+}
+
+func (cs urlCredentialSource) subjectToken() (string, error) {
+	client := http.Client{}
+	req, err := http.NewRequest("GET", cs.URL, strings.NewReader(""))
+
+	for key, val := range cs.Headers {
+		req.Header.Add(key, val)
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Errorf("oauth2/google: invalid response when retrieving subject token: %v", err)
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	tokenBytes, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
+	if err != nil {
+		fmt.Errorf("oauth2/google: invalid body in subject token URL query: %v", err)
+		return "", err
+	}
+
+	switch cs.Format.Type {
+	case "json":
+		jsonData := make(map[string]interface{})
+		err = json.Unmarshal(tokenBytes, &jsonData)
+		if err != nil {
+			return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %v", err)
+		}
+		val, ok := jsonData[cs.Format.SubjectTokenFieldName]
+		if !ok {
+			return "", errors.New("oauth2/google: provided subject_token_field_name not found in credentials")
+		}
+		token, ok := val.(string)
+		if !ok {
+			return "", errors.New("oauth2/google: improperly formatted subject token")
+		}
+		return token, nil
+	case "text":
+		return string(tokenBytes), nil
+	case "":
+		return string(tokenBytes), nil
+	default:
+		return "", errors.New("oauth2/google: invalid credential_source file format type")
+	}
+
+}
--- a/google/internal/externalaccount/urlcredsource_test.go
+++ b/google/internal/externalaccount/urlcredsource_test.go
@ -0,0 +1,100 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccount
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+var myURLToken = "testTokenValue"
+
+
+
+func TestRetrieveURLSubjectToken_Text(t *testing.T) {
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "GET" {
+			t.Errorf("Unexpected request method, %v is found", r.Method)
+		}
+		w.Write([]byte("testTokenValue"))
+	}))
+	cs := CredentialSource{
+		URL: ts.URL,
+		Format: format{Type: fileTypeText},
+	}
+	tfc := testFileConfig
+	tfc.CredentialSource = cs
+
+	out, err := tfc.parse().subjectToken()
+	if err != nil {
+		t.Fatalf("retrieveSubjectToken() failed: %v", err)
+	}
+	if out != myURLToken {
+		t.Errorf("got %v but want %v", out, myURLToken)
+	}
+
+}
+
+// Checking that retrieveSubjectToken properly defaults to type text
+func TestRetrieveURLSubjectToken_Untyped(t *testing.T) {
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "GET" {
+			t.Errorf("Unexpected request method, %v is found", r.Method)
+		}
+		w.Write([]byte("testTokenValue"))
+	}))
+	cs := CredentialSource{
+		URL: ts.URL,
+	}
+	tfc := testFileConfig
+	tfc.CredentialSource = cs
+
+	out, err := tfc.parse().subjectToken()
+	if err != nil {
+		t.Fatalf("Failed to retrieve USRL subject token: %v", err)
+	}
+	if out != myURLToken {
+		t.Errorf("got %v but want %v", out, myURLToken)
+	}
+
+}
+
+func TestRetrieveURLSubjectToken_JSON(t *testing.T) {
+	type tokenResponse struct {
+		TestToken string `json:"SubjToken"`
+	}
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if got, want := r.Method, "GET"; got != want {
+			t.Errorf("got %v, but want %v", r.Method, want)
+		}
+		resp := tokenResponse{TestToken: "testTokenValue"}
+		jsonResp, err := json.Marshal(resp)
+		if err != nil {
+			t.Errorf("Failed to marshal values: %v", err)
+		}
+		w.Write(jsonResp)
+	}))
+	cs := CredentialSource{
+		URL: ts.URL,
+		Format: format{Type: fileTypeJSON, SubjectTokenFieldName: "SubjToken"},
+	}
+	tfc := testFileConfig
+	tfc.CredentialSource = cs
+
+	out, err := tfc.parse().subjectToken()
+
+
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	if out != myURLToken {
+		t.Errorf("got %v but want %v", out, myURLToken)
+	}
+
+}