google/default_test.go - oauth2 - Git at Google

 // Copyright 2023 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package google

 import (
 	"context"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"

 	"cloud.google.com/go/compute/metadata"
 )

 var saJSONJWT = []byte(`{
   "type": "service_account",
   "project_id": "fake_project",
   "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
   "private_key": "super secret key",
   "client_email": "gopher@developer.gserviceaccount.com",
   "client_id": "gopher.apps.googleusercontent.com",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://oauth2.googleapis.com/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
 }`)

 var saJSONJWTUniverseDomain = []byte(`{
   "type": "service_account",
   "project_id": "fake_project",
   "universe_domain": "example.com",
   "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
   "private_key": "super secret key",
   "client_email": "gopher@developer.gserviceaccount.com",
   "client_id": "gopher.apps.googleusercontent.com",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://oauth2.googleapis.com/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
 }`)

 var userJSON = []byte(`{
   "client_id": "abc123.apps.googleusercontent.com",
   "client_secret": "shh",
   "refresh_token": "refreshing",
   "type": "authorized_user",
   "quota_project_id": "fake_project2"
 }`)

 var userJSONUniverseDomain = []byte(`{
   "client_id": "abc123.apps.googleusercontent.com",
   "client_secret": "shh",
   "refresh_token": "refreshing",
   "type": "authorized_user",
   "quota_project_id": "fake_project2",
   "universe_domain": "example.com"
 }`)

 var universeDomain = "example.com"

 var universeDomain2 = "apis-tpclp.goog"

 func TestCredentialsFromJSONWithParams_SA(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes: []string{scope},
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "fake_project"; creds.ProjectID != want {
 		t.Fatalf("got %q, want %q", creds.ProjectID, want)
 	}
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 }

 func TestCredentialsFromJSONWithParams_SA_Params_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes:         []string{scope},
 		UniverseDomain: universeDomain2,
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "fake_project"; creds.ProjectID != want {
 		t.Fatalf("got %q, want %q", creds.ProjectID, want)
 	}
 	if creds.UniverseDomain() != universeDomain2 {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
 	}
 	if creds.UniverseDomain() != universeDomain2 {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
 	}
 }

 func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes: []string{scope},
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "fake_project"; creds.ProjectID != want {
 		t.Fatalf("got %q, want %q", creds.ProjectID, want)
 	}
 	if creds.UniverseDomain() != universeDomain {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if got != universeDomain {
 		t.Fatalf("got %q, want %q", got, universeDomain)
 	}
 }

 func TestCredentialsFromJSONWithParams_SA_UniverseDomain_Params_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes:         []string{scope},
 		UniverseDomain: universeDomain2,
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "fake_project"; creds.ProjectID != want {
 		t.Fatalf("got %q, want %q", creds.ProjectID, want)
 	}
 	if creds.UniverseDomain() != universeDomain2 {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if got != universeDomain2 {
 		t.Fatalf("got %q, want %q", got, universeDomain2)
 	}
 }

 func TestCredentialsFromJSONWithParams_User(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes: []string{scope},
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if want := "googleapis.com"; got != want {
 		t.Fatalf("got %q, want %q", got, want)
 	}
 }

 func TestCredentialsFromJSONWithParams_User_Params_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes:         []string{scope},
 		UniverseDomain: universeDomain2,
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if want := "googleapis.com"; got != want {
 		t.Fatalf("got %q, want %q", got, want)
 	}
 }

 func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes: []string{scope},
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if want := "googleapis.com"; got != want {
 		t.Fatalf("got %q, want %q", got, want)
 	}
 }

 func TestCredentialsFromJSONWithParams_User_UniverseDomain_Params_UniverseDomain(t *testing.T) {
 	ctx := context.Background()
 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes:         []string{scope},
 		UniverseDomain: universeDomain2,
 	}
 	creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if want := "googleapis.com"; creds.UniverseDomain() != want {
 		t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
 	}
 	got, err := creds.GetUniverseDomain()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if want := "googleapis.com"; got != want {
 		t.Fatalf("got %q, want %q", got, want)
 	}
 }

 func TestComputeUniverseDomain(t *testing.T) {
 	universeDomainPath := "/computeMetadata/v1/universe/universe_domain"
 	universeDomainResponseBody := "example.com"
 	var requests int
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		requests++
 		if r.URL.Path != universeDomainPath {
 			t.Errorf("bad path, got %s, want %s", r.URL.Path, universeDomainPath)
 		}
 		if requests > 1 {
 			t.Errorf("too many requests, got %d, want 1", requests)
 		}
 		w.Write([]byte(universeDomainResponseBody))
 	}))
 	defer s.Close()
 	t.Setenv("GCE_METADATA_HOST", strings.TrimPrefix(s.URL, "http://"))

 	scope := "https://www.googleapis.com/auth/cloud-platform"
 	params := CredentialsParams{
 		Scopes: []string{scope},
 	}
 	universeDomainProvider := func() (string, error) {
 		universeDomain, err := metadata.Get("universe/universe_domain")
 		if err != nil {
 			return "", err
 		}
 		return universeDomain, nil
 	}
 	// Copied from FindDefaultCredentialsWithParams, metadata.OnGCE() = true block
 	creds := &Credentials{
 		ProjectID:              "fake_project",
 		TokenSource:            computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
 		UniverseDomainProvider: universeDomainProvider,
 		universeDomain:         params.UniverseDomain, // empty
 	}
 	c := make(chan bool)
 	go func() {
 		got, err := creds.GetUniverseDomain() // First conflicting access.
 		if err != nil {
 			t.Error(err)
 		}
 		if want := universeDomainResponseBody; got != want {
 			t.Errorf("got %q, want %q", got, want)
 		}
 		c <- true
 	}()
 	got, err := creds.GetUniverseDomain() // Second conflicting (and potentially uncached) access.
 	<-c
 	if err != nil {
 		t.Error(err)
 	}
 	if want := universeDomainResponseBody; got != want {
 		t.Errorf("got %q, want %q", got, want)
 	}

 }
	// Copyright 2023 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package google

	import (
	"context"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"

	"cloud.google.com/go/compute/metadata"
	)

	var saJSONJWT = []byte(`{
	"type": "service_account",
	"project_id": "fake_project",
	"private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
	"private_key": "super secret key",
	"client_email": "gopher@developer.gserviceaccount.com",
	"client_id": "gopher.apps.googleusercontent.com",
	"auth_uri": "https://accounts.google.com/o/oauth2/auth",
	"token_uri": "https://oauth2.googleapis.com/token",
	"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
	"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
	}`)

	var saJSONJWTUniverseDomain = []byte(`{
	"type": "service_account",
	"project_id": "fake_project",
	"universe_domain": "example.com",
	"private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
	"private_key": "super secret key",
	"client_email": "gopher@developer.gserviceaccount.com",
	"client_id": "gopher.apps.googleusercontent.com",
	"auth_uri": "https://accounts.google.com/o/oauth2/auth",
	"token_uri": "https://oauth2.googleapis.com/token",
	"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
	"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
	}`)

	var userJSON = []byte(`{
	"client_id": "abc123.apps.googleusercontent.com",
	"client_secret": "shh",
	"refresh_token": "refreshing",
	"type": "authorized_user",
	"quota_project_id": "fake_project2"
	}`)

	var userJSONUniverseDomain = []byte(`{
	"client_id": "abc123.apps.googleusercontent.com",
	"client_secret": "shh",
	"refresh_token": "refreshing",
	"type": "authorized_user",
	"quota_project_id": "fake_project2",
	"universe_domain": "example.com"
	}`)

	var universeDomain = "example.com"

	var universeDomain2 = "apis-tpclp.goog"

	func TestCredentialsFromJSONWithParams_SA(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	}
	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "fake_project"; creds.ProjectID != want {
	t.Fatalf("got %q, want %q", creds.ProjectID, want)
	}
	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	}

	func TestCredentialsFromJSONWithParams_SA_Params_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	UniverseDomain: universeDomain2,
	}
	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "fake_project"; creds.ProjectID != want {
	t.Fatalf("got %q, want %q", creds.ProjectID, want)
	}
	if creds.UniverseDomain() != universeDomain2 {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
	}
	if creds.UniverseDomain() != universeDomain2 {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
	}
	}

	func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	}
	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "fake_project"; creds.ProjectID != want {
	t.Fatalf("got %q, want %q", creds.ProjectID, want)
	}
	if creds.UniverseDomain() != universeDomain {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if got != universeDomain {
	t.Fatalf("got %q, want %q", got, universeDomain)
	}
	}

	func TestCredentialsFromJSONWithParams_SA_UniverseDomain_Params_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	UniverseDomain: universeDomain2,
	}
	creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "fake_project"; creds.ProjectID != want {
	t.Fatalf("got %q, want %q", creds.ProjectID, want)
	}
	if creds.UniverseDomain() != universeDomain2 {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), universeDomain2)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if got != universeDomain2 {
	t.Fatalf("got %q, want %q", got, universeDomain2)
	}
	}

	func TestCredentialsFromJSONWithParams_User(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	}
	creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if want := "googleapis.com"; got != want {
	t.Fatalf("got %q, want %q", got, want)
	}
	}

	func TestCredentialsFromJSONWithParams_User_Params_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	UniverseDomain: universeDomain2,
	}
	creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if want := "googleapis.com"; got != want {
	t.Fatalf("got %q, want %q", got, want)
	}
	}

	func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	}
	creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if want := "googleapis.com"; got != want {
	t.Fatalf("got %q, want %q", got, want)
	}
	}

	func TestCredentialsFromJSONWithParams_User_UniverseDomain_Params_UniverseDomain(t *testing.T) {
	ctx := context.Background()
	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	UniverseDomain: universeDomain2,
	}
	creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
	if err != nil {
	t.Fatal(err)
	}

	if want := "googleapis.com"; creds.UniverseDomain() != want {
	t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
	}
	got, err := creds.GetUniverseDomain()
	if err != nil {
	t.Fatal(err)
	}
	if want := "googleapis.com"; got != want {
	t.Fatalf("got %q, want %q", got, want)
	}
	}

	func TestComputeUniverseDomain(t *testing.T) {
	universeDomainPath := "/computeMetadata/v1/universe/universe_domain"
	universeDomainResponseBody := "example.com"
	var requests int
	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	requests++
	if r.URL.Path != universeDomainPath {
	t.Errorf("bad path, got %s, want %s", r.URL.Path, universeDomainPath)
	}
	if requests > 1 {
	t.Errorf("too many requests, got %d, want 1", requests)
	}
	w.Write([]byte(universeDomainResponseBody))
	}))
	defer s.Close()
	t.Setenv("GCE_METADATA_HOST", strings.TrimPrefix(s.URL, "http://"))

	scope := "https://www.googleapis.com/auth/cloud-platform"
	params := CredentialsParams{
	Scopes: []string{scope},
	}
	universeDomainProvider := func() (string, error) {
	universeDomain, err := metadata.Get("universe/universe_domain")
	if err != nil {
	return "", err
	}
	return universeDomain, nil
	}
	// Copied from FindDefaultCredentialsWithParams, metadata.OnGCE() = true block
	creds := &Credentials{
	ProjectID: "fake_project",
	TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
	UniverseDomainProvider: universeDomainProvider,
	universeDomain: params.UniverseDomain, // empty
	}
	c := make(chan bool)
	go func() {
	got, err := creds.GetUniverseDomain() // First conflicting access.
	if err != nil {
	t.Error(err)
	}
	if want := universeDomainResponseBody; got != want {
	t.Errorf("got %q, want %q", got, want)
	}
	c <- true
	}()
	got, err := creds.GetUniverseDomain() // Second conflicting (and potentially uncached) access.
	<-c
	if err != nil {
	t.Error(err)
	}
	if want := universeDomainResponseBody; got != want {
	t.Errorf("got %q, want %q", got, want)
	}

	}