Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding token url validation cases for psc endpoints (#31616)

Browse Source 
* Adding validation case for psc endpoint

* formatting fix
pull/31623/head
aeitzman 2 years ago committed by GitHub
parent 42c2767c19
commit 57e0806515
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 77 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      src/core/lib/security/credentials/google_default/google_default_credentials.cc
  2. 71
      test/core/security/credentials_test.cc

7
src/core/lib/security/credentials/google_default/google_default_credentials.cc
Unescape View File

@ -275,7 +275,12 @@ bool ValidateUrlField(const Json& json, const std::string& field) {
absl::string_view host; absl::string_view host;
absl::string_view port; absl::string_view port;
grpc_core::SplitHostPort(url->authority(), &host, &port); grpc_core::SplitHostPort(url->authority(), &host, &port);
if (absl::ConsumeSuffix(&host, ".googleapis.com")) { if (absl::ConsumeSuffix(&host, ".p.googleapis.com")) {
if (absl::StartsWith(host, "sts-") ||
absl::StartsWith(host, "iamcredentials-")) {
return true;
}
} else if (absl::ConsumeSuffix(&host, ".googleapis.com")) {
if (host == "sts" || host == "iamcredentials") { if (host == "sts" || host == "iamcredentials") {
return true; return true;
} else if (absl::StartsWith(host, "sts.") || } else if (absl::StartsWith(host, "sts.") ||

71
test/core/security/credentials_test.cc
Unescape View File

@ -167,6 +167,31 @@ const char test_external_account_credentials_multi_pattern_iam_str[] =
"project_id\",\"client_id\":\"client_id\",\"client_secret\":\"client_" "project_id\",\"client_id\":\"client_id\",\"client_secret\":\"client_"
"secret\"}"; "secret\"}";
const char test_external_account_credentials_psc_sts_str[] =
"{\"type\":\"external_account\",\"audience\":\"audience\",\"subject_"
"token_type\":\"subject_token_type\",\"service_account_impersonation_"
"url\":\"https://sts-xyz.p.googleapis.com:5555/"
"service_account_impersonation_url\",\"token_url\":\"https://"
"sts-xyz-123.p.googleapis.com:5555/token\",\"token_info_url\":\"https://"
"sts-xyz.p.googleapis.com:5555/introspect"
"token_info\",\"credential_source\":{\"file\":\"credentials_file_path\"},"
"\"quota_project_id\":\"quota_"
"project_id\",\"client_id\":\"client_id\",\"client_secret\":\"client_"
"secret\"}";
const char test_external_account_credentials_psc_iam_str[] =
"{\"type\":\"external_account\",\"audience\":\"audience\",\"subject_"
"token_type\":\"subject_token_type\",\"service_account_impersonation_"
"url\":\"https://iamcredentials-xyz.p.googleapis.com:5555/"
"service_account_impersonation_url\",\"token_url\":\"https://"
"iamcredentials-xyz-123.p.googleapis.com:5555/"
"token\",\"token_info_url\":\"https://"
"iamcredentials-xyz-123.p.googleapis.com:5555/introspect"
"token_info\",\"credential_source\":{\"file\":\"credentials_file_path\"},"
"\"quota_project_id\":\"quota_"
"project_id\",\"client_id\":\"client_id\",\"client_secret\":\"client_"
"secret\"}";
const char valid_oauth2_json_response[] = const char valid_oauth2_json_response[] =
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"expires_in\":3599, " " \"expires_in\":3599, "
@ -1639,6 +1664,52 @@ TEST(CredentialsTest,
grpc_override_well_known_credentials_path_getter(nullptr); grpc_override_well_known_credentials_path_getter(nullptr);
} }
TEST(CredentialsTest, TestGoogleDefaultCredsExternalAccountCredentialsPscSts) {
ExecCtx exec_ctx;
grpc_composite_channel_credentials* creds;
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"google_default_creds_external_account_credentials_psc_sts",
test_external_account_credentials_psc_sts_str);
grpc_override_well_known_credentials_path_getter(
null_well_known_creds_path_getter);
creds = reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create(nullptr));
auto* default_creds =
reinterpret_cast<const grpc_google_default_channel_credentials*>(
creds->inner_creds());
GPR_ASSERT(default_creds->ssl_creds() != nullptr);
auto* external =
reinterpret_cast<const ExternalAccountCredentials*>(creds->call_creds());
GPR_ASSERT(external != nullptr);
creds->Unref();
SetEnv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
grpc_override_well_known_credentials_path_getter(nullptr);
}
TEST(CredentialsTest, TestGoogleDefaultCredsExternalAccountCredentialsPscIam) {
ExecCtx exec_ctx;
grpc_composite_channel_credentials* creds;
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"google_default_creds_external_account_credentials_psc_iam",
test_external_account_credentials_psc_iam_str);
grpc_override_well_known_credentials_path_getter(
null_well_known_creds_path_getter);
creds = reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create(nullptr));
auto* default_creds =
reinterpret_cast<const grpc_google_default_channel_credentials*>(
creds->inner_creds());
GPR_ASSERT(default_creds->ssl_creds() != nullptr);
auto* external =
reinterpret_cast<const ExternalAccountCredentials*>(creds->call_creds());
GPR_ASSERT(external != nullptr);
creds->Unref();
SetEnv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
grpc_override_well_known_credentials_path_getter(nullptr);
}
int default_creds_metadata_server_detection_httpcli_get_success_override( int default_creds_metadata_server_detection_httpcli_get_success_override(
const grpc_http_request* /*request*/, const char* host, const char* path, const grpc_http_request* /*request*/, const char* host, const char* path,
Timestamp /*deadline*/, grpc_closure* on_done, Timestamp /*deadline*/, grpc_closure* on_done,

Write Preview
Loading…
Cancel
Save