Skip to content

Commit 11625cc

Browse files
quartzmocodyoss
quartzmo
authored and
codyoss
committed
google: add authorized_user conditional to Credentials.UniverseDomain
Return default universe domain if credentials type is authorized_user. Change-Id: I20a9b5fafa562fcec84717914a236d081f630591 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/532196 Run-TryBot: Cody Oss <[email protected]> Reviewed-by: Cody Oss <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
1 parent 8d6d45b commit 11625cc

File tree

2 files changed

+91
-4
lines changed

2 files changed

+91
-4
lines changed

google/default.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,12 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
216216
return nil, err
217217
}
218218

219+
universeDomain := f.UniverseDomain
220+
// Authorized user credentials are only supported in the googleapis.com universe.
221+
if f.Type == userCredentialsKey {
222+
universeDomain = universeDomainDefault
223+
}
224+
219225
ts, err := f.tokenSource(ctx, params)
220226
if err != nil {
221227
return nil, err
@@ -225,7 +231,7 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
225231
ProjectID: f.ProjectID,
226232
TokenSource: ts,
227233
JSON: jsonData,
228-
universeDomain: f.UniverseDomain,
234+
universeDomain: universeDomain,
229235
}, nil
230236
}
231237

google/default_test.go

Lines changed: 84 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,20 @@ import (
99
"testing"
1010
)
1111

12-
var jwtJSONKeyUniverseDomain = []byte(`{
12+
var saJSONJWT = []byte(`{
13+
"type": "service_account",
14+
"project_id": "fake_project",
15+
"private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
16+
"private_key": "super secret key",
17+
"client_email": "[email protected]",
18+
"client_id": "gopher.apps.googleusercontent.com",
19+
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
20+
"token_uri": "https://oauth2.googleapis.com/token",
21+
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
22+
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
23+
}`)
24+
25+
var saJSONJWTUniverseDomain = []byte(`{
1326
"type": "service_account",
1427
"project_id": "fake_project",
1528
"universe_domain": "example.com",
@@ -23,13 +36,49 @@ var jwtJSONKeyUniverseDomain = []byte(`{
2336
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
2437
}`)
2538

26-
func TestCredentialsFromJSONWithParams_UniverseDomain(t *testing.T) {
39+
var userJSON = []byte(`{
40+
"client_id": "abc123.apps.googleusercontent.com",
41+
"client_secret": "shh",
42+
"refresh_token": "refreshing",
43+
"type": "authorized_user",
44+
"quota_project_id": "fake_project2"
45+
}`)
46+
47+
var userJSONUniverseDomain = []byte(`{
48+
"client_id": "abc123.apps.googleusercontent.com",
49+
"client_secret": "shh",
50+
"refresh_token": "refreshing",
51+
"type": "authorized_user",
52+
"quota_project_id": "fake_project2",
53+
"universe_domain": "example.com"
54+
}`)
55+
56+
func TestCredentialsFromJSONWithParams_SA(t *testing.T) {
57+
ctx := context.Background()
58+
scope := "https://www.googleapis.com/auth/cloud-platform"
59+
params := CredentialsParams{
60+
Scopes: []string{scope},
61+
}
62+
creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
63+
if err != nil {
64+
t.Fatal(err)
65+
}
66+
67+
if want := "fake_project"; creds.ProjectID != want {
68+
t.Fatalf("got %q, want %q", creds.ProjectID, want)
69+
}
70+
if want := "googleapis.com"; creds.UniverseDomain() != want {
71+
t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
72+
}
73+
}
74+
75+
func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
2776
ctx := context.Background()
2877
scope := "https://www.googleapis.com/auth/cloud-platform"
2978
params := CredentialsParams{
3079
Scopes: []string{scope},
3180
}
32-
creds, err := CredentialsFromJSONWithParams(ctx, jwtJSONKeyUniverseDomain, params)
81+
creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
3382
if err != nil {
3483
t.Fatal(err)
3584
}
@@ -41,3 +90,35 @@ func TestCredentialsFromJSONWithParams_UniverseDomain(t *testing.T) {
4190
t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
4291
}
4392
}
93+
94+
func TestCredentialsFromJSONWithParams_User(t *testing.T) {
95+
ctx := context.Background()
96+
scope := "https://www.googleapis.com/auth/cloud-platform"
97+
params := CredentialsParams{
98+
Scopes: []string{scope},
99+
}
100+
creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
101+
if err != nil {
102+
t.Fatal(err)
103+
}
104+
105+
if want := "googleapis.com"; creds.UniverseDomain() != want {
106+
t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
107+
}
108+
}
109+
110+
func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
111+
ctx := context.Background()
112+
scope := "https://www.googleapis.com/auth/cloud-platform"
113+
params := CredentialsParams{
114+
Scopes: []string{scope},
115+
}
116+
creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
117+
if err != nil {
118+
t.Fatal(err)
119+
}
120+
121+
if want := "googleapis.com"; creds.UniverseDomain() != want {
122+
t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
123+
}
124+
}

0 commit comments

Comments
 (0)