1// Copyright 2017 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package internal 6 7import ( 8 "context" 9 "testing" 10 11 "github.com/google/go-cmp/cmp" 12 "golang.org/x/oauth2" 13 "golang.org/x/oauth2/google" 14) 15 16type dummyTokenSource struct { 17 oauth2.TokenSource 18} 19 20func TestTokenSource(t *testing.T) { 21 ctx := context.Background() 22 23 // Pass in a TokenSource, get it back. 24 ts := &dummyTokenSource{} 25 ds := &DialSettings{TokenSource: ts} 26 got, err := Creds(ctx, ds) 27 if err != nil { 28 t.Fatal(err) 29 } 30 want := &google.DefaultCredentials{TokenSource: ts} 31 if !cmp.Equal(got, want) { 32 t.Error("did not get the same TokenSource back") 33 } 34 35 // If both a file and TokenSource are passed, the file takes precedence 36 // (existing behavior). 37 // TODO(jba): make this an error? 38 ds = &DialSettings{ 39 TokenSource: ts, 40 CredentialsFile: "testdata/service-account.json", 41 } 42 got, err = Creds(ctx, ds) 43 if err != nil { 44 t.Fatal(err) 45 } 46 if cmp.Equal(got, want) { 47 t.Error("got the same TokenSource back, wanted one from the JSON file") 48 } 49 // TODO(jba): find a way to test the call to google.DefaultTokenSource. 50} 51 52func TestDefaultServiceAccount(t *testing.T) { 53 ctx := context.Background() 54 55 // Load a valid JSON file. No way to really test the contents; we just 56 // verify that there is no error. 57 ds := &DialSettings{CredentialsFile: "testdata/service-account.json"} 58 if _, err := Creds(ctx, ds); err != nil { 59 t.Errorf("got %v, wanted no error", err) 60 } 61 62 // Load valid JSON. No way to really test the contents; we just 63 // verify that there is no error. 64 ds = &DialSettings{CredentialsJSON: []byte(validServiceAccountJSON)} 65 if _, err := Creds(ctx, ds); err != nil { 66 t.Errorf("got %v, wanted no error", err) 67 } 68} 69 70func TestJWTWithAudience(t *testing.T) { 71 ctx := context.Background() 72 73 // Load a valid JSON file. No way to really test the contents; we just 74 // verify that there is no error. 75 ds := &DialSettings{CredentialsFile: "testdata/service-account.json", Audiences: []string{"foo"}} 76 if _, err := Creds(ctx, ds); err != nil { 77 t.Errorf("got %v, wanted no error", err) 78 } 79 80 // Load valid JSON. No way to really test the contents; we just 81 // verify that there is no error. 82 ds = &DialSettings{CredentialsJSON: []byte(validServiceAccountJSON), Audiences: []string{"foo"}} 83 if _, err := Creds(ctx, ds); err != nil { 84 t.Errorf("got %v, wanted no error", err) 85 } 86} 87 88func TestOAuth(t *testing.T) { 89 ctx := context.Background() 90 91 // Load a valid JSON file. No way to really test the contents; we just 92 // verify that there is no error. 93 ds := &DialSettings{CredentialsFile: "testdata/service-account.json", Scopes: []string{"foo"}} 94 if _, err := Creds(ctx, ds); err != nil { 95 t.Errorf("got %v, wanted no error", err) 96 } 97 98 // Load valid JSON. No way to really test the contents; we just 99 // verify that there is no error. 100 ds = &DialSettings{CredentialsJSON: []byte(validServiceAccountJSON), Scopes: []string{"foo"}} 101 if _, err := Creds(ctx, ds); err != nil { 102 t.Errorf("got %v, wanted no error", err) 103 } 104} 105 106const validServiceAccountJSON = `{ 107 "type": "service_account", 108 "project_id": "dumba-504", 109 "private_key_id": "adsfsdd", 110 "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDczcmZh9zhcDjd\nc+a1bcNu06QA+PGwjAZygTy9ays8qTLi4J8zWSjxgb18ZgYnv1gwVenmSBRuj+kg\nG03NPOxGmPrC/fTnZVBZpQRwBccBrPnRMvEM94egVrHKvPgqbifkyn2VR+ouWZvv\nwigR2PbjcvrSNkPE0QpLnRV0stilgCIYXR17lFrOPoiMra3N//1J0IPIFl3qZHxB\nsiejdi7zUiqLkqjYrNRHKulAGcJjqdCsNjAdjxgbRHgTjXSyuJh8bdKBgAMhetKj\nvU2OM431a9MQq77q/kvuJuCDRe6WqHs7JEFICUymTSSauANXowTUz63jfoSMMwmL\nBNcoePAZAgMBAAECggEAFxpkJe+YjbERjiBOqzybJok3/48MsOGR2iDKI3KncT8t\n7x28IqIJXe2qjy3YpoeHmXUf1mPD2YauyJh6xUcC3OcsU8NBQQXxiJOy2WrNVhBM\nilZXcPkkZIM1sqYfnEbu3ypNxhUifGuNXKKW0Tk/qfBRrLWXVSxfNKawxEdjUjua\ncknCwOBuZYkp8tTO5py5+RcoxHjAoNGaajep3yvNTIZ0WOLSjpAxLh0XCL5PRqKe\nfOrxL7ZY5Xl+yhc7/9PnVcdVOyUrry6I3byx8Yu46USLamNivZPk4xCiCe0k5OO1\nnXiU7qSLky4iiSzEd8o+0j/G8gMPZ9CF944kF60QIQKBgQDygfFrPjdYT5tpuPy+\nfpAZVnYWqLkvQHty0jmAqHucYRYVd1zpzY8zXW1JPXWSwGMSqB/Nz82v6oUw/Ovm\nRJ4+hvvUqZtUM1KJ10RUUWZDDLKoUgHp96IHarytdVy6kXZ0F2QNzW/VFTuzdKaK\n53c7Zc7iFK+4B/6XfyAumU0PSQKBgQDpFrdeQSoT4jXw/een7Hj3686cb9fkLEIf\na/pOOlqfGlJf7+NfqZpGBj5XxLGIJX80FFRtWTTAdgWrBmP0Nyvh48yd0KLALvyh\nmmqX/tBkkP41ASRMD+fWYh0AMhH6LmgrZtSUPKy0NvLIosH0qSbKGLIJEcXx3Pm4\nS1+eH0xKUQKBgA1hXhCsviEBQ3Hx4wAfu5OqUZmudYlF5YnQT5vpr+hQ8wb8LwQ3\nc09COGVyHqqaMt00qYyRiqfKKM8rJVjvMEwC5qI1OXzL2CIC3qJIW3wXl0PyQmjG\nYQpHuWFYuGUS4ZZGNB8O1rzLDyA3r3i6jLmaRG/09D0TM9joCr6HdtkBAoGBAIi6\n1p3nw/MeA1520uligiOMpAqIYTBr9e3QvWgeOwKRwjic09hN+T2SdAewTiP7Ov8l\n3dC3P4aWtQR6HzAnHQrJQkJhHNd3uKJjnpvC0iPsGfKl1ND5k5niu/hdZsZHarvq\n+lBqtzSP9yNStkv63dI3YliHoIIcijBdpp1u5qXBAoGBAOLrmvUKnx4NLEcauQ0e\naHndQ/6y4ie6knn1iJsJdYNJnYh9RKqDPTgpi8DbE2eb5JNkBQl0nSBMl74+MhVl\nMKBPVprkv7p3BdxoanpsncY14TUnzWIngkH21Rk0gqE3t/iJ7xnCTSv8qv3yYDj3\nL54zu6Y9GbjLgn6BtfhLHG4v\n-----END PRIVATE KEY-----\n", 111 "client_email": "dumba-504@appspot.gserviceaccount.com", 112 "client_id": "111", 113 "auth_uri": "https://accounts.google.com/o/oauth2/auth", 114 "token_uri": "https://accounts.google.com/o/oauth2/token", 115 "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 116 "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dumba-504%40appspot.gserviceaccount.com" 117}` 118 119func TestQuotaProjectFromCreds(t *testing.T) { 120 ctx := context.Background() 121 122 cred, err := credentialsFromJSON(ctx, []byte(validServiceAccountJSON), &DialSettings{Endpoint: "foo.googleapis.com"}) 123 if err != nil { 124 t.Fatalf("got %v, wanted no error", err) 125 } 126 if want, got := "", QuotaProjectFromCreds(cred); want != got { 127 t.Errorf("QuotaProjectFromCreds(validServiceAccountJSON): want %q, got %q", want, got) 128 } 129 130 quotaProjectJSON := []byte(` 131{ 132 "type": "authorized_user", 133 "quota_project_id": "foobar" 134}`) 135 136 cred, err = credentialsFromJSON(ctx, []byte(quotaProjectJSON), &DialSettings{Endpoint: "foo.googleapis.com"}) 137 if err != nil { 138 t.Fatalf("got %v, wanted no error", err) 139 } 140 if want, got := "foobar", QuotaProjectFromCreds(cred); want != got { 141 t.Errorf("QuotaProjectFromCreds(quotaProjectJSON): want %q, got %q", want, got) 142 } 143} 144