From fa85e02a67cce380ee61ca2f2fcf3c903ebacf01 Mon Sep 17 00:00:00 2001 From: Leonardo Siracusa Date: Tue, 21 Sep 2021 19:19:55 -0400 Subject: [PATCH 1/2] fix: workforce audience --- .../auth/oauth2/IdentityPoolCredentials.java | 2 +- .../ExternalAccountCredentialsTest.java | 22 +++++++++---------- .../oauth2/IdentityPoolCredentialsTest.java | 18 +++++++-------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java index d19b2a0dc..149222c05 100644 --- a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java @@ -283,7 +283,7 @@ private String getSubjectTokenFromMetadataServer() throws IOException { public boolean isWorkforcePoolConfiguration() { Pattern workforceAudiencePattern = Pattern.compile( - "^//iam.googleapis.com/projects/.+/locations/.+/workforcePools/.+/providers/.+$"); + "^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$"); return workforcePoolUserProject != null && !workforcePoolUserProject.isEmpty() && workforceAudiencePattern.matcher(getAudience()).matches(); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java index e53377e13..0e5b36636 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java @@ -175,7 +175,7 @@ public void fromJson_identityPoolCredentialsWorkforce() { assertTrue(credential instanceof IdentityPoolCredentials); assertEquals( - "//iam.googleapis.com/projects/123/locations/global/workforcePools/pool/providers/provider", + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -236,17 +236,17 @@ public void fromJson_nullTransport_throws() { } @Test - public void fromJson_invalidWorkloadAudiences_throws() { + public void fromJson_invalidWorkforceAudiences_throws() { List invalidAudiences = Arrays.asList( - "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider", - "//iam.googleapis.com/projects/y16/locations/global/workforcepools/pool/providers/provider", - "//iam.googleapis.com/projects/z6/locations/global/workforcePools/providers/provider", - "//iam.googleapis.com/projects/aa4/locations/global/workforcePools/providers", - "//iam.googleapis.com/projects/b5/locations/global/workforcePools/", - "//iam.googleapis.com/projects/6c/locations//workforcePools/providers", - "//iam.googleapis.com/projects/df7/notlocations/global/workforcePools/providers", - "//iam.googleapis.com/projects/e6/locations/global/workforce/providers"); + "//iam.googleapis.com/locations/global/workloadIdentityPools/pool/providers/provider", + "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", + "//iam.googleapis.com/locations/global/workforcePools/providers/provider", + "//iam.googleapis.com/locations/global/workforcePools/providers", + "//iam.googleapis.com/locations/global/workforcePools/", + "//iam.googleapis.com/locations//workforcePools/providers", + "//iam.googleapis.com/notlocations/global/workforcePools/providers", + "//iam.googleapis.com/locations/global/workforce/providers"); for (String audience : invalidAudiences) { try { @@ -544,7 +544,7 @@ private GenericJson buildJsonIdentityPoolWorkforceCredential() { GenericJson json = buildJsonIdentityPoolCredential(); json.put( "audience", - "//iam.googleapis.com/projects/123/locations/global/workforcePools/pool/providers/provider"); + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider"); json.put("workforce_pool_user_project", "userProject"); return json; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java index a1dd115e1..da4d1fcdf 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java @@ -338,7 +338,7 @@ public void refreshAccessToken_internalOptionsSet() throws IOException { IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL) .setWorkforcePoolUserProject("userProject") .setAudience( - "//iam.googleapis.com/projects/123/locations/global/workforcePools/pool/providers/provider") + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") .setTokenUrl(transportFactory.transport.getStsUrl()) .setHttpTransportFactory(transportFactory) .setCredentialSource( @@ -490,13 +490,13 @@ public void builder_invalidWorkforceAudiences_throws() { Arrays.asList( "", "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider", - "//iam.googleapis.com/projects/y16/locations/global/workforcepools/pool/providers/provider", - "//iam.googleapis.com/projects/z6/locations/global/workforcePools/providers/provider", - "//iam.googleapis.com/projects/aa4/locations/global/workforcePools/providers", - "//iam.googleapis.com/projects/b5/locations/global/workforcePools/", - "//iam.googleapis.com/projects/6c/locations//workforcePools/providers", - "//iam.googleapis.com/projects/df7/notlocations/global/workforcePools/providers", - "//iam.googleapis.com/projects/e6/locations/global/workforce/providers"); + "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", + "//iam.googleapis.com/locations/global/workforcePools/providers/provider", + "//iam.googleapis.com/locations/global/workforcePools/providers", + "//iam.googleapis.com/locations/global/workforcePools/", + "//iam.googleapis.com/locations//workforcePools/providers", + "//iam.googleapis.com/notlocations/global/workforcePools/providers", + "//iam.googleapis.com/locations/global/workforce/providers"); for (String audience : invalidAudiences) { try { @@ -526,7 +526,7 @@ public void builder_emptyWorkforceUserProjectWithWorkforceAudience_throws() { .setWorkforcePoolUserProject("") .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) .setAudience( - "//iam.googleapis.com/projects/123/locations/global/workforcePools/providers/provider") + "//iam.googleapis.com/locations/global/workforcePools/providers/provider") .setSubjectTokenType("subjectTokenType") .setTokenUrl(STS_URL) .setTokenInfoUrl("tokenInfoUrl") From 5f11bc4d5b04202346dcf0c8eca161446ded21d6 Mon Sep 17 00:00:00 2001 From: Leonardo Siracusa Date: Tue, 21 Sep 2021 19:23:28 -0400 Subject: [PATCH 2/2] fix: format --- .../java/com/google/auth/oauth2/IdentityPoolCredentials.java | 3 +-- .../com/google/auth/oauth2/ExternalAccountCredentialsTest.java | 3 +-- .../com/google/auth/oauth2/IdentityPoolCredentialsTest.java | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java index 149222c05..1257a575c 100644 --- a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java @@ -282,8 +282,7 @@ private String getSubjectTokenFromMetadataServer() throws IOException { */ public boolean isWorkforcePoolConfiguration() { Pattern workforceAudiencePattern = - Pattern.compile( - "^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$"); + Pattern.compile("^//iam.googleapis.com/locations/.+/workforcePools/.+/providers/.+$"); return workforcePoolUserProject != null && !workforcePoolUserProject.isEmpty() && workforceAudiencePattern.matcher(getAudience()).matches(); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java index 0e5b36636..1416ba964 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java @@ -543,8 +543,7 @@ private GenericJson buildJsonIdentityPoolCredential() { private GenericJson buildJsonIdentityPoolWorkforceCredential() { GenericJson json = buildJsonIdentityPoolCredential(); json.put( - "audience", - "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider"); + "audience", "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider"); json.put("workforce_pool_user_project", "userProject"); return json; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java index da4d1fcdf..b240e1d16 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java @@ -525,8 +525,7 @@ public void builder_emptyWorkforceUserProjectWithWorkforceAudience_throws() { IdentityPoolCredentials.newBuilder() .setWorkforcePoolUserProject("") .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience( - "//iam.googleapis.com/locations/global/workforcePools/providers/provider") + .setAudience("//iam.googleapis.com/locations/global/workforcePools/providers/provider") .setSubjectTokenType("subjectTokenType") .setTokenUrl(STS_URL) .setTokenInfoUrl("tokenInfoUrl")