Add service-to-service Node.js sample #1704
Conversation
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
googlebot
added
the
cla: no
|
@googlebot I signed it!
…On Fri, Apr 3, 2020, 11:43 AM googlebot ***@***.***> wrote:
Thanks for your pull request. It looks like this may be your first
contribution to a Google open source project (if not, look below for help).
Before we can look at your pull request, you'll need to sign a Contributor
License Agreement (CLA).
📝 *Please visit https://cla.developers.google.com/
<https://cla.developers.google.com/> to sign.*
Once you've signed (or fixed any issues), please reply here with @googlebot
I signed it! and we'll verify it.
------------------------------
What to do if you already signed the CLA Individual signers
- It's possible we don't have your GitHub username or you're using a
different email address on your commit. Check your existing CLA data
<https://cla.developers.google.com/clas> and verify that your email is
set on your git commits
<https://help.github.com/articles/setting-your-email-in-git/>.
Corporate signers
- Your company has a Point of Contact who decides which employees are
authorized to participate. Ask your POC to be added to the group of
authorized contributors. If you don't know who your Point of Contact is,
direct the Google project maintainer to go/cla#troubleshoot (Public
version <https://opensource.google/docs/cla/#troubleshoot>).
- The email used to register you as an authorized contributor must be
the email used for the Git commit. Check your existing CLA data
<https://cla.developers.google.com/clas> and verify that your email is
set on your git commits
<https://help.github.com/articles/setting-your-email-in-git/>.
- The email used to register you as an authorized contributor must
also be attached to your GitHub account
<https://github.com/settings/emails>.
ℹ️ *Googlers: Go here
<https://goto.google.com/prinfo/https%3A%2F%2Fgithub.com%2FGoogleCloudPlatform%2Fnodejs-docs-samples%2Fpull%2F1704>
for more info*.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1704 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJD7UOSTHS4BWGRBC7M3QSTRKYU3HANCNFSM4L4LTLNA>
.
|
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
|
You will also need to add a testing file similar to https://github.com/GoogleCloudPlatform/nodejs-docs-samples/tree/master/.kokoro/run |
Co-Authored-By: Averi Kitsch <akitsch@google.com>
Apply suggested changes
averikitsch
added
cla: yes
|
A Googler has manually verified that the CLAs look good. (Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.) ℹ️ Googlers: Go here for more info. |
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: no
| res = await requestServiceToken(''); | ||
| }); | ||
|
|
||
| it('should return an error if given invalid Receiving Service URL', () => { |
There was a problem hiding this comment.
It would be nice to have a test that passes. When running on kokoro a request to the metadata server should succeed. You could write a test that looks for the env var 'GCLOUD_PROJECT' but make a comment that it must be unset locally.
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| const requestServiceToken = async (receivingServiceURL = 'https://SERVICE_NAME-HASH-run.app') => { |
There was a problem hiding this comment.
Not sure I follow why this function exists? If we're running in an environment that can mint a token, let's write an integration test that mints the token. We can split the request function to something that returns the token from metadata so it can be tested without making an HTTP request, or we can keep this all in one but use request mocking to inspect and validate the token: https://github.com/sindresorhus/got#testing
|
|
||
| let res; | ||
|
|
||
| describe('requestServiceToken tests', () => { |
There was a problem hiding this comment.
We need some deeper test coverage: can we parse out the auth token and at least do basic validation that it's a proper JWT?
|
The ID Token library changes came together in the last month, have been released, and the Yoshi team was kind enough to create a variant of the idtoken-iap sample for Cloud Run: https://github.com/googleapis/google-auth-library-nodejs/blob/master/samples/idtokens-cloudrun.js. To avoid duplication of maintenance work and ensure the sample stays aligned with library changes, I think we should prefer using that sample. Thank you for the PR! |
Refactored snippet from service-to-service guide