Add service-to-service Node.js sample

.kokoro/run/authentication.cfg

@@ -0,0 +1,7 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Set the folder in which the tests are run
+env_vars: {
+    key: "PROJECT"
+    value: "run/authentication"
+}

run/authentication/auth.js

@@ -0,0 +1,47 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const requestServiceToken = async (receivingServiceURL = 'https://SERVICE_NAME-HASH-run.app') => {
+// [START run_service_to_service_auth]
+
+  const gcpMetadata = require('gcp-metadata');
+  const got = require('got');
+
+  // TODO(developer): Add the URL of your receiving service
+  // const receivingServiceURL = 'https://SERVICE_NAME-HASH-run.app'
+
+  try {
+    // Set up the metadata server request URL
+    const metadataServerTokenPath = `service-accounts/default/identity?audience=${receivingServiceURL}`;
+
+    // Fetch the token and then provide it in the request to the receiving service
+    const token = await gcpMetadata.instance(metadataServerTokenPath);
+    const serviceRequestOptions = { 
+      headers: {
+        'Authorization': 'bearer ' + token
+      }
+    };
+    const serviceResponse = await got(receivingServiceURL, serviceRequestOptions);
+    return serviceResponse;
+  } catch (error) { 
+    console.log('Metadata server could not respond to query ', error);
+    return error;
+  };
+
+// [END run_service_to_service_auth]
+
+};
+requestServiceToken(...process.argv.slice(2));
+
+module.exports = requestServiceToken;

run/authentication/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "nodejs-docs-samples-run-auth",
+  "description": "Cloud Run service-to-service authentication",
+  "version": "0.0.1",
+  "private": true,
+  "license": "Apache-2.0",
+  "author": "Google LLC",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/GoogleCloudPlatform/nodejs-docs-samples.git"
+  },
+  "engines": {
+    "node": ">= 10.0.0"
+  },
+  "main": "auth.js",
+  "scripts": {
+    "start": "node auth.js",
+    "test": "mocha test/*.test.js"
+  },
+  "dependencies": {
+    "express": "^4.16.4",
+    "gcp-metadata": "^4.0.0",
+    "got": "^10.7.0"
+  },
+  "devDependencies": {
+    "mocha": "^7.0.0"
+  }
+}

run/authentication/test/auth.test.js

@@ -0,0 +1,30 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const assert = require('assert');
+const requestServiceToken = require('../auth.js');
+
+let res;
+
+describe('requestServiceToken tests', () => {
+  before(async function () {
+    this.timeout(3000);
+    res = await requestServiceToken('');
+  });
+
+  it('should return an error if given invalid Receiving Service URL', () => {
+    assert.strictEqual(typeof res, 'object'); 
+    assert.strictEqual(res.code, 'EHOSTDOWN');
+  });
+});