From f9a44934e9e12d01065e8cb9846c6991f7ab47d2 Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Wed, 10 Feb 2021 17:39:58 -0800 Subject: [PATCH 1/4] Added in fixes found during manual testing of Azure import. Change-Id: Icf21d58732fdf4e3caaca015bc10d84613d0f423 --- google/internal/externalaccount/basecredentials.go | 2 +- google/internal/externalaccount/impersonate.go | 2 +- google/internal/externalaccount/sts_exchange.go | 8 ++++++-- google/internal/externalaccount/urlcredsource.go | 3 +++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/google/internal/externalaccount/basecredentials.go b/google/internal/externalaccount/basecredentials.go index 57a587097..2eb5c8e24 100644 --- a/google/internal/externalaccount/basecredentials.go +++ b/google/internal/externalaccount/basecredentials.go @@ -96,7 +96,7 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) { } else if c.CredentialSource.File != "" { return fileCredentialSource{File: c.CredentialSource.File, Format: c.CredentialSource.Format}, nil } else if c.CredentialSource.URL != "" { - return urlCredentialSource{URL: c.CredentialSource.URL, Format: c.CredentialSource.Format, ctx: ctx}, nil + return urlCredentialSource{URL: c.CredentialSource.URL, Headers: c.CredentialSource.Headers, Format: c.CredentialSource.Format, ctx: ctx}, nil } return nil, fmt.Errorf("oauth2/google: unable to parse credential source") } diff --git a/google/internal/externalaccount/impersonate.go b/google/internal/externalaccount/impersonate.go index 1d29c467f..f848bff64 100644 --- a/google/internal/externalaccount/impersonate.go +++ b/google/internal/externalaccount/impersonate.go @@ -64,7 +64,7 @@ func (its impersonateTokenSource) Token() (*oauth2.Token, error) { return nil, fmt.Errorf("oauth2/google: unable to read body: %v", err) } if c := resp.StatusCode; c < 200 || c > 299 { - return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body) + return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, string(body)) } var accessTokenResp impersonateTokenResponse diff --git a/google/internal/externalaccount/sts_exchange.go b/google/internal/externalaccount/sts_exchange.go index 1a1c9b411..9ed47790e 100644 --- a/google/internal/externalaccount/sts_exchange.go +++ b/google/internal/externalaccount/sts_exchange.go @@ -9,6 +9,7 @@ import ( "encoding/json" "fmt" "io" + "io/ioutil" "net/http" "net/url" "strconv" @@ -63,9 +64,12 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan } defer resp.Body.Close() - bodyJson := json.NewDecoder(io.LimitReader(resp.Body, 1<<20)) + body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20)) + if c := resp.StatusCode; c < 200 || c > 299 { + return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, string(body)) + } var stsResp STSTokenExchangeResponse - err = bodyJson.Decode(&stsResp) + json.Unmarshal(body, &stsResp) if err != nil { return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err) diff --git a/google/internal/externalaccount/urlcredsource.go b/google/internal/externalaccount/urlcredsource.go index b0d5d35e7..dce704eba 100644 --- a/google/internal/externalaccount/urlcredsource.go +++ b/google/internal/externalaccount/urlcredsource.go @@ -43,6 +43,9 @@ func (cs urlCredentialSource) subjectToken() (string, error) { if err != nil { return "", fmt.Errorf("oauth2/google: invalid body in subject token URL query: %v", err) } + if c := resp.StatusCode; c < 200 || c > 299 { + return "", fmt.Errorf("oauth2/google: status code %d: %s", c, string(tokenBytes)) + } switch cs.Format.Type { case "json": From 483d2860a6377ec78a531eb8dd02c7b34a87a416 Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Thu, 11 Feb 2021 03:09:42 -0800 Subject: [PATCH 2/4] Fixed testing error. Change-Id: I93775afcec60f24913ed55911b75c01bd44664b3 --- google/internal/externalaccount/sts_exchange.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/internal/externalaccount/sts_exchange.go b/google/internal/externalaccount/sts_exchange.go index 9ed47790e..ca5f53e62 100644 --- a/google/internal/externalaccount/sts_exchange.go +++ b/google/internal/externalaccount/sts_exchange.go @@ -69,7 +69,7 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, string(body)) } var stsResp STSTokenExchangeResponse - json.Unmarshal(body, &stsResp) + err = json.Unmarshal(body, &stsResp) if err != nil { return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err) From 3cb804a538bfca6f29980d170ed151b4b055990a Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Thu, 11 Feb 2021 13:15:22 -0800 Subject: [PATCH 3/4] Fixed nits from Cody. Change-Id: I037f7313217d75f29f7150c53c1cd28a0ec7ea35 --- google/internal/externalaccount/impersonate.go | 2 +- google/internal/externalaccount/sts_exchange.go | 2 +- google/internal/externalaccount/sts_exchange_test.go | 2 +- google/internal/externalaccount/urlcredsource.go | 10 +++++----- google/internal/externalaccount/urlcredsource_test.go | 8 ++++++++ 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/google/internal/externalaccount/impersonate.go b/google/internal/externalaccount/impersonate.go index f848bff64..1d29c467f 100644 --- a/google/internal/externalaccount/impersonate.go +++ b/google/internal/externalaccount/impersonate.go @@ -64,7 +64,7 @@ func (its impersonateTokenSource) Token() (*oauth2.Token, error) { return nil, fmt.Errorf("oauth2/google: unable to read body: %v", err) } if c := resp.StatusCode; c < 200 || c > 299 { - return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, string(body)) + return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body) } var accessTokenResp impersonateTokenResponse diff --git a/google/internal/externalaccount/sts_exchange.go b/google/internal/externalaccount/sts_exchange.go index ca5f53e62..fbb477d10 100644 --- a/google/internal/externalaccount/sts_exchange.go +++ b/google/internal/externalaccount/sts_exchange.go @@ -66,7 +66,7 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20)) if c := resp.StatusCode; c < 200 || c > 299 { - return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, string(body)) + return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body) } var stsResp STSTokenExchangeResponse err = json.Unmarshal(body, &stsResp) diff --git a/google/internal/externalaccount/sts_exchange_test.go b/google/internal/externalaccount/sts_exchange_test.go index 16c86a3b6..7f6ce6783 100644 --- a/google/internal/externalaccount/sts_exchange_test.go +++ b/google/internal/externalaccount/sts_exchange_test.go @@ -97,7 +97,7 @@ func TestExchangeToken_Err(t *testing.T) { headers.Add("Content-Type", "application/x-www-form-urlencoded") _, err := ExchangeToken(context.Background(), ts.URL, &tokenRequest, auth, headers, nil) if err == nil { - t.Errorf("Expected handled error; instead got nil.") + t.Errorf(" Expected handled error; instead got nil.") } } diff --git a/google/internal/externalaccount/urlcredsource.go b/google/internal/externalaccount/urlcredsource.go index dce704eba..91b8f2002 100644 --- a/google/internal/externalaccount/urlcredsource.go +++ b/google/internal/externalaccount/urlcredsource.go @@ -39,18 +39,18 @@ func (cs urlCredentialSource) subjectToken() (string, error) { } defer resp.Body.Close() - tokenBytes, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20)) + respBody, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20)) if err != nil { return "", fmt.Errorf("oauth2/google: invalid body in subject token URL query: %v", err) } if c := resp.StatusCode; c < 200 || c > 299 { - return "", fmt.Errorf("oauth2/google: status code %d: %s", c, string(tokenBytes)) + return "", fmt.Errorf("oauth2/google: status code %d: %s", c, respBody) } switch cs.Format.Type { case "json": jsonData := make(map[string]interface{}) - err = json.Unmarshal(tokenBytes, &jsonData) + err = json.Unmarshal(respBody, &jsonData) if err != nil { return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %v", err) } @@ -64,9 +64,9 @@ func (cs urlCredentialSource) subjectToken() (string, error) { } return token, nil case "text": - return string(tokenBytes), nil + return string(respBody), nil case "": - return string(tokenBytes), nil + return string(respBody), nil default: return "", errors.New("oauth2/google: invalid credential_source file format type") } diff --git a/google/internal/externalaccount/urlcredsource_test.go b/google/internal/externalaccount/urlcredsource_test.go index 1b78e6802..6874f11ca 100644 --- a/google/internal/externalaccount/urlcredsource_test.go +++ b/google/internal/externalaccount/urlcredsource_test.go @@ -7,6 +7,7 @@ package externalaccount import ( "context" "encoding/json" + "fmt" "net/http" "net/http/httptest" "testing" @@ -19,11 +20,18 @@ func TestRetrieveURLSubjectToken_Text(t *testing.T) { if r.Method != "GET" { t.Errorf("Unexpected request method, %v is found", r.Method) } + fmt.Println(r.Header) + if r.Header.Get("Metadata") != "True" { + t.Errorf("Metadata header not properly included.") + } w.Write([]byte("testTokenValue")) })) + heads := make(map[string]string) + heads["Metadata"] = "True" cs := CredentialSource{ URL: ts.URL, Format: format{Type: fileTypeText}, + Headers: heads, } tfc := testFileConfig tfc.CredentialSource = cs From 56907163634bb65457c12320b4081e919cfbbcb2 Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Fri, 12 Feb 2021 12:04:01 -0800 Subject: [PATCH 4/4] Removed extraneous whitespace. Change-Id: I591e9aafef142593a9ae2071ead388d9d311552f --- google/internal/externalaccount/sts_exchange_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/internal/externalaccount/sts_exchange_test.go b/google/internal/externalaccount/sts_exchange_test.go index 7f6ce6783..16c86a3b6 100644 --- a/google/internal/externalaccount/sts_exchange_test.go +++ b/google/internal/externalaccount/sts_exchange_test.go @@ -97,7 +97,7 @@ func TestExchangeToken_Err(t *testing.T) { headers.Add("Content-Type", "application/x-www-form-urlencoded") _, err := ExchangeToken(context.Background(), ts.URL, &tokenRequest, auth, headers, nil) if err == nil { - t.Errorf(" Expected handled error; instead got nil.") + t.Errorf("Expected handled error; instead got nil.") } }