Skip to content

Commit adffd94

Browse files
quartzmogopherbot
authored andcommitted
google/internal/externalaccount: update serviceAccountImpersonationRE to support universe domain
Change-Id: Iafe35c293209bd88997c876341ebde7ac9ecda93 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/557195 TryBot-Bypass: Cody Oss <codyoss@google.com> Reviewed-by: Cody Oss <codyoss@google.com> Auto-Submit: Cody Oss <codyoss@google.com>
1 parent deefa7e commit adffd94

File tree

2 files changed

+35
-1
lines changed

2 files changed

+35
-1
lines changed

google/internal/externalaccount/executablecredsource.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import (
1919
"time"
2020
)
2121

22-
var serviceAccountImpersonationRE = regexp.MustCompile("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/(.*@.*):generateAccessToken")
22+
var serviceAccountImpersonationRE = regexp.MustCompile("https://iamcredentials\\..+/v1/projects/-/serviceAccounts/(.*@.*):generateAccessToken")
2323

2424
const (
2525
executableSupportedMaxVersion = 1

google/internal/externalaccount/executablecredsource_test.go

+34
Original file line numberDiff line numberDiff line change
@@ -1021,3 +1021,37 @@ func TestRetrieveOutputFileSubjectTokenJwt(t *testing.T) {
10211021
})
10221022
}
10231023
}
1024+
1025+
func TestServiceAccountImpersonationRE(t *testing.T) {
1026+
tests := []struct {
1027+
name string
1028+
serviceAccountImpersonationURL string
1029+
want string
1030+
}{
1031+
{
1032+
name: "universe domain Google Default Universe (GDU) googleapis.com",
1033+
serviceAccountImpersonationURL: "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/test@project.iam.gserviceaccount.com:generateAccessToken",
1034+
want: "test@project.iam.gserviceaccount.com",
1035+
},
1036+
{
1037+
name: "email does not match",
1038+
serviceAccountImpersonationURL: "test@project.iam.gserviceaccount.com",
1039+
want: "",
1040+
},
1041+
{
1042+
name: "universe domain non-GDU",
1043+
serviceAccountImpersonationURL: "https://iamcredentials.apis-tpclp.goog/v1/projects/-/serviceAccounts/test@project.iam.gserviceaccount.com:generateAccessToken",
1044+
want: "test@project.iam.gserviceaccount.com",
1045+
},
1046+
}
1047+
for _, tt := range tests {
1048+
matches := serviceAccountImpersonationRE.FindStringSubmatch(tt.serviceAccountImpersonationURL)
1049+
if matches == nil {
1050+
if tt.want != "" {
1051+
t.Errorf("%q: got nil, want %q", tt.name, tt.want)
1052+
}
1053+
} else if matches[1] != tt.want {
1054+
t.Errorf("%q: got %q, want %q", tt.name, matches[1], tt.want)
1055+
}
1056+
}
1057+
}

0 commit comments

Comments
 (0)