@@ -115,6 +115,11 @@ static const char test_signed_jwt[] =
115115 " U0MDcyZTViYTdmZDkwODg2YzcifQ"
116116static const char test_signed_jwt_token_type[] =
117117 " urn:ietf:params:oauth:token-type:id_token"
118+ static const char test_signed_jwt2[] =
119+ " eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImY0OTRkN2M1YWU2MGRmOTcyNmM5YW"
120+ " U2MDcyZTViYTdnZDkwODg5YzcifQ"
121+ static const char test_signed_jwt_token_type2[] =
122+ " urn:ietf:params:oauth:token-type:jwt"
118123static const char test_signed_jwt_path_prefix[] = " test_sign_jwt"
119124
120125static const char test_service_url[] = " https://foo.com/foo.v1"
@@ -842,8 +847,8 @@ static void test_invalid_sts_creds_options(void) {
842847}
843848
844849static void validate_sts_token_http_request (const grpc_httpcli_request* request,
845- const char * body,
846- size_t body_size ) {
850+ const char * body, size_t body_size,
851+ bool expect_actor_token ) {
847852 // Check that the body is constructed properly.
848853 GPR_ASSERT (body != nullptr );
849854 GPR_ASSERT (body_size != 0 );
@@ -860,8 +865,15 @@ static void validate_sts_token_http_request(const grpc_httpcli_request* request,
860865 test_signed_jwt) == 0 );
861866 GPR_ASSERT (strcmp (grpc_uri_get_query_arg (url, " subject_token_type"
862867 test_signed_jwt_token_type) == 0 );
863- GPR_ASSERT (grpc_uri_get_query_arg (url, " actor_token" nullptr );
864- GPR_ASSERT (grpc_uri_get_query_arg (url, " actor_token_type" nullptr );
868+ if (expect_actor_token) {
869+ GPR_ASSERT (strcmp (grpc_uri_get_query_arg (url, " actor_token"
870+ test_signed_jwt2) == 0 );
871+ GPR_ASSERT (strcmp (grpc_uri_get_query_arg (url, " actor_token_type"
872+ test_signed_jwt_token_type2) == 0 );
873+ } else {
874+ GPR_ASSERT (grpc_uri_get_query_arg (url, " actor_token" nullptr );
875+ GPR_ASSERT (grpc_uri_get_query_arg (url, " actor_token_type" nullptr );
876+ }
865877 grpc_uri_destroy (url);
866878 gpr_free (get_url_equivalent);
867879
@@ -879,19 +891,29 @@ static int sts_token_httpcli_post_success(const grpc_httpcli_request* request,
879891 grpc_millis /* deadline*/
880892 grpc_closure* on_done,
881893 grpc_httpcli_response* response) {
882- validate_sts_token_http_request (request, body, body_size);
894+ validate_sts_token_http_request (request, body, body_size, true );
883895 *response = http_response (200 , valid_sts_json_response);
884896 GRPC_CLOSURE_SCHED (on_done, GRPC_ERROR_NONE);
885897 return 1 ;
886898}
887899
888- static char * write_tmp_jwt_file (void ) {
900+ static int sts_token_httpcli_post_success_no_actor_token (
901+ const grpc_httpcli_request* request, const char * body, size_t body_size,
902+ grpc_millis /* deadline*/
903+ grpc_httpcli_response* response) {
904+ validate_sts_token_http_request (request, body, body_size, false );
905+ *response = http_response (200 , valid_sts_json_response);
906+ GRPC_CLOSURE_SCHED (on_done, GRPC_ERROR_NONE);
907+ return 1 ;
908+ }
909+
910+ static char * write_tmp_jwt_file (const char * jwt_contents) {
889911 char * path;
890912 FILE* tmp = gpr_tmpfile (test_signed_jwt_path_prefix, &path);
891913 GPR_ASSERT (path != nullptr );
892914 GPR_ASSERT (tmp != nullptr );
893- size_t jwt_length = strlen (test_signed_jwt );
894- GPR_ASSERT (fwrite (test_signed_jwt , 1 , jwt_length, tmp) == jwt_length);
915+ size_t jwt_length = strlen (jwt_contents );
916+ GPR_ASSERT (fwrite (jwt_contents , 1 , jwt_length, tmp) == jwt_length);
895917 fclose (tmp);
896918 return path;
897919}
@@ -902,17 +924,18 @@ static void test_sts_creds_success(void) {
902924 {" authorization" " Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"
903925 grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
904926 nullptr , nullptr };
905- char * test_signed_jwt_path = write_tmp_jwt_file ();
927+ char * subject_token_path = write_tmp_jwt_file (test_signed_jwt);
928+ char * actor_token_path = write_tmp_jwt_file (test_signed_jwt2);
906929 grpc_sts_credentials_options valid_options = {
907930 test_sts_endpoint_url, // sts_endpoint_url
908931 " resource" // resource
909932 " audience" // audience
910933 " scope" // scope
911934 " requested_token_type" // requested_token_type
912- test_signed_jwt_path, // subject_token_path
935+ subject_token_path, // subject_token_path
913936 test_signed_jwt_token_type, // subject_token_type
914- nullptr , // actor_token_path
915- nullptr // actor_token_type
937+ actor_token_path, // actor_token_path
938+ test_signed_jwt_token_type2 // actor_token_type
916939 };
917940 grpc_call_credentials* creds =
918941 grpc_sts_credentials_create (&valid_options, nullptr );
@@ -935,7 +958,50 @@ static void test_sts_creds_success(void) {
935958
936959 creds->Unref ();
937960 grpc_httpcli_set_override (nullptr , nullptr );
938- gpr_free (test_signed_jwt_path);
961+ gpr_free (subject_token_path);
962+ gpr_free (actor_token_path);
963+ }
964+
965+ static void test_sts_creds_no_actor_token_success (void ) {
966+ grpc_core::ExecCtx exec_ctx;
967+ expected_md emd[] = {
968+ {" authorization" " Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"
969+ grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
970+ nullptr , nullptr };
971+ char * subject_token_path = write_tmp_jwt_file (test_signed_jwt);
972+ grpc_sts_credentials_options valid_options = {
973+ test_sts_endpoint_url, // sts_endpoint_url
974+ " resource" // resource
975+ " audience" // audience
976+ " scope" // scope
977+ " requested_token_type" // requested_token_type
978+ subject_token_path, // subject_token_path
979+ test_signed_jwt_token_type, // subject_token_type
980+ " " // actor_token_path
981+ " " // actor_token_type
982+ };
983+ grpc_call_credentials* creds =
984+ grpc_sts_credentials_create (&valid_options, nullptr );
985+
986+ /* First request: http put should be called. */
987+ request_metadata_state* state =
988+ make_request_metadata_state (GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE (emd));
989+ grpc_httpcli_set_override (httpcli_get_should_not_be_called,
990+ sts_token_httpcli_post_success_no_actor_token);
991+ run_request_metadata_test (creds, auth_md_ctx, state);
992+ grpc_core::ExecCtx::Get ()->Flush ();
993+
994+ /* Second request: the cached token should be served directly. */
995+ state =
996+ make_request_metadata_state (GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE (emd));
997+ grpc_httpcli_set_override (httpcli_get_should_not_be_called,
998+ httpcli_post_should_not_be_called);
999+ run_request_metadata_test (creds, auth_md_ctx, state);
1000+ grpc_core::ExecCtx::Get ()->Flush ();
1001+
1002+ creds->Unref ();
1003+ grpc_httpcli_set_override (nullptr , nullptr );
1004+ gpr_free (subject_token_path);
9391005}
9401006
9411007static void test_sts_creds_load_token_failure (void ) {
@@ -946,7 +1012,7 @@ static void test_sts_creds_load_token_failure(void) {
9461012 nullptr , 0 );
9471013 grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
9481014 nullptr , nullptr };
949- char * test_signed_jwt_path = write_tmp_jwt_file ();
1015+ char * test_signed_jwt_path = write_tmp_jwt_file (test_signed_jwt );
9501016 grpc_sts_credentials_options options = {
9511017 test_sts_endpoint_url, // sts_endpoint_url
9521018 " resource" // resource
@@ -975,7 +1041,7 @@ static void test_sts_creds_http_failure(void) {
9751041 nullptr , 0 );
9761042 grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
9771043 nullptr , nullptr };
978- char * test_signed_jwt_path = write_tmp_jwt_file ();
1044+ char * test_signed_jwt_path = write_tmp_jwt_file (test_signed_jwt );
9791045 grpc_sts_credentials_options valid_options = {
9801046 test_sts_endpoint_url, // sts_endpoint_url
9811047 " resource" // resource
@@ -1575,6 +1641,7 @@ int main(int argc, char** argv) {
15751641 test_valid_sts_creds_options ();
15761642 test_invalid_sts_creds_options ();
15771643 test_sts_creds_success ();
1644+ test_sts_creds_no_actor_token_success ();
15781645 test_sts_creds_load_token_failure ();
15791646 test_sts_creds_http_failure ();
15801647 test_jwt_creds_lifetime ();
0 commit comments