Skip to content

Commit d8f4928

Browse files
authored
Merge pull request #21944 from JimmyCYJ/v1.25.x
cherry-pick #21641 #21277
2 parents bca2a30 + c9c5aa1 commit d8f4928

File tree

3 files changed

+88
-19
lines changed

3 files changed

+88
-19
lines changed

src/core/lib/security/credentials/oauth2/oauth2_credentials.cc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -609,12 +609,12 @@ class StsTokenFetcherCredentials
609609
MaybeAddToBody(&body_strvec, "scope", scope_.get());
610610
MaybeAddToBody(&body_strvec, "requested_token_type",
611611
requested_token_type_.get());
612-
if (actor_token_path_ != nullptr) {
612+
if ((actor_token_path_ != nullptr) && *actor_token_path_ != '\0') {
613613
err = LoadTokenFile(actor_token_path_.get(), &actor_token);
614614
if (err != GRPC_ERROR_NONE) return cleanup();
615615
MaybeAddToBody(
616616
&body_strvec, "actor_token",
617-
reinterpret_cast<const char*>(GRPC_SLICE_START_PTR(subject_token)));
617+
reinterpret_cast<const char*>(GRPC_SLICE_START_PTR(actor_token)));
618618
MaybeAddToBody(&body_strvec, "actor_token_type", actor_token_type_.get());
619619
}
620620
return cleanup();

test/core/security/credentials_test.cc

Lines changed: 82 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,11 @@ static const char test_signed_jwt[] =
115115
"U0MDcyZTViYTdmZDkwODg2YzcifQ";
116116
static const char test_signed_jwt_token_type[] =
117117
"urn:ietf:params:oauth:token-type:id_token";
118+
static const char test_signed_jwt2[] =
119+
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImY0OTRkN2M1YWU2MGRmOTcyNmM5YW"
120+
"U2MDcyZTViYTdnZDkwODg5YzcifQ";
121+
static const char test_signed_jwt_token_type2[] =
122+
"urn:ietf:params:oauth:token-type:jwt";
118123
static const char test_signed_jwt_path_prefix[] = "test_sign_jwt";
119124

120125
static const char test_service_url[] = "https://foo.com/foo.v1";
@@ -842,8 +847,8 @@ static void test_invalid_sts_creds_options(void) {
842847
}
843848

844849
static void validate_sts_token_http_request(const grpc_httpcli_request* request,
845-
const char* body,
846-
size_t body_size) {
850+
const char* body, size_t body_size,
851+
bool expect_actor_token) {
847852
// Check that the body is constructed properly.
848853
GPR_ASSERT(body != nullptr);
849854
GPR_ASSERT(body_size != 0);
@@ -860,8 +865,15 @@ static void validate_sts_token_http_request(const grpc_httpcli_request* request,
860865
test_signed_jwt) == 0);
861866
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "subject_token_type"),
862867
test_signed_jwt_token_type) == 0);
863-
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token") == nullptr);
864-
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token_type") == nullptr);
868+
if (expect_actor_token) {
869+
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "actor_token"),
870+
test_signed_jwt2) == 0);
871+
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "actor_token_type"),
872+
test_signed_jwt_token_type2) == 0);
873+
} else {
874+
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token") == nullptr);
875+
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token_type") == nullptr);
876+
}
865877
grpc_uri_destroy(url);
866878
gpr_free(get_url_equivalent);
867879

@@ -879,19 +891,29 @@ static int sts_token_httpcli_post_success(const grpc_httpcli_request* request,
879891
grpc_millis /*deadline*/,
880892
grpc_closure* on_done,
881893
grpc_httpcli_response* response) {
882-
validate_sts_token_http_request(request, body, body_size);
894+
validate_sts_token_http_request(request, body, body_size, true);
883895
*response = http_response(200, valid_sts_json_response);
884896
GRPC_CLOSURE_SCHED(on_done, GRPC_ERROR_NONE);
885897
return 1;
886898
}
887899

888-
static char* write_tmp_jwt_file(void) {
900+
static int sts_token_httpcli_post_success_no_actor_token(
901+
const grpc_httpcli_request* request, const char* body, size_t body_size,
902+
grpc_millis /*deadline*/, grpc_closure* on_done,
903+
grpc_httpcli_response* response) {
904+
validate_sts_token_http_request(request, body, body_size, false);
905+
*response = http_response(200, valid_sts_json_response);
906+
GRPC_CLOSURE_SCHED(on_done, GRPC_ERROR_NONE);
907+
return 1;
908+
}
909+
910+
static char* write_tmp_jwt_file(const char* jwt_contents) {
889911
char* path;
890912
FILE* tmp = gpr_tmpfile(test_signed_jwt_path_prefix, &path);
891913
GPR_ASSERT(path != nullptr);
892914
GPR_ASSERT(tmp != nullptr);
893-
size_t jwt_length = strlen(test_signed_jwt);
894-
GPR_ASSERT(fwrite(test_signed_jwt, 1, jwt_length, tmp) == jwt_length);
915+
size_t jwt_length = strlen(jwt_contents);
916+
GPR_ASSERT(fwrite(jwt_contents, 1, jwt_length, tmp) == jwt_length);
895917
fclose(tmp);
896918
return path;
897919
}
@@ -902,17 +924,18 @@ static void test_sts_creds_success(void) {
902924
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
903925
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
904926
nullptr, nullptr};
905-
char* test_signed_jwt_path = write_tmp_jwt_file();
927+
char* subject_token_path = write_tmp_jwt_file(test_signed_jwt);
928+
char* actor_token_path = write_tmp_jwt_file(test_signed_jwt2);
906929
grpc_sts_credentials_options valid_options = {
907930
test_sts_endpoint_url, // sts_endpoint_url
908931
"resource", // resource
909932
"audience", // audience
910933
"scope", // scope
911934
"requested_token_type", // requested_token_type
912-
test_signed_jwt_path, // subject_token_path
935+
subject_token_path, // subject_token_path
913936
test_signed_jwt_token_type, // subject_token_type
914-
nullptr, // actor_token_path
915-
nullptr // actor_token_type
937+
actor_token_path, // actor_token_path
938+
test_signed_jwt_token_type2 // actor_token_type
916939
};
917940
grpc_call_credentials* creds =
918941
grpc_sts_credentials_create(&valid_options, nullptr);
@@ -935,7 +958,50 @@ static void test_sts_creds_success(void) {
935958

936959
creds->Unref();
937960
grpc_httpcli_set_override(nullptr, nullptr);
938-
gpr_free(test_signed_jwt_path);
961+
gpr_free(subject_token_path);
962+
gpr_free(actor_token_path);
963+
}
964+
965+
static void test_sts_creds_no_actor_token_success(void) {
966+
grpc_core::ExecCtx exec_ctx;
967+
expected_md emd[] = {
968+
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
969+
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
970+
nullptr, nullptr};
971+
char* subject_token_path = write_tmp_jwt_file(test_signed_jwt);
972+
grpc_sts_credentials_options valid_options = {
973+
test_sts_endpoint_url, // sts_endpoint_url
974+
"resource", // resource
975+
"audience", // audience
976+
"scope", // scope
977+
"requested_token_type", // requested_token_type
978+
subject_token_path, // subject_token_path
979+
test_signed_jwt_token_type, // subject_token_type
980+
"", // actor_token_path
981+
"" // actor_token_type
982+
};
983+
grpc_call_credentials* creds =
984+
grpc_sts_credentials_create(&valid_options, nullptr);
985+
986+
/* First request: http put should be called. */
987+
request_metadata_state* state =
988+
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
989+
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
990+
sts_token_httpcli_post_success_no_actor_token);
991+
run_request_metadata_test(creds, auth_md_ctx, state);
992+
grpc_core::ExecCtx::Get()->Flush();
993+
994+
/* Second request: the cached token should be served directly. */
995+
state =
996+
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
997+
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
998+
httpcli_post_should_not_be_called);
999+
run_request_metadata_test(creds, auth_md_ctx, state);
1000+
grpc_core::ExecCtx::Get()->Flush();
1001+
1002+
creds->Unref();
1003+
grpc_httpcli_set_override(nullptr, nullptr);
1004+
gpr_free(subject_token_path);
9391005
}
9401006

9411007
static void test_sts_creds_load_token_failure(void) {
@@ -946,7 +1012,7 @@ static void test_sts_creds_load_token_failure(void) {
9461012
nullptr, 0);
9471013
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
9481014
nullptr, nullptr};
949-
char* test_signed_jwt_path = write_tmp_jwt_file();
1015+
char* test_signed_jwt_path = write_tmp_jwt_file(test_signed_jwt);
9501016
grpc_sts_credentials_options options = {
9511017
test_sts_endpoint_url, // sts_endpoint_url
9521018
"resource", // resource
@@ -975,7 +1041,7 @@ static void test_sts_creds_http_failure(void) {
9751041
nullptr, 0);
9761042
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
9771043
nullptr, nullptr};
978-
char* test_signed_jwt_path = write_tmp_jwt_file();
1044+
char* test_signed_jwt_path = write_tmp_jwt_file(test_signed_jwt);
9791045
grpc_sts_credentials_options valid_options = {
9801046
test_sts_endpoint_url, // sts_endpoint_url
9811047
"resource", // resource
@@ -1575,6 +1641,7 @@ int main(int argc, char** argv) {
15751641
test_valid_sts_creds_options();
15761642
test_invalid_sts_creds_options();
15771643
test_sts_creds_success();
1644+
test_sts_creds_no_actor_token_success();
15781645
test_sts_creds_load_token_failure();
15791646
test_sts_creds_http_failure();
15801647
test_jwt_creds_lifetime();

tools/run_tests/run_tests_matrix.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -351,7 +351,8 @@ def _create_portability_test_jobs(extra_args=[],
351351
compiler='default',
352352
labels=['portability', 'corelang'],
353353
extra_args=extra_args + ['--build_only'],
354-
inner_jobs=inner_jobs)
354+
inner_jobs=inner_jobs,
355+
timeout_seconds=_CPP_RUNTESTS_TIMEOUT)
355356

356357
# portability C and C++ on Windows using VS2017 (build only)
357358
# TODO(jtattermusch): some of the tests are failing, so we force --build_only
@@ -363,7 +364,8 @@ def _create_portability_test_jobs(extra_args=[],
363364
compiler='cmake_vs2017',
364365
labels=['portability', 'corelang'],
365366
extra_args=extra_args + ['--build_only'],
366-
inner_jobs=inner_jobs)
367+
inner_jobs=inner_jobs,
368+
timeout_seconds=_CPP_RUNTESTS_TIMEOUT)
367369

368370
# C and C++ with the c-ares DNS resolver on Linux
369371
test_jobs += _generate_jobs(

0 commit comments

Comments
 (0)