3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-18 19:47:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: move service account normalization to its own function

Browse source 
This helps testing the code easier, increase coverage.
This commit is contained in:
Cuong Manh Le 2020-08-06 13:19:23 +07:00
parent e6c78f10e9
commit 0624658e4b
2 changed files with 46 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

33
authorize/google_cloud_serverless.go
View file

@ -80,6 +80,20 @@ var (
}
)
func normalizeServiceAccount(serviceAccount string) (string, error) {
serviceAccount = strings.TrimSpace(serviceAccount)
// the service account can be base64 encoded
if !strings.HasPrefix(serviceAccount, "{") {
bs, err := base64.StdEncoding.DecodeString(serviceAccount)
if err != nil {
return "", err
}
serviceAccount = string(bs)
}
return serviceAccount, nil
}
func getGoogleCloudServerlessTokenSource(serviceAccount, audience string) (oauth2.TokenSource, error) {
key := gcpTokenSourceKey{
serviceAccount: serviceAccount,
@ -99,22 +113,15 @@ func getGoogleCloudServerlessTokenSource(serviceAccount, audience string) (oauth
audience: audience,
})
} else {
serviceAccount = strings.TrimSpace(serviceAccount)
// the service account can be base64 encoded
if !strings.HasPrefix(serviceAccount, "{") {
bs, err := base64.StdEncoding.DecodeString(serviceAccount)
if err != nil {
return nil, err
}
serviceAccount = string(bs)
}
var err error
src, err = idtoken.NewTokenSource(context.Background(), audience, idtoken.WithCredentialsJSON([]byte(serviceAccount)))
serviceAccount, err := normalizeServiceAccount(serviceAccount)
if err != nil {
return nil, err
}
newSrc, err := idtoken.NewTokenSource(context.Background(), audience, idtoken.WithCredentialsJSON([]byte(serviceAccount)))
if err != nil {
return nil, err
}
src = newSrc
}
gcpTokenSources.m[key] = src