Skip to content

Commit

Permalink
feat: adding validation for psc endpoints (#1473)
Browse files Browse the repository at this point in the history
* feat: adding validation for psc endpoints

* lint fix

* adding test cases
  • Loading branch information
aeitzman authored Oct 6, 2022
1 parent 137883a commit 4bbd13f
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/auth/baseexternalclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -606,6 +606,14 @@ export abstract class BaseExternalAccountClient extends AuthClient {
apiName +
GOOGLE_APIS_DOMAIN_PATTERN
),
new RegExp(
'^' +
apiName +
'\\-' +
VARIABLE_PORTION_PATTERN +
'\\.p' +
GOOGLE_APIS_DOMAIN_PATTERN
),
];
for (const googleAPIsDomainPattern of googleAPIsDomainPatterns) {
if (urlDomain.match(googleAPIsDomainPattern)) {
Expand Down
24 changes: 24 additions & 0 deletions test/test.baseexternalclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,15 @@ describe('BaseExternalAccountClient', () => {
'https://us-east- 1.sts.googleapis.com',
'https://us/.east/.1.sts.googleapis.com',
'https://us.ea\\st.1.sts.googleapis.com',
'https://sts.pgoogleapis.com',
'https://p.googleapis.com',
'https://sts.p.com',
'http://sts.p.googleapis.com',
'https://xyz-sts.p.googleapis.com',
'https://sts-xyz.123.p.googleapis.com',
'https://sts-xyz.p1.googleapis.com',
'https://sts-xyz.p.foo.com',
'https://sts-xyz.p.foo.googleapis.com',
];
invalidTokenUrls.forEach(invalidTokenUrl => {
it(`should throw on invalid token url: ${invalidTokenUrl}`, () => {
Expand All @@ -200,6 +209,9 @@ describe('BaseExternalAccountClient', () => {
'https://us-west-1-sts.googleapis.com',
'https://exmaple.sts.googleapis.com',
'https://example-sts.googleapis.com',
'https://sts-xyz123.p.googleapis.com',
'https://sts-xyz-123.p.googleapis.com',
'https://sts-xys123.p.googleapis.com/path/to/example',
];
const validOptions = Object.assign({}, externalAccountOptions);
for (const validTokenUrl of validTokenUrls) {
Expand Down Expand Up @@ -227,6 +239,15 @@ describe('BaseExternalAccountClient', () => {
'https://us-east- 1.iamcredentials.googleapis.com',
'https://us/.east/.1.iamcredentials.googleapis.com',
'https://us.ea\\st.1.iamcredentials.googleapis.com',
'https://iamcredentials.pgoogleapis.com',
'https://p.googleapis.com',
'https://iamcredentials.p.com',
'http://iamcredentials.p.googleapis.com',
'https://xyz-iamcredentials.p.googleapis.com',
'https://iamcredentials-xyz.123.p.googleapis.com',
'https://iamcredentials-xyz.p1.googleapis.com',
'https://iamcredentials-xyz.p.foo.com',
'https://iamcredentials-xyz.p.foo.googleapis.com',
];
invalidServiceAccountImpersonationUrls.forEach(
invalidServiceAccountImpersonationUrl => {
Expand Down Expand Up @@ -258,6 +279,9 @@ describe('BaseExternalAccountClient', () => {
'https://us-west-1-iamcredentials.googleapis.com',
'https://example.iamcredentials.googleapis.com',
'https://example-iamcredentials.googleapis.com',
'https://iamcredentials-xyz123.p.googleapis.com',
'https://iamcredentials-xyz-123.p.googleapis.com',
'https://iamcredentials-xys123.p.googleapis.com/path/to/example',
];
const validOptions = Object.assign({}, externalAccountOptionsWithSA);
for (const validServiceAccountImpersonationUrl of validServiceAccountImpersonationUrls) {
Expand Down

0 comments on commit 4bbd13f

Please sign in to comment.