6565 "//iam.googleapis.com/locations//workforcePool/pool-id/providers/provider-id" ,
6666]
6767
68- VALID_TOKEN_URLS = [
69- "https://sts.googleapis.com" ,
70- "https://sts.mtls.googleapis.com" ,
71- "https://us-east-1.sts.googleapis.com" ,
72- "https://us-east-1.sts.mtls.googleapis.com" ,
73- "https://US-EAST-1.sts.googleapis.com" ,
74- "https://sts.us-east-1.googleapis.com" ,
75- "https://sts.US-WEST-1.googleapis.com" ,
76- "https://us-east-1-sts.googleapis.com" ,
77- "https://US-WEST-1-sts.googleapis.com" ,
78- "https://US-WEST-1-sts.mtls.googleapis.com" ,
79- "https://us-west-1-sts.googleapis.com/path?query" ,
80- "https://sts-us-east-1.p.googleapis.com" ,
81- "https://sts-us-east-1.p.mtls.googleapis.com" ,
82- ]
83- INVALID_TOKEN_URLS = [
84- "https://iamcredentials.googleapis.com" ,
85- "https://mtls.iamcredentials.googleapis.com" ,
86- "sts.googleapis.com" ,
87- "mtls.sts.googleapis.com" ,
88- "mtls.googleapis.com" ,
89- "https://" ,
90- "http://sts.googleapis.com" ,
91- "https://st.s.googleapis.com" ,
92- "https://us-eas\t -1.sts.googleapis.com" ,
93- "https:/us-east-1.sts.googleapis.com" ,
94- "https:/us-east-1.mtls.sts.googleapis.com" ,
95- "https://US-WE/ST-1-sts.googleapis.com" ,
96- "https://sts-us-east-1.googleapis.com" ,
97- "https://sts-US-WEST-1.googleapis.com" ,
98- "testhttps://us-east-1.sts.googleapis.com" ,
99- "https://us-east-1.sts.googleapis.comevil.com" ,
100- "https://us-east-1.us-east-1.sts.googleapis.com" ,
101- "https://us-ea.s.t.sts.googleapis.com" ,
102- "https://sts.googleapis.comevil.com" ,
103- "hhttps://us-east-1.sts.googleapis.com" ,
104- "https://us- -1.sts.googleapis.com" ,
105- "https://-sts.googleapis.com" ,
106- "https://-mtls.googleapis.com" ,
107- "https://us-east-1.sts.googleapis.com.evil.com" ,
108- "https://sts.pgoogleapis.com" ,
109- "https://p.googleapis.com" ,
110- "https://sts.p.com" ,
111- "https://sts.p.mtls.com" ,
112- "http://sts.p.googleapis.com" ,
113- "https://xyz-sts.p.googleapis.com" ,
114- "https://sts-xyz.123.p.googleapis.com" ,
115- "https://sts-xyz.p1.googleapis.com" ,
116- "https://sts-xyz.p.foo.com" ,
117- "https://sts-xyz.p.foo.googleapis.com" ,
118- "https://sts-xyz.mtls.p.foo.googleapis.com" ,
119- "https://sts-xyz.p.mtls.foo.googleapis.com" ,
120- ]
121- VALID_SERVICE_ACCOUNT_IMPERSONATION_URLS = [
122- "https://iamcredentials.googleapis.com" ,
123- "https://us-east-1.iamcredentials.googleapis.com" ,
124- "https://US-EAST-1.iamcredentials.googleapis.com" ,
125- "https://iamcredentials.us-east-1.googleapis.com" ,
126- "https://iamcredentials.US-WEST-1.googleapis.com" ,
127- "https://us-east-1-iamcredentials.googleapis.com" ,
128- "https://US-WEST-1-iamcredentials.googleapis.com" ,
129- "https://us-west-1-iamcredentials.googleapis.com/path?query" ,
130- "https://iamcredentials-us-east-1.p.googleapis.com" ,
131- ]
132- INVALID_SERVICE_ACCOUNT_IMPERSONATION_URLS = [
133- "https://sts.googleapis.com" ,
134- "iamcredentials.googleapis.com" ,
135- "https://" ,
136- "http://iamcredentials.googleapis.com" ,
137- "https://iamcre.dentials.googleapis.com" ,
138- "https://us-eas\t -1.iamcredentials.googleapis.com" ,
139- "https:/us-east-1.iamcredentials.googleapis.com" ,
140- "https://US-WE/ST-1-iamcredentials.googleapis.com" ,
141- "https://iamcredentials-us-east-1.googleapis.com" ,
142- "https://iamcredentials-US-WEST-1.googleapis.com" ,
143- "testhttps://us-east-1.iamcredentials.googleapis.com" ,
144- "https://us-east-1.iamcredentials.googleapis.comevil.com" ,
145- "https://us-east-1.us-east-1.iamcredentials.googleapis.com" ,
146- "https://us-ea.s.t.iamcredentials.googleapis.com" ,
147- "https://iamcredentials.googleapis.comevil.com" ,
148- "hhttps://us-east-1.iamcredentials.googleapis.com" ,
149- "https://us- -1.iamcredentials.googleapis.com" ,
150- "https://-iamcredentials.googleapis.com" ,
151- "https://us-east-1.iamcredentials.googleapis.com.evil.com" ,
152- "https://iamcredentials.pgoogleapis.com" ,
153- "https://p.googleapis.com" ,
154- "https://iamcredentials.p.com" ,
155- "http://iamcredentials.p.googleapis.com" ,
156- "https://xyz-iamcredentials.p.googleapis.com" ,
157- "https://iamcredentials-xyz.123.p.googleapis.com" ,
158- "https://iamcredentials-xyz.p1.googleapis.com" ,
159- "https://iamcredentials-xyz.p.foo.com" ,
160- "https://iamcredentials-xyz.p.foo.googleapis.com" ,
161- ]
162-
16368
16469class CredentialsImpl (external_account .Credentials ):
16570 def __init__ (self , ** kwargs ):
@@ -350,44 +255,6 @@ def assert_resource_manager_request_kwargs(
350255 assert request_kwargs ["headers" ] == headers
351256 assert "body" not in request_kwargs
352257
353- def test_valid_token_url_shall_pass_validation (self ):
354- valid_urls = VALID_TOKEN_URLS
355-
356- for url in valid_urls :
357- # A valid url shouldn't throw exception and a None value should be returned
358- external_account .Credentials .validate_token_url (url )
359-
360- def test_invalid_token_url_shall_throw_exceptions (self ):
361- invalid_urls = INVALID_TOKEN_URLS
362-
363- for url in invalid_urls :
364- # An invalid url should throw a ValueError exception
365- with pytest .raises (ValueError ) as excinfo :
366- external_account .Credentials .validate_token_url (url )
367-
368- assert excinfo .match ("The provided token URL is invalid." )
369-
370- def test_valid_service_account_impersonation_url_shall_pass_validation (self ):
371- valid_urls = VALID_SERVICE_ACCOUNT_IMPERSONATION_URLS
372-
373- for url in valid_urls :
374- # A valid url shouldn't throw exception and a None value should be returned
375- external_account .Credentials .validate_service_account_impersonation_url (url )
376-
377- def test_invalid_service_account_impersonate_url_shall_throw_exceptions (self ):
378- invalid_urls = INVALID_SERVICE_ACCOUNT_IMPERSONATION_URLS
379-
380- for url in invalid_urls :
381- # An invalid url should throw a ValueError exception
382- with pytest .raises (ValueError ) as excinfo :
383- external_account .Credentials .validate_service_account_impersonation_url (
384- url
385- )
386-
387- assert excinfo .match (
388- "The provided service account impersonation URL is invalid."
389- )
390-
391258 def test_default_state (self ):
392259 credentials = self .make_credentials (
393260 service_account_impersonation_url = self .SERVICE_ACCOUNT_IMPERSONATION_URL
@@ -409,31 +276,6 @@ def test_default_state(self):
409276 # Token info url not set yet
410277 assert not credentials .token_info_url
411278
412- def test_invalid_token_url (self ):
413- with pytest .raises (ValueError ) as excinfo :
414- CredentialsImpl (
415- audience = self .AUDIENCE ,
416- subject_token_type = self .SUBJECT_TOKEN_TYPE ,
417- token_url = "https:///v1/token" ,
418- credential_source = self .CREDENTIAL_SOURCE ,
419- )
420-
421- assert excinfo .match ("The provided token URL is invalid." )
422-
423- def test_invalid_service_account_impersonate_url (self ):
424- with pytest .raises (ValueError ) as excinfo :
425- CredentialsImpl (
426- audience = self .AUDIENCE ,
427- subject_token_type = self .SUBJECT_TOKEN_TYPE ,
428- token_url = self .TOKEN_URL ,
429- credential_source = self .CREDENTIAL_SOURCE ,
430- service_account_impersonation_url = 12345 , # create an exception by sending to parse url
431- )
432-
433- assert excinfo .match (
434- "The provided service account impersonation URL is invalid."
435- )
436-
437279 def test_nonworkforce_with_workforce_pool_user_project (self ):
438280 with pytest .raises (ValueError ) as excinfo :
439281 CredentialsImpl (
0 commit comments