aboutsummaryrefslogtreecommitdiffhomepage
path: root/test
diff options
context:
space:
mode:
authorGravatar Julien Boeuf <jboeuf@google.com>2017-04-24 13:55:46 -0700
committerGravatar Julien Boeuf <jboeuf@google.com>2017-07-13 21:58:01 -0700
commitda8eca56e20fcd18fb1e138bc575d07cc49d8f2c (patch)
tree5b6e8cc2822cb17ad81498efac4008782606aac8 /test
parente48bff9ba03bfa76eba5f1e63949f89a60f32a77 (diff)
Better handling of token lifetime.
- In C++, we need a constant for the max lifetime. - In C, make sure that we crop the lifetime in the credentials object itself and not just later during the creation of the token. This will allow the refresh to occur based on the actual token lifetime as opposed to the one from the user (which may be cropped).
Diffstat (limited to 'test')
-rw-r--r--test/core/security/credentials_test.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 9d419c78ea..a76cb0499d 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -816,6 +816,45 @@ static void on_jwt_creds_get_metadata_failure(
GPR_ASSERT(strcmp((const char *)user_data, test_user_data) == 0);
}
+static grpc_service_account_jwt_access_credentials *creds_as_jwt(
+ grpc_call_credentials *creds) {
+ GPR_ASSERT(creds != NULL);
+ GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_JWT) == 0);
+ return (grpc_service_account_jwt_access_credentials *)creds;
+}
+
+static void test_jwt_creds_lifetime(void) {
+ char *json_key_string = test_json_key_str();
+
+ // Max lifetime.
+ grpc_call_credentials *jwt_creds =
+ grpc_service_account_jwt_access_credentials_create(
+ json_key_string, grpc_max_auth_token_lifetime(), NULL);
+ GPR_ASSERT(gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime,
+ grpc_max_auth_token_lifetime()) == 0);
+ grpc_call_credentials_release(jwt_creds);
+
+ // Shorter lifetime.
+ gpr_timespec token_lifetime = {10, 0, GPR_TIMESPAN};
+ GPR_ASSERT(gpr_time_cmp(grpc_max_auth_token_lifetime(), token_lifetime) > 0);
+ jwt_creds = grpc_service_account_jwt_access_credentials_create(
+ json_key_string, token_lifetime, NULL);
+ GPR_ASSERT(
+ gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime, token_lifetime) == 0);
+ grpc_call_credentials_release(jwt_creds);
+
+ // Cropped lifetime.
+ gpr_timespec add_to_max = {10, 0, GPR_TIMESPAN};
+ token_lifetime = gpr_time_add(grpc_max_auth_token_lifetime(), add_to_max);
+ jwt_creds = grpc_service_account_jwt_access_credentials_create(
+ json_key_string, token_lifetime, NULL);
+ GPR_ASSERT(gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime,
+ grpc_max_auth_token_lifetime()) == 0);
+ grpc_call_credentials_release(jwt_creds);
+
+ gpr_free(json_key_string);
+}
+
static void test_jwt_creds_success(void) {
char *json_key_string = test_json_key_str();
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
@@ -1216,6 +1255,7 @@ int main(int argc, char **argv) {
test_compute_engine_creds_failure();
test_refresh_token_creds_success();
test_refresh_token_creds_failure();
+ test_jwt_creds_lifetime();
test_jwt_creds_success();
test_jwt_creds_signing_failure();
test_google_default_creds_auth_key();