/
jwt.test.js
92 lines (80 loc) 路 3.18 KB
/
jwt.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
const cp = require('child_process');
const {assert} = require('chai');
const {describe, it} = require('mocha');
const fs = require('fs');
const {promisify} = require('util');
const execSync = (cmd, opts) => {
return cp.execSync(cmd, Object.assign({encoding: 'utf-8'}, opts));
};
const readFile = promisify(fs.readFile);
const keyFile = process.env.GOOGLE_APPLICATION_CREDENTIALS;
describe('samples', () => {
it('should acquire application default credentials', async () => {
const output = execSync('node adc');
assert.match(output, /DNS Info:/);
});
it.skip('should acquire compute credentials', async () => {
// TODO: need to figure out deploying to GCF for this to work
const output = execSync('node compute');
assert.match(output, /DNS Info:/);
});
it('should create a JWT', async () => {
const output = execSync('node jwt');
assert.match(output, /DNS Info:/);
});
it('should read from a keyfile', async () => {
const output = execSync('node keyfile');
assert.match(output, /DNS Info:/);
});
it('should allow directly passing creds', async () => {
const keys = JSON.parse(await readFile(keyFile, 'utf8'));
const stdout = execSync('node credentials', {
env: Object.assign({}, process.env, {
CLIENT_EMAIL: keys.client_email,
PRIVATE_KEY: keys.private_key,
}),
});
assert.match(stdout, /DNS Info:/);
});
it('should obtain headers for a request', async () => {
const output = execSync('node headers');
assert.match(output, /Headers:/);
assert.match(output, /DNS Info:/);
});
it('should fetch ID token for Cloud Run', async () => {
// process.env.CLOUD_RUN_URL should be a cloud run container, protected with
// IAP, running gcr.io/cloudrun/hello:
const url =
process.env.CLOUD_RUN_URL || 'https://hello-rftcw63abq-uc.a.run.app';
const output = execSync(`node idtokens-cloudrun ${url}`);
assert.match(output, /What's next?/);
});
it('should fetch ID token for IAP', async () => {
// process.env.CLOUD_RUN_URL should be a cloud run container, protected with
// IAP, running gcr.io/cloudrun/hello:
const url =
process.env.IAP_URL || 'https://nodejs-docs-samples-iap.appspot.com';
const targetAudience =
process.env.IAP_CLIENT_ID ||
'170454875485-fbn7jalc9214bb67lslv1pbvmnijrb20.apps.googleusercontent.com';
const output = execSync(`node idtokens-iap ${url} ${targetAudience}`);
assert.match(output, /Hello, world/);
});
it('should sign the blobs with IAM credentials API', () => {
const out = execSync('node signBlob');
assert.ok(out.length > 0);
});
});