Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add workforce config support. (#1251)
See go/workforce-pools-client-support. Add support of work_force_user_config field for workforce pool and related logic in ExternalClient(calling constructor for IdentityPoolClient) BaseExternalClient(the parent class of IdentityPoolClient). The logic change is only related to refreshAccessToken() flow, since this API is non-public, we use getAccessToken() to test the flow instead. Add 16 tests: ExternalClient: 1. fromJson() for IdentityPoolClient, throw an error is work_force_user_project provided by audience is not workforce audience. 2. fromJson() For IdentityPoolClient, return expected response is work_force_user_project provided and audience is workforce audience. BaseExternalClient: 1. getAccessToken() Should apply basic auth on workforce configs with client auth provided(no impersonation). 2. getAccessToken() Should apply work_force_user_project on workforce configs without client auth(no impersonation). 3. getAccessToken() Should not throw if workforce audience and client auth but work_force_user_project not provided(no impersonation). 4. getAccessToken() Should not throw if workforce audience and no client auth but work_force_user_project provided( impersonation). 5. Constructor(), throw an error is work_force_user_project provided by audience is not workforce audience. 6. Constructor(), return expected response is work_force_user_project provided and audience is workforce audience. 7. getProjectId(), should resolve with workforce projectID if no client auth not and workforce user project are defined. 8. getProjectId(), should not pass workforce user project if client auth is defined. IdentityPoolClient: 1. getAccessToken() Should apply basic auth on workforce configs with client auth provided(no impersonation). 2. getAccessToken() Should apply work_force_user_project on workforce configs without client auth(no impersonation). 3. getAccessToken() Should not throw if workforce audience and client auth but work_force_user_project not provided(no impersonation). 4. getAccessToken() Should not throw if workforce audience and no client auth but work_force_user_project provided( impersonation). 5. Constructor(), throw an error is work_force_user_project provided by audience is not workforce audience. 6. Constructor(), return expected response is work_force_user_project provided and audience is workforce audience.
- Loading branch information