Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(compute): correctly specify scopes when fetching token #735

Merged
merged 5 commits into from
Jun 18, 2019
Merged

fix(compute): correctly specify scopes when fetching token #735

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6f895af
fix(compute): correctly build token with scopes
stephenplusplus Jun 15, 2019
d7af7fb
fix test
stephenplusplus Jun 15, 2019
2e52cf9
fix all tests
stephenplusplus Jun 15, 2019
900c00d
lint
stephenplusplus Jun 15, 2019
40570de
clarify test
stephenplusplus Jun 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions src/auth/computeclient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,15 @@ export class Compute extends OAuth2Client {
const tokenPath = `service-accounts/${this.serviceAccountEmail}/token`;
let data: CredentialRequest;
try {
data = await gcpMetadata.instance({
const instanceOptions: gcpMetadata.Options = {
property: tokenPath,
params: {
scopes: this.scopes,
// TODO: clean up before submit, fix upstream type bug
} as {},
});
};
if (this.scopes.length > 0) {
instanceOptions.params = {
scopes: this.scopes.join(','),
};
}
data = await gcpMetadata.instance(instanceOptions);
} catch (e) {
e.message = `Could not refresh access token: ${e.message}`;
this.wrapError(e);
Expand Down
18 changes: 14 additions & 4 deletions test/test.compute.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ const tokenPath = `${BASE_PATH}/instance/service-accounts/default/token`;
function mockToken(statusCode = 200, scopes?: string[]) {
let path = tokenPath;
if (scopes && scopes.length > 0) {
path += '?' + qs.stringify({scopes});
path += `?scopes=${encodeURIComponent(scopes.join(','))}`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

interesting, so the root of the problem is that storage required multiple scopes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Essentially, yes. Storage does, and I believe many other APIs do as well. The function that I modified is only active in GCE/GCF environments.

}
return nock(HOST_ADDRESS)
.get(path, undefined, {reqheaders: HEADERS})
Expand Down Expand Up @@ -68,15 +68,25 @@ it('should get an access token for the first request', async () => {
assert.strictEqual(compute.credentials.access_token, 'abc123');
});

it('should include scopes when asking for the token', async () => {
it('should URI-encode and comma-separate scopes when fetching the token', async () => {
const scopes = [
'https://www.googleapis.com/reader',
'https://www.googleapis.com/auth/plus',
];
const nockScopes = [mockToken(200, scopes), mockExample()];

const path = `${tokenPath}?scopes=${encodeURIComponent(scopes.join(','))}`;

const tokenFetchNock = nock(HOST_ADDRESS)
.get(path, undefined, {reqheaders: HEADERS})
.reply(200, {access_token: 'abc123', expires_in: 10000}, HEADERS);
const apiRequestNock = mockExample();

const compute = new Compute({scopes});
await compute.request({url});
nockScopes.forEach(s => s.done());

tokenFetchNock.done();
apiRequestNock.done();

assert.strictEqual(compute.credentials.access_token, 'abc123');
});

Expand Down