Skip to content

Commit

Permalink
add impersonate id token metric test
Browse files Browse the repository at this point in the history
  • Loading branch information
@bshaffer
bshaffer committed Oct 5, 2024
1 parent bdf24f8 commit 244724f
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/Credentials/ImpersonatedServiceAccountCredentials.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ public function fetchAuthToken(callable $httpHandler = null)
'Content-Type' => 'application/json',
'Cache-Control' => 'no-store',
'Authorization' => sprintf('Bearer %s', $authToken['access_token'] ?? $authToken['id_token']),
], 'at');
], $this->isIdTokenRequest() ? 'it' : 'at');

$body = $this->isIdTokenRequest()
? [
Expand Down
18 changes: 14 additions & 4 deletions tests/ObservabilityMetricsTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,6 @@ public function testServiceAccountJwtAccessCredentials()
);
}

/**
* ImpersonatedServiceAccountCredentials haven't enabled identity token support hence
* they don't have 'auth-request-type/it' observability metric header check.
*/
public function testImpersonatedServiceAccountCredentials()
{
$keyFile = __DIR__ . '/fixtures5/.config/gcloud/application_default_credentials.json';
Expand All @@ -135,6 +131,20 @@ public function testImpersonatedServiceAccountCredentials()
$this->assertUpdateMetadata($impersonatedCred, $handler, 'imp', $handlerCalled);
}

public function testImpersonatedServiceAccountCredentialsWithIdTokens()
{
$keyFile = __DIR__ . '/fixtures5/.config/gcloud/application_default_credentials.json';
$handlerCalled = false;
$responseFromIam = json_encode(['token' => '1/abdef1234567890']);
$handler = getHandler([
$this->getExpectedRequest('imp', 'auth-request-type/at', $handlerCalled, $this->jsonTokens),
$this->getExpectedRequest('imp', 'auth-request-type/it', $handlerCalled, $responseFromIam),
]);

$impersonatedCred = new ImpersonatedServiceAccountCredentials(null, $keyFile, 'test-target-audience');
$this->assertUpdateMetadata($impersonatedCred, $handler, 'imp', $handlerCalled);
}

/**
* UserRefreshCredentials haven't enabled identity token support hence
* they don't have 'auth-request-type/it' observability metric header check.
Expand Down

0 comments on commit 244724f

Please sign in to comment.