Skip to content

Commit 6fdb5e3

Browse files
ScruffyProdigygopherbot
ScruffyProdigy
authored and
gopherbot
committed
google/internal/externalaccount: allowing PSC Urls
Change-Id: I46c337f162bf84cbcfa068ce1680e5428c46286a GitHub-Last-Rev: 4d1190b GitHub-Pull-Request: #596 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/439677 Auto-Submit: Cody Oss <codyoss@google.com> Reviewed-by: Cody Oss <codyoss@google.com> Reviewed-by: Leo Siracusa <leosiracusa@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
1 parent b44042a commit 6fdb5e3

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

google/internal/externalaccount/basecredentials.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,12 +74,14 @@ var (
7474
regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
7575
regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
7676
regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
77+
regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
7778
}
7879
validImpersonateURLPatterns = []*regexp.Regexp{
7980
regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
8081
regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
8182
regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
8283
regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
84+
regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
8385
}
8486
validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
8587
)

google/internal/externalaccount/basecredentials_test.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,16 @@ func TestValidateURLTokenURL(t *testing.T) {
231231
{"https://", false},
232232
{"http://us-east-1.sts.googleapis.com", false},
233233
{"https://us-east-1.sts.googleapis.comevil.com", false},
234+
{"https://sts-xyz.p.googleapis.com", true},
235+
{"https://sts.pgoogleapis.com", false},
236+
{"https://p.googleapis.com", false},
237+
{"https://sts.p.com", false},
238+
{"http://sts.p.googleapis.com", false},
239+
{"https://xyz-sts.p.googleapis.com", false},
240+
{"https://sts-xyz.123.p.googleapis.com", false},
241+
{"https://sts-xyz.p1.googleapis.com", false},
242+
{"https://sts-xyz.p.foo.com", false},
243+
{"https://sts-xyz.p.foo.googleapis.com", false},
234244
}
235245
ctx := context.Background()
236246
for _, tt := range urlValidityTests {
@@ -287,6 +297,16 @@ func TestValidateURLImpersonateURL(t *testing.T) {
287297
{"https://", false},
288298
{"http://us-east-1.iamcredentials.googleapis.com", false},
289299
{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
300+
{"https://iamcredentials-xyz.p.googleapis.com", true},
301+
{"https://iamcredentials.pgoogleapis.com", false},
302+
{"https://p.googleapis.com", false},
303+
{"https://iamcredentials.p.com", false},
304+
{"http://iamcredentials.p.googleapis.com", false},
305+
{"https://xyz-iamcredentials.p.googleapis.com", false},
306+
{"https://iamcredentials-xyz.123.p.googleapis.com", false},
307+
{"https://iamcredentials-xyz.p1.googleapis.com", false},
308+
{"https://iamcredentials-xyz.p.foo.com", false},
309+
{"https://iamcredentials-xyz.p.foo.googleapis.com", false},
290310
}
291311
ctx := context.Background()
292312
for _, tt := range urlValidityTests {

0 commit comments

Comments
 (0)