integration-tests/impersonate/impersonate_test.go - google-api-go-client - Git at Google

 // Copyright 2020 Google LLC.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // +build integration

 package impersonate

 import (
 	"context"
 	"fmt"
 	"math/rand"
 	"os"
 	"testing"
 	"time"

 	"google.golang.org/api/option"

 	"google.golang.org/api/storage/v1"
 )

 var (
 	// envReaderCredentialFile points to a service accountthat is a "Service
 	// Account Token Creator" on envReaderSA.
 	envBaseSACredentialFile = "API_GO_CLIENT_IMPERSONATE_BASE"
 	// envUserCredentialFile points to a user credential that is a "Service
 	// Account Token Creator" on envReaderSA.
 	envUserCredentialFile = "API_GO_CLIENT_IMPERSONATE_USER"
 	// envReaderCredentialFile points to a service account that is a "Storage
 	// Object Reader" and is a "Service Account Token Creator" on envWriterSA.
 	envReaderCredentialFile = "API_GO_CLIENT_IMPERSONATE_READER"
 	// envReaderSA is the name of the reader service account.
 	envReaderSA = "API_GO_CLIENT_IMPERSONATE_READER_SA"
 	// envWriterSA is the name of the writer service account. This service
 	// account has been granted roles/serviceusage.serviceUsageConsumer.
 	envWriterSA = "API_GO_CLIENT_IMPERSONATE_WRITER_SA"
 	// envProjectID is a project that hosts a GCS bucket.
 	envProjectID = "GOOGLE_CLOUD_PROJECT"
 )

 func init() {
 	rand.Seed(time.Now().UnixNano())
 }

 func TestImpersonatedCredentials(t *testing.T) {
 	ctx := context.Background()
 	projID := os.Getenv(envProjectID)
 	writerSA := os.Getenv(envWriterSA)
 	tests := []struct {
 		name           string
 		baseSALocation string
 		delgates       []string
 	}{
 		{
 			name:           "SA -> SA",
 			baseSALocation: os.Getenv(envReaderCredentialFile),
 			delgates:       []string{},
 		},
 		{
 			name:           "SA -> Delegate -> SA",
 			baseSALocation: os.Getenv(envBaseSACredentialFile),
 			delgates:       []string{os.Getenv(envReaderSA)},
 		},
 		{
 			name:           "User Credential -> Delegate -> SA",
 			baseSALocation: os.Getenv(envUserCredentialFile),
 			delgates:       []string{os.Getenv(envReaderSA)},
 		},
 	}

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			svc, err := storage.NewService(ctx,
 				option.WithCredentialsFile(tt.baseSALocation),
 				option.ImpersonateCredentials(writerSA, tt.delgates...),
 			)
 			if err != nil {
 				t.Fatalf("failed to create client: %v", err)
 			}
 			bucketName := fmt.Sprintf("%s-%d", projID, rand.Int63())
 			if _, err := svc.Buckets.Insert(projID, &storage.Bucket{
 				Name: bucketName,
 			}).Do(); err != nil {
 				t.Fatalf("error creating bucket: %v", err)
 			}
 			if err := svc.Buckets.Delete(bucketName).Do(); err != nil {
 				t.Fatalf("unable to cleanup bucket %q: %v", bucketName, err)
 			}
 		})
 	}
 }
	// Copyright 2020 Google LLC.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// +build integration

	package impersonate

	import (
	"context"
	"fmt"
	"math/rand"
	"os"
	"testing"
	"time"

	"google.golang.org/api/option"

	"google.golang.org/api/storage/v1"
	)

	var (
	// envReaderCredentialFile points to a service accountthat is a "Service
	// Account Token Creator" on envReaderSA.
	envBaseSACredentialFile = "API_GO_CLIENT_IMPERSONATE_BASE"
	// envUserCredentialFile points to a user credential that is a "Service
	// Account Token Creator" on envReaderSA.
	envUserCredentialFile = "API_GO_CLIENT_IMPERSONATE_USER"
	// envReaderCredentialFile points to a service account that is a "Storage
	// Object Reader" and is a "Service Account Token Creator" on envWriterSA.
	envReaderCredentialFile = "API_GO_CLIENT_IMPERSONATE_READER"
	// envReaderSA is the name of the reader service account.
	envReaderSA = "API_GO_CLIENT_IMPERSONATE_READER_SA"
	// envWriterSA is the name of the writer service account. This service
	// account has been granted roles/serviceusage.serviceUsageConsumer.
	envWriterSA = "API_GO_CLIENT_IMPERSONATE_WRITER_SA"
	// envProjectID is a project that hosts a GCS bucket.
	envProjectID = "GOOGLE_CLOUD_PROJECT"
	)

	func init() {
	rand.Seed(time.Now().UnixNano())
	}

	func TestImpersonatedCredentials(t *testing.T) {
	ctx := context.Background()
	projID := os.Getenv(envProjectID)
	writerSA := os.Getenv(envWriterSA)
	tests := []struct {
	name string
	baseSALocation string
	delgates []string
	}{
	{
	name: "SA -> SA",
	baseSALocation: os.Getenv(envReaderCredentialFile),
	delgates: []string{},
	},
	{
	name: "SA -> Delegate -> SA",
	baseSALocation: os.Getenv(envBaseSACredentialFile),
	delgates: []string{os.Getenv(envReaderSA)},
	},
	{
	name: "User Credential -> Delegate -> SA",
	baseSALocation: os.Getenv(envUserCredentialFile),
	delgates: []string{os.Getenv(envReaderSA)},
	},
	}

	for _, tt := range tests {
	t.Run(tt.name, func(t *testing.T) {
	svc, err := storage.NewService(ctx,
	option.WithCredentialsFile(tt.baseSALocation),
	option.ImpersonateCredentials(writerSA, tt.delgates...),
	)
	if err != nil {
	t.Fatalf("failed to create client: %v", err)
	}
	bucketName := fmt.Sprintf("%s-%d", projID, rand.Int63())
	if _, err := svc.Buckets.Insert(projID, &storage.Bucket{
	Name: bucketName,
	}).Do(); err != nil {
	t.Fatalf("error creating bucket: %v", err)
	}
	if err := svc.Buckets.Delete(bucketName).Do(); err != nil {
	t.Fatalf("unable to cleanup bucket %q: %v", bucketName, err)
	}
	})
	}
	}