From 1896500abcf07e4830dbab303a73d4f6bfcb5a1e Mon Sep 17 00:00:00 2001 From: Lahiru Maramba Date: Thu, 19 Jan 2023 12:07:01 -0500 Subject: [PATCH] chore: Increase test coverage for service account impersonation support (#2047) * chore: Increase test coverage for service account impersonation support * fix typo --- src/app/credential-internal.ts | 2 +- test/unit/app/credential-internal.spec.ts | 70 +++++++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) diff --git a/src/app/credential-internal.ts b/src/app/credential-internal.ts index eafdb07059..f6a3d3bc78 100644 --- a/src/app/credential-internal.ts +++ b/src/app/credential-internal.ts @@ -380,7 +380,7 @@ export class ImpersonatedServiceAccountCredential implements Credential { * @param impersonatedServiceAccountPathOrObject - Impersonated Service account json object or * path to a service account json file. * @param httpAgent - Optional http.Agent to use when calling the remote token server. - * @param implicit - An optinal boolean indicating whether this credential was implicitly + * @param implicit - An optional boolean indicating whether this credential was implicitly * discovered from the environment, as opposed to being explicitly specified by the developer. * * @constructor diff --git a/test/unit/app/credential-internal.spec.ts b/test/unit/app/credential-internal.spec.ts index 446b01d90e..93afa1fe9f 100644 --- a/test/unit/app/credential-internal.spec.ts +++ b/test/unit/app/credential-internal.spec.ts @@ -41,6 +41,7 @@ import { import { HttpClient } from '../../../src/utils/api-request'; import { Agent } from 'https'; import { FirebaseAppError } from '../../../src/utils/error'; +import { deepCopy } from '../../../src/utils/deep-copy'; chai.should(); chai.use(sinonChai); @@ -420,6 +421,75 @@ describe('Credential', () => { }); }); + describe('ImpersonatedServiceAccountCredential', () => { + it('should throw if called with the path to an invalid file', () => { + const invalidPath = path.resolve(__dirname, '../../resources/unparsable.key.json'); + expect(() => new ImpersonatedServiceAccountCredential(invalidPath)) + .to.throw('Failed to parse impersonated service account file'); + }); + + it('should throw given an object without a "clientId" property', () => { + const invalidCredential = deepCopy(MOCK_IMPERSONATED_TOKEN_CONFIG); + invalidCredential.source_credentials.client_id = ''; + expect(() => new ImpersonatedServiceAccountCredential(invalidCredential as any)) + .to.throw('Impersonated Service Account must contain a "source_credentials.client_id" property.'); + }); + + it('should throw given an object without a "clientSecret" property', () => { + const invalidCredential = deepCopy(MOCK_IMPERSONATED_TOKEN_CONFIG); + invalidCredential.source_credentials.client_secret = ''; + expect(() => new ImpersonatedServiceAccountCredential(invalidCredential as any)) + .to.throw('Impersonated Service Account must contain a "source_credentials.client_secret" property.'); + }); + + it('should throw given an object without a "refreshToken" property', () => { + const invalidCredential = deepCopy(MOCK_IMPERSONATED_TOKEN_CONFIG); + invalidCredential.source_credentials.refresh_token = ''; + expect(() => new ImpersonatedServiceAccountCredential(invalidCredential as any)) + .to.throw('Impersonated Service Account must contain a "source_credentials.refresh_token" property.'); + }); + + it('should throw given an object without a "type" property', () => { + const invalidCredential = deepCopy(MOCK_IMPERSONATED_TOKEN_CONFIG); + invalidCredential.source_credentials.type = ''; + expect(() => new ImpersonatedServiceAccountCredential(invalidCredential as any)) + .to.throw('Impersonated Service Account must contain a "source_credentials.type" property.'); + }); + + it('should return a Credential', () => { + const c = new ImpersonatedServiceAccountCredential(MOCK_IMPERSONATED_TOKEN_CONFIG); + expect(c).to.deep.include({ + implicit: false, + }); + }); + + it('should return an implicit Credential', () => { + const c = new ImpersonatedServiceAccountCredential(MOCK_IMPERSONATED_TOKEN_CONFIG, undefined, true); + expect(c).to.deep.include({ + implicit: true, + }); + }); + + it('should create access tokens', () => { + const scope = nock('https://www.googleapis.com') + .post('/oauth2/v4/token') + .reply(200, { + access_token: 'token', + token_type: 'Bearer', + expires_in: 60 * 60, + }, { + 'cache-control': 'no-cache, no-store, max-age=0, must-revalidate', + }); + mockedRequests.push(scope); + + const c = new ImpersonatedServiceAccountCredential(MOCK_IMPERSONATED_TOKEN_CONFIG); + return c.getAccessToken().then((token) => { + expect(token.access_token).to.be.a('string').and.to.not.be.empty; + expect(token.expires_in).to.greaterThan(FIVE_MINUTES_IN_SECONDS); + }); + }); + }); + describe('getApplicationDefault()', () => { let fsStub: sinon.SinonStub;