static void test_jwt_creds_success(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); /* First request: jwt_encode_and_sign should be called. */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_jwt_encode_and_sign_set_override( encode_and_sign_jwt_should_not_be_called); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Third request: Different service url so jwt_encode_and_sign should be called again (no caching). */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
static void test_jwt_creds_signing_failure(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_failure, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
/* TODO: Rename this credentials to something like service_account_jwt_access */ CallCredentials *pygrpc_CallCredentials_jwt( PyTypeObject *type, PyObject *args, PyObject *kwargs) { CallCredentials *self; const char *json_key; double lifetime; static char *keywords[] = {"json_key", "token_lifetime", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sd:jwt", keywords, &json_key, &lifetime)) { return NULL; } self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = grpc_service_account_jwt_access_credentials_create( json_key, pygrpc_cast_double_to_gpr_timespec(lifetime), NULL); if (!self->c_creds) { Py_DECREF(self); PyErr_SetString(PyExc_RuntimeError, "couldn't create JWT credentials"); return NULL; } return self; }