def root():
jwt = flask.request.headers.get('x-goog-iap-jwt-assertion')
if jwt is None:
return 'Unauthorized request.'
user_id, user_email, error_str = (validate_jwt.validate_iap_jwt(
jwt, CLOUD_PROJECT_ID, BACKEND_SERVICE_ID))
if error_str:
return 'Error: {}'.format(error_str)
else:
return 'Hi, {}. I am {}.'.format(user_email, platform.node())
def root():
jwt = flask.request.headers.get('x-goog-iap-jwt-assertion')
if jwt is None:
return 'Unauthorized request.'
expected_audience = '/projects/{}/global/backendServices/{}'.format(CLOUD_PROJECT_ID, BACKEND_SERVICE_ID)
user_id, user_email, error_str = (
validate_jwt.validate_iap_jwt(
jwt, expected_audience))
if error_str:
return 'Error: {}'.format(error_str)
else:
return 'Hi, {}. I am {}.'.format(user_email, platform.node())
def test_main(cloud_config, capsys):
# JWTs are obtained by IAP-protected applications whenever an
# end-user makes a request. We've set up an app that echoes back
# the JWT in order to expose it to this test. Thus, this test
# exercises both make_iap_request and validate_jwt.
iap_jwt = make_iap_request.make_iap_request(
'https://{}/'.format(JWT_REFLECT_HOSTNAME))
jwt_validation_result = validate_jwt.validate_iap_jwt(
'https://{}'.format(JWT_REFLECT_HOSTNAME), iap_jwt)
assert jwt_validation_result[0]
assert jwt_validation_result[1]
assert not jwt_validation_result[2]
def test_main(cloud_config, capsys):
# JWTs are obtained by IAP-protected applications whenever an
# end-user makes a request. We've set up an app that echoes back
# the JWT in order to expose it to this test. Thus, this test
# exercises both make_iap_request and validate_jwt.
iap_jwt = make_iap_request.make_iap_request(
'https://{}/'.format(REFLECT_SERVICE_HOSTNAME))
iap_jwt = iap_jwt.split(': ').pop()
jwt_validation_result = validate_jwt.validate_iap_jwt(
'https://{}'.format(REFLECT_SERVICE_HOSTNAME), iap_jwt)
assert jwt_validation_result[0]
assert jwt_validation_result[1]
assert not jwt_validation_result[2]
def test_main(capsys):
# It only passes on Kokoro now. Skipping in other places.
# The envvar `TRAMPOLINE_CI` will be set once #3860 is merged.
if os.environ.get('TRAMPOLINE_CI', 'kokoro') != 'kokoro':
pytest.skip('Only passing on Kokoro.')
# JWTs are obtained by IAP-protected applications whenever an
# end-user makes a request. We've set up an app that echoes back
# the IAP JWT in order to expose it to this test. Thus, this test
# exercises both make_iap_request and validate_jwt.
resp = make_iap_request.make_iap_request(
'https://{}/'.format(REFLECT_SERVICE_HOSTNAME), IAP_CLIENT_ID)
iap_jwt = resp.split(': ').pop()
# App Engine JWT audience format below
expected_audience = '/projects/{}/apps/{}'.format(IAP_PROJECT_NUMBER,
IAP_APP_ID)
jwt_validation_result = validate_jwt.validate_iap_jwt(
iap_jwt, expected_audience)
assert not jwt_validation_result[2]
assert jwt_validation_result[0]
assert jwt_validation_result[1]
