diff --git a/src/Credentials/CredentialsWithImpersonationFallback.php b/src/Credentials/CredentialsWithImpersonationFallback.php index 4c15920..fea71d8 100644 --- a/src/Credentials/CredentialsWithImpersonationFallback.php +++ b/src/Credentials/CredentialsWithImpersonationFallback.php @@ -125,11 +125,13 @@ public function supportsCapability(string $capability): bool { return $this->source->supportsCapability($capability); case Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL: - return $this->source->supportsCapability($capability); + return $this->source->supportsCapability($capability) || + $this->fallbackAccount; case Credentials::CAN_GENERATE_SIGNATURE: - return $this->fallbackAccount || - $this->source->supportsCapability(Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL); + return $this->source->supportsCapability(Credentials::CAN_GENERATE_SIGNATURE) || + $this->source->supportsCapability(Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL) || + $this->fallbackAccount; } } diff --git a/tests/Unit/Credentials/CredentialsWithImpersonationFallbackTest.php b/tests/Unit/Credentials/CredentialsWithImpersonationFallbackTest.php index 3e0e074..80d1872 100644 --- a/tests/Unit/Credentials/CredentialsWithImpersonationFallbackTest.php +++ b/tests/Unit/Credentials/CredentialsWithImpersonationFallbackTest.php @@ -29,6 +29,12 @@ public function setUp(): void { ->willReturn($this->mockFallback); $this->sut = new CredentialsWithImpersonationFallback($this->mockCredentials, $this->mockFactory); + + $this->sutWithFallbackAccount = new CredentialsWithImpersonationFallback( + $this->mockCredentials, + $this->mockFactory, + "fallback-account", + ); } public function testFetchesAccessToken(): void { @@ -74,6 +80,21 @@ public function testFetchesIdentityToken(): void { $this->sut->fetchIdentityToken(self::EXAMPLE_AUDIENCE_01); } + public function testFetchesIdentityTokenThrowsException(): void { + $dummyRequest = new Request("GET", "some-endpoint-that-500s"); + $badResponse = new Response(StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR); + $exception = new ClientException("test 500", $dummyRequest, $badResponse); + + $this->mockCredentials + ->expects($this->once()) + ->method("fetchIdentityToken") + ->willThrowException($exception); + + $this->expectException(ClientException::class); + + $this->sut->fetchIdentityToken(self::EXAMPLE_AUDIENCE_01); + } + public function testGeneratesSignature(): void { $this->mockCredentials ->expects($this->any()) @@ -95,4 +116,83 @@ public function testGeneratesSignature(): void { $this->sut->generateSignature("toSign"); } + public function testGeneratesSignatureException(): void { + $this->mockCredentials + ->expects($this->any()) + ->method("supportsCapability") + ->will($this->returnCallback(function(string $capability) { + switch ($capability) { + default: + return false; + } + })); + + $this->expectException(\BadMethodCallException::class); + + $this->sut->generateSignature("toSign"); + } + + public function testGeneratesSignaturePassthrough(): void { + $this->mockCredentials + ->expects($this->any()) + ->method("supportsCapability") + ->will($this->returnCallback(function(string $capability) { + switch ($capability) { + case Credentials::CAN_GENERATE_SIGNATURE: + return true; + + default: + return false; + } + })); + + $this->mockCredentials + ->expects($this->once()) + ->method("generateSignature"); + + $this->mockFallback + ->expects($this->never()) + ->method("generateSignature"); + + $this->sut->generateSignature("toSign"); + } + + public function testSupportsCapability(): void { + $supported = []; + + $this->mockCredentials + ->expects($this->any()) + ->method("supportsCapability") + ->will($this->returnCallback(function(string $capability) use (&$supported) { + return \in_array($capability, $supported); + })); + + $supported = [ + Credentials::CAN_FETCH_PROJECT_ID, + Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL, + Credentials::CAN_GENERATE_SIGNATURE, + ]; + + $this->assertTrue($this->sut->supportsCapability(Credentials::CAN_FETCH_PROJECT_ID)); + $this->assertTrue($this->sut->supportsCapability(Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL)); + $this->assertTrue($this->sut->supportsCapability(Credentials::CAN_GENERATE_SIGNATURE)); + + $supported = [ + Credentials::CAN_FETCH_PROJECT_ID, + Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL, + ]; + + $this->assertTrue($this->sut->supportsCapability(Credentials::CAN_GENERATE_SIGNATURE)); + + $supported = [ + Credentials::CAN_FETCH_PROJECT_ID, + ]; + + $this->assertFalse($this->sut->supportsCapability(Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL)); + $this->assertFalse($this->sut->supportsCapability(Credentials::CAN_GENERATE_SIGNATURE)); + + $this->assertTrue($this->sutWithFallbackAccount->supportsCapability(Credentials::CAN_FETCH_SERVICE_ACCOUNT_EMAIL)); + $this->assertTrue($this->sutWithFallbackAccount->supportsCapability(Credentials::CAN_GENERATE_SIGNATURE)); + } + }