Allow both old and new behavior from google-auth-library-java

google-auth-library-java:0.25.0 strips port and path parts in the audience claim ("aud"). Updating the test to pass in both old and new version of google-auth-library-java. This commit does not upgrade google-auth-library-java because it turned out that the upgrade involves the newer Guava version (google-auth-library-java's dependency) failing with DexingNoClasspathTransform. Details: #8078 (comment) It's technically possible to exclude the newer Guava, but it's a good practice avoid excluding the newer version of a library.
grpc · Apr 19, 2021 · 84dc564 · 84dc564
1 parent a81bf14
commit 84dc564
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
@@ -394,7 +394,11 @@ public void jwtAccessCredentialsInRequestMetadata() throws Exception {
     Map<?, ?> header = (Map<?, ?>) JsonParser.parse(jsonHeader);
     assertEquals("test-private-key-id", header.get("kid"));
     Map<?, ?> payload = (Map<?, ?>) JsonParser.parse(jsonPayload);
-    assertEquals("https://example.com:123/a.service", payload.get("aud"));
+    // google-auth-library-java 0.25.2 began stripping the grpc service name from the audience.
+    // Allow tests to pass with both the old and new versions for a while to avoid an atomic upgrade
+    // everywhere google-auth-library-java is used.
+    assertTrue("https://example.com/".equals(payload.get("aud"))
+        || "https://example.com:123/a.service".equals(payload.get("aud")));
     assertEquals("[email protected]", payload.get("iss"));
     assertEquals("[email protected]", payload.get("sub"));
   }