istio · sarvaniv · Apr 12, 2017 · Apr 12, 2017 · Apr 12, 2017 · Apr 12, 2017
diff --git a/contrib/endpoints/src/api_manager/auth/service_account_token.cc b/contrib/endpoints/src/api_manager/auth/service_account_token.cc
@@ -59,11 +59,12 @@ void ServiceAccountToken::SetAudience(JWT_TOKEN_TYPE type,
   jwt_tokens_[type].set_audience(audience);
 }
 
-const std::string& ServiceAccountToken::GetAuthToken(JWT_TOKEN_TYPE type) {
+const std::string& ServiceAccountToken::GetAuthToken(JWT_TOKEN_TYPE type,
+                                                     bool ignore_cache) {
   // Uses authentication secret if available.
   if (!client_auth_secret_.empty()) {
     GOOGLE_CHECK(type >= 0 && type < JWT_TOKEN_TYPE_MAX);
-    if (!jwt_tokens_[type].is_valid(0)) {
+    if (ignore_cache || !jwt_tokens_[type].is_valid(0)) {
       Status status = jwt_tokens_[type].GenerateJwtToken(client_auth_secret_);
       if (!status.ok()) {
         if (env_) {
@@ -79,9 +80,9 @@ const std::string& ServiceAccountToken::GetAuthToken(JWT_TOKEN_TYPE type) {
 }
 
 const std::string& ServiceAccountToken::GetAuthToken(
-    JWT_TOKEN_TYPE type, const std::string& audience) {
+    JWT_TOKEN_TYPE type, const std::string& audience, bool ignore_cache) {
   SetAudience(type, audience);
-  return GetAuthToken(type);
+  return GetAuthToken(type, ignore_cache);
 }
 
 Status ServiceAccountToken::JwtTokenInfo::GenerateJwtToken(

diff --git a/contrib/endpoints/src/api_manager/auth/service_account_token.h b/contrib/endpoints/src/api_manager/auth/service_account_token.h
@@ -77,14 +77,18 @@ class ServiceAccountToken {
   // Gets the auth token to access Google services.
   // If client auth secret is specified, use it to calcualte JWT token.
   // Otherwise, use the access token fetched from metadata server.
-  const std::string& GetAuthToken(JWT_TOKEN_TYPE type);
+  // If ignore_cache is true then a JWT token is regenerated even if the current
+  // cached JWT token is valid.
+  const std::string& GetAuthToken(JWT_TOKEN_TYPE type,
+                                  bool ignore_cache = false);
 
   // Gets the auth token to access Google services. This method accepts an
   // audience parameter to set when generating JWT token.
   // If client auth secret is specified, use it to calcualte JWT token.
   // Otherwise, use the access token fetched from metadata server.
   const std::string& GetAuthToken(JWT_TOKEN_TYPE type,
-                                  const std::string& audience);
+                                  const std::string& audience,
+                                  bool ignore_cache = false);
 
  private:
   // Stores base token info. Used for both OAuth and JWT tokens.

diff --git a/contrib/endpoints/src/api_manager/check_security_rules.cc b/contrib/endpoints/src/api_manager/check_security_rules.cc
@@ -111,9 +111,8 @@ void AuthzChecker::Check(
   auto checker = GetPtr();
   HttpFetch(GetReleaseUrl(*context), kHttpGetMethod, "",
             auth::ServiceAccountToken::JWT_TOKEN_FOR_FIREBASE,
-            kFirebaseAudience,
-            [context, final_continuation, checker](Status status,
-                                                   std::string &&body) {
+            kFirebaseAudience, [context, final_continuation, checker](
+                                   Status status, std::string &&body) {
               std::string ruleset_id;
               if (status.ok()) {
                 checker->env_->LogDebug(

diff --git a/contrib/endpoints/src/api_manager/check_security_rules_test.cc b/contrib/endpoints/src/api_manager/check_security_rules_test.cc
@@ -537,26 +537,30 @@ class CheckSecurityRulesFunctions : public CheckSecurityRulesTest,
     InSequence s;
 
     ExpectCall(release_url_, "GET", "", kRelease);
-    ExpectCall(
-        ruleset_test_url_, "POST", kFirstRequest,
-        BuildTestRulesetResponse(
-            false, {std::make_tuple("f1", "http://url1", "POST", kDummyBody, kDummyAudience)}));
+    ExpectCall(ruleset_test_url_, "POST", kFirstRequest,
+               BuildTestRulesetResponse(
+                   false, {std::make_tuple("f1", "http://url1", "POST",
+                                           kDummyBody, kDummyAudience)}));
 
     ExpectCall("http://url1", "POST", kDummyBody, kDummyBody);
-    ExpectCall(
-        ruleset_test_url_, "POST", kSecondRequest,
-        BuildTestRulesetResponse(
-            false, {std::make_tuple("f2", "http://url2", "GET", kDummyBody, kDummyAudience),
-                    std::make_tuple("f3", "https://url3", "GET", kDummyBody, kDummyAudience),
-                    std::make_tuple("f1", "http://url1", "POST", kDummyBody, kDummyAudience)}));
+    ExpectCall(ruleset_test_url_, "POST", kSecondRequest,
+               BuildTestRulesetResponse(
+                   false, {std::make_tuple("f2", "http://url2", "GET",
+                                           kDummyBody, kDummyAudience),
+                           std::make_tuple("f3", "https://url3", "GET",
+                                           kDummyBody, kDummyAudience),
+                           std::make_tuple("f1", "http://url1", "POST",
+                                           kDummyBody, kDummyAudience)}));
     ExpectCall("http://url2", "GET", kDummyBody, kDummyBody);
     ExpectCall("https://url3", "GET", kDummyBody, kDummyBody);
     ExpectCall(ruleset_test_url_, "POST", kThirdRequest,
                BuildTestRulesetResponse(
-                   GetParam(),
-                   {std::make_tuple("f2", "http://url2", "GET", kDummyBody, kDummyAudience),
-                    std::make_tuple("f3", "https://url3", "GET", kDummyBody, kDummyAudience),
-                    std::make_tuple("f1", "http://url1", "POST", kDummyBody, kDummyAudience)}));
+                   GetParam(), {std::make_tuple("f2", "http://url2", "GET",
+                                                kDummyBody, kDummyAudience),
+                                std::make_tuple("f3", "https://url3", "GET",
+                                                kDummyBody, kDummyAudience),
+                                std::make_tuple("f1", "http://url1", "POST",
+                                                kDummyBody, kDummyAudience)}));
   }
 };
 
@@ -622,20 +626,19 @@ TEST_P(CheckSecurityRulesBadFunctions, CheckBadFunctionArguments) {
   });
 }
 
-INSTANTIATE_TEST_CASE_P(CheckSecurityRulesBadFunctionArguments,
-                        CheckSecurityRulesBadFunctions,
-                        ::testing::Values(
-                            // Empty function name
-                            std::make_tuple("", "http://url1", "POST",
-                                            kDummyBody, kDummyAudience),
-                            // Argument count less than 3
-                            std::make_tuple("f1", "http://url1", "", "", kDummyAudience),
-                            // The url is not set
-                            std::make_tuple("f1", "", "POST", kDummyBody, kDummyAudience),
-                            // The url is not a http or https protocol
-                            std::make_tuple("f1", "ftp://url1", "POST", kDummyBody, kDummyAudience),
-                            // The audience is not present
-                            std::make_tuple("f1", "http://url1", "GET", kDummyBody, "")));
+INSTANTIATE_TEST_CASE_P(
+    CheckSecurityRulesBadFunctionArguments, CheckSecurityRulesBadFunctions,
+    ::testing::Values(
+        // Empty function name
+        std::make_tuple("", "http://url1", "POST", kDummyBody, kDummyAudience),
+        // Argument count less than 3
+        std::make_tuple("f1", "http://url1", "", "", kDummyAudience),
+        // The url is not set
+        std::make_tuple("f1", "", "POST", kDummyBody, kDummyAudience),
+        // The url is not a http or https protocol
+        std::make_tuple("f1", "ftp://url1", "POST", kDummyBody, kDummyAudience),
+        // The audience is not present
+        std::make_tuple("f1", "http://url1", "GET", kDummyBody, "")));
 }
 }  // namespace api_manager
 }  // namespace google
diff --git a/contrib/endpoints/src/api_manager/firebase_rules/firebase_request.cc b/contrib/endpoints/src/api_manager/firebase_rules/firebase_request.cc
@@ -310,7 +310,8 @@ Status FirebaseRequest::SetNextRequest() {
       auto call = *func_call_iter_;
       external_http_request_.url = call.args(0).string_value();
       external_http_request_.method = call.args(1).string_value();
-      external_http_request_.audience = call.args(call.args_size()-1).string_value();
+      external_http_request_.audience =
+          call.args(call.args_size() - 1).string_value();
       std::string body;
       status =
           utils::ProtoToJson(call.args(2), &body, utils::JsonOptions::DEFAULT);
@@ -354,11 +355,12 @@ Status FirebaseRequest::CheckFuncCallArgs(const FunctionCall &func) {
         std::string(func.function() + " Arguments 1 and 2 should be strings"));
   }
 
-  if (func.args(func.args_size()-1).kind_case() != google::protobuf::Value::kStringValue) {
+  if (func.args(func.args_size() - 1).kind_case() !=
+      google::protobuf::Value::kStringValue) {
     return Status(
         Code::INVALID_ARGUMENT,
         std::string(func.function() + "The last argument should be a string"
-                    "that specifies audience"));
+                                      "that specifies audience"));
   }
 
   if (!utils::IsHttpRequest(func.args(0).string_value())) {