Skip to content

Commit 7da9207

Browse files
mpeddada1lqiu96
mpeddada1
authored and
lqiu96
committed
feat: add logic to set universe domain to ServiceAccountJwtAccessCredentials (#3806)
Follow-up PR to googleapis/google-auth-library-java#1754 For java-bigtable's use case, when GOOGLE_APPLICATION_CREDENTIALS is set to a service account's JSON path, these lines get exercised when creating `ServiceAccountJwtAccessCredentials`: https://github.com/googleapis/sdk-platform-java/blob/49a7ae50071e75fe0d161a4eb9360a4fe4e6147b/gax-java/gax/src/main/java/com/google/api/gax/core/GoogleCredentialsProvider.java#L82-L92 See https://github.com/mpeddada1/sa-universe-domain for full test setup.
1 parent 959b145 commit 7da9207

File tree

2 files changed

+50
-0
lines changed

2 files changed

+50
-0
lines changed

gax-java/gax/src/main/java/com/google/api/gax/core/GoogleCredentialsProvider.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,7 @@ public Credentials getCredentials() throws IOException {
8888
.setPrivateKey(serviceAccount.getPrivateKey())
8989
.setPrivateKeyId(serviceAccount.getPrivateKeyId())
9090
.setQuotaProjectId(serviceAccount.getQuotaProjectId())
91+
.setUniverseDomain(serviceAccount.getUniverseDomain())
9192
.build();
9293
}
9394

gax-java/gax/src/test/java/com/google/api/gax/core/GoogleCredentialsProviderTest.java

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,51 @@ void serviceAccountReplacedWithJwtTokens() throws Exception {
6868
assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
6969
assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
7070
assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
71+
assertThat(jwtCreds.getUniverseDomain()).isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
72+
}
73+
74+
@Test
75+
void serviceAccountReplacedWithJwtTokens_setEmptyDomain() throws Exception {
76+
ServiceAccountCredentials serviceAccountCredentials =
77+
CreateServiceAccountCredentials().toBuilder().setUniverseDomain("").build();
78+
79+
GoogleCredentialsProvider provider =
80+
GoogleCredentialsProvider.newBuilder()
81+
.setScopesToApply(ImmutableList.of("scope1", "scope2"))
82+
.setJwtEnabledScopes(ImmutableList.of("scope1"))
83+
.setOAuth2Credentials(serviceAccountCredentials)
84+
.build();
85+
86+
Credentials credentials = provider.getCredentials();
87+
assertThat(credentials).isInstanceOf(ServiceAccountJwtAccessCredentials.class);
88+
ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials;
89+
assertThat(jwtCreds.getClientId()).isEqualTo(serviceAccountCredentials.getClientId());
90+
assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
91+
assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
92+
assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
93+
assertThat(jwtCreds.getUniverseDomain()).isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
94+
}
95+
96+
@Test
97+
void serviceAccountReplacedWithJwtTokens_customUniverseDomain() throws Exception {
98+
ServiceAccountCredentials serviceAccountCredentials =
99+
CreateServiceAccountCredentials().toBuilder().setUniverseDomain("example.com").build();
100+
101+
GoogleCredentialsProvider provider =
102+
GoogleCredentialsProvider.newBuilder()
103+
.setScopesToApply(ImmutableList.of("scope1", "scope2"))
104+
.setJwtEnabledScopes(ImmutableList.of("scope1"))
105+
.setOAuth2Credentials(serviceAccountCredentials)
106+
.build();
107+
108+
Credentials credentials = provider.getCredentials();
109+
assertThat(credentials).isInstanceOf(ServiceAccountJwtAccessCredentials.class);
110+
ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials;
111+
assertThat(jwtCreds.getClientId()).isEqualTo(serviceAccountCredentials.getClientId());
112+
assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
113+
assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
114+
assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
115+
assertThat(jwtCreds.getUniverseDomain()).isEqualTo("example.com");
71116
}
72117

73118
@Test
@@ -94,6 +139,8 @@ void noJwtWithoutScopeMatch() throws Exception {
94139
assertThat(serviceAccountCredentials2.getPrivateKey())
95140
.isEqualTo(serviceAccountCredentials.getPrivateKey());
96141
assertThat(serviceAccountCredentials2.getScopes()).containsExactly("scope1", "scope2");
142+
assertThat(serviceAccountCredentials2.getUniverseDomain())
143+
.isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
97144
}
98145

99146
@Test
@@ -120,5 +167,7 @@ void useJwtAccessWithScope() throws Exception {
120167
assertThat(serviceAccountCredentials2.getPrivateKey())
121168
.isEqualTo(serviceAccountCredentials.getPrivateKey());
122169
assertTrue(serviceAccountCredentials2.getUseJwtAccessWithScope());
170+
assertThat(serviceAccountCredentials2.getUniverseDomain())
171+
.isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
123172
}
124173
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy