Skip to content

Commit

Permalink
Merge branch 'main' into better-assertion-msg
Browse files Browse the repository at this point in the history
  • Loading branch information
zhumin8 authored Aug 29, 2024
2 parents 7e63050 + 2418691 commit 98eac04
Show file tree
Hide file tree
Showing 8 changed files with 143 additions and 39 deletions.
4 changes: 4 additions & 0 deletions .github/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,7 @@ branches:
handleGHRelease: true
releaseType: java-backport
branch: 1.20.x
- bumpMinorPreMajor: true
handleGHRelease: true
releaseType: java-backport
branch: 1.23.x
12 changes: 12 additions & 0 deletions .github/sync-repo-settings.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,18 @@ branchProtectionRules:
requiredApprovingReviewCount: 1
requiresCodeOwnerReviews: true
requiresStrictStatusChecks: true
- pattern: 1.23.x
isAdminEnforced: true
requiredStatusCheckContexts:
- dependencies (17)
- lint
- clirr
- units (8)
- units (11)
- cla/google
requiredApprovingReviewCount: 1
requiresCodeOwnerReviews: true
requiresStrictStatusChecks: true
permissionRules:
- team: Googlers
permission: pull
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.MoreObjects.ToStringHelper;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.io.BufferedReader;
Expand Down Expand Up @@ -155,21 +156,19 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) {
/** Clones the compute engine account with the specified scopes. */
@Override
public GoogleCredentials createScoped(Collection<String> newScopes) {
ComputeEngineCredentials.Builder builder =
this.toBuilder().setHttpTransportFactory(transportFactory).setScopes(newScopes);
return new ComputeEngineCredentials(builder);
return createScoped(newScopes, ImmutableList.of());
}

/** Clones the compute engine account with the specified scopes and default scopes. */
@Override
public GoogleCredentials createScoped(
Collection<String> newScopes, Collection<String> newDefaultScopes) {
ComputeEngineCredentials.Builder builder =
ComputeEngineCredentials.newBuilder()
.setHttpTransportFactory(transportFactory)
.setScopes(newScopes)
.setDefaultScopes(newDefaultScopes);
return new ComputeEngineCredentials(builder);
return this.toBuilder()
.setHttpTransportFactory(transportFactory)
.setScopes(newScopes)
.setDefaultScopes(newDefaultScopes)
.setAccessToken(null)
.build();
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -427,8 +427,8 @@ public boolean createScopedRequired() {
}

/**
* If the credentials support scopes, creates a copy of the identity with the specified scopes;
* otherwise, returns the same instance.
* If the credentials support scopes, creates a copy of the identity with the specified scopes,
* invalidates the existing scoped access token; otherwise, return the same instance.
*
* @param scopes Collection of scopes to request.
* @return GoogleCredentials with requested scopes.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,9 @@
import java.util.List;
import java.util.Map;
import java.util.Queue;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
Expand Down Expand Up @@ -111,6 +113,16 @@ public class ComputeEngineCredentialsTest extends BaseSerializationTest {
+ "iTElDRU5TRV8xIiwNCiAgICAgICAiTElDRU5TRV8yIg0KICAgIF0NCiAgfSwNCiAgImlhdCI6IDE1NjQ1MTU4OTY"
+ "sDQogICJpc3MiOiAiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwNCiAgInN1YiI6ICIxMTIxNzkwNjI3MjA"
+ "zOTEzMDU4ODUiDQp9.redacted";
private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
private static final List<String> SCOPES = Arrays.asList("foo", "bar");
private static final String ACCESS_TOKEN_WITH_SCOPES = "1/MkSJoj1xsli0AccessTokenScoped_NKPY2";
private static final Map<String, String> SCOPE_TO_ACCESS_TOKEN_MAP =
Stream.of(
new String[][] {
{"default", ACCESS_TOKEN},
{SCOPES.toString().replaceAll("\\s", ""), ACCESS_TOKEN_WITH_SCOPES},
})
.collect(Collectors.toMap(data -> data[0], data -> data[1]));

@Test
public void buildTokenUrlWithScopes_null_scopes() {
Expand Down Expand Up @@ -215,7 +227,7 @@ public void buildScoped_explicitUniverse() throws IOException {
(ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo"));

assertEquals("some-universe", scopedCredentials.getUniverseDomain());
assertEquals(true, scopedCredentials.isExplicitUniverseDomain());
assertTrue(scopedCredentials.isExplicitUniverseDomain());
}

@Test
Expand All @@ -228,6 +240,33 @@ public void createScoped_defaultScopes() {
assertEquals("foo", scopes.toArray()[0]);
}

@Test
public void buildScoped_quotaProjectId() throws IOException {
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder()
.setScopes(null)
.setQuotaProjectId("some-project-id")
.build();
ComputeEngineCredentials scopedCredentials =
(ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo"));

assertEquals("some-project-id", scopedCredentials.getQuotaProjectId());
}

@Test
public void buildDefaultScoped_explicitUniverse() throws IOException {
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder()
.setScopes(null)
.setUniverseDomain("some-universe")
.build();
ComputeEngineCredentials scopedCredentials =
(ComputeEngineCredentials) credentials.createScoped(null, Arrays.asList("foo"));

assertEquals("some-universe", scopedCredentials.getUniverseDomain());
assertTrue(scopedCredentials.isExplicitUniverseDomain());
}

@Test
public void create_scoped_correctMargins() {
GoogleCredentials credentials =
Expand All @@ -240,21 +279,37 @@ public void create_scoped_correctMargins() {

@Test
public void getRequestMetadata_hasAccessToken() throws IOException {
String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(accessToken);
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);

TestUtils.assertContainsBearerToken(metadata, accessToken);
TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
}

@Test
public void getRequestMetadata_shouldInvalidateAccessTokenWhenScoped_newAccessTokenFromRefresh()
throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);

TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);

assertNotNull(credentials.getAccessToken());
ComputeEngineCredentials scopedCredentialCopy =
(ComputeEngineCredentials) credentials.createScoped(SCOPES);
assertNull(scopedCredentialCopy.getAccessToken());
Map<String, List<String>> metadataForCopiedCredentials =
scopedCredentialCopy.getRequestMetadata(CALL_URI);
TestUtils.assertContainsBearerToken(metadataForCopiedCredentials, ACCESS_TOKEN_WITH_SCOPES);
TestUtils.assertNotContainsBearerToken(metadataForCopiedCredentials, ACCESS_TOKEN);
}

@Test
public void getRequestMetadata_missingServiceAccount_throws() {
String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setRequestStatusCode(HttpStatusCodes.STATUS_CODE_NOT_FOUND);
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
Expand All @@ -271,9 +326,7 @@ public void getRequestMetadata_missingServiceAccount_throws() {

@Test
public void getRequestMetadata_serverError_throws() {
String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setRequestStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR);
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
Expand Down Expand Up @@ -481,11 +534,9 @@ public LowLevelHttpResponse execute() throws IOException {
@Test
public void sign_sameAs() throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
String defaultAccountEmail = "mail@mail.com";
byte[] expectedSignature = {0xD, 0xE, 0xA, 0xD};

transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setServiceAccountEmail(defaultAccountEmail);
transportFactory.transport.setSignature(expectedSignature);
ComputeEngineCredentials credentials =
Expand All @@ -497,10 +548,8 @@ public void sign_sameAs() throws IOException {
@Test
public void sign_getAccountFails() throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
byte[] expectedSignature = {0xD, 0xE, 0xA, 0xD};

transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setSignature(expectedSignature);
ComputeEngineCredentials credentials =
ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
Expand All @@ -517,7 +566,6 @@ public void sign_getAccountFails() throws IOException {
@Test
public void sign_accessDenied_throws() {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
String defaultAccountEmail = "mail@mail.com";

transportFactory.transport =
Expand All @@ -538,7 +586,7 @@ public LowLevelHttpResponse execute() throws IOException {
}
};

transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
transportFactory.transport.setServiceAccountEmail(defaultAccountEmail);

ComputeEngineCredentials credentials =
Expand All @@ -558,7 +606,6 @@ public LowLevelHttpResponse execute() throws IOException {
@Test
public void sign_serverError_throws() {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
String defaultAccountEmail = "mail@mail.com";

transportFactory.transport =
Expand All @@ -579,7 +626,7 @@ public LowLevelHttpResponse execute() throws IOException {
}
};

transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
transportFactory.transport.setServiceAccountEmail(defaultAccountEmail);

ComputeEngineCredentials credentials =
Expand Down Expand Up @@ -808,7 +855,6 @@ public void getUniverseDomain_fromMetadata_non404error_throws() throws IOExcepti
@Test
public void sign_emptyContent_throws() {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
String defaultAccountEmail = "mail@mail.com";

transportFactory.transport =
Expand All @@ -828,7 +874,7 @@ public LowLevelHttpResponse execute() throws IOException {
}
};

transportFactory.transport.setAccessToken(accessToken);
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
transportFactory.transport.setServiceAccountEmail(defaultAccountEmail);

ComputeEngineCredentials credentials =
Expand Down Expand Up @@ -930,7 +976,8 @@ public void idTokenWithAudience_license() throws IOException {

static class MockMetadataServerTransportFactory implements HttpTransportFactory {

MockMetadataServerTransport transport = new MockMetadataServerTransport();
MockMetadataServerTransport transport =
new MockMetadataServerTransport(SCOPE_TO_ACCESS_TOKEN_MAP);

@Override
public HttpTransport create() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@
import com.google.api.client.testing.http.MockLowLevelHttpRequest;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.ComputeEngineCredentialsTest.MockMetadataServerTransportFactory;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
Expand Down Expand Up @@ -306,7 +305,6 @@ public void getDefaultCredentials_appEngineSkipWorks_retrievesCloudShellCredenti
@Test
public void getDefaultCredentials_compute_providesToken() throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider();

GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory);
Expand All @@ -331,7 +329,6 @@ public void getDefaultCredentials_cloudshell() throws IOException {
@Test
public void getDefaultCredentials_cloudshell_withComputCredentialsPresent() throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider();
testProvider.setEnv(DefaultCredentialsProvider.CLOUD_SHELL_ENV_VAR, "4");

Expand Down Expand Up @@ -463,7 +460,6 @@ public void getDefaultCredentials_quota_project() throws IOException {
@Test
public void getDefaultCredentials_compute_quotaProject() throws IOException {
MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory();
transportFactory.transport.setAccessToken(ACCESS_TOKEN);
TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider();
testProvider.setEnv(
DefaultCredentialsProvider.QUOTA_PROJECT_ENV_VAR, QUOTA_PROJECT_FROM_ENVIRONMENT);
Expand Down Expand Up @@ -887,4 +883,14 @@ public HttpTransport create() {
return transport;
}
}

static class MockMetadataServerTransportFactory implements HttpTransportFactory {

MockMetadataServerTransport transport = new MockMetadataServerTransport(ACCESS_TOKEN);

@Override
public HttpTransport create() {
return transport;
}
}
}
Loading

0 comments on commit 98eac04

Please sign in to comment.