Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(samples): modified comments in the samples and minor refactor #990

Merged
merged 4 commits into from
Sep 13, 2022
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 16 additions & 17 deletions samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,22 @@

// [START auth_cloud_implicit_adc]

import com.google.cloud.compute.v1.Instance;
import com.google.cloud.compute.v1.InstancesClient;
import com.google.api.gax.paging.Page;
import com.google.cloud.storage.Bucket;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;
import java.io.IOException;

public class AuthenticateImplicitWithAdc {

public static void main(String[] args) throws IOException {
// TODO(Developer):
// 1. Before running this sample,
// set up ADC as described in https://cloud.google.com/docs/authentication/external/set-up-adc
// set up Application Default Credentials as described in
// https://cloud.google.com/docs/authentication/external/set-up-adc
// 2. Replace the project variable below.
// 3. Make sure that the user account or service account that you are using
// has the required permissions. For this sample, you must have "compute.instances.list".
// 3. Make sure you have the necessary permission to list storage buckets
// "storage.buckets.list"
String projectId = "your-google-cloud-project-id";
authenticateImplicitWithAdc(projectId);
}
Expand All @@ -37,24 +40,20 @@ public static void main(String[] args) throws IOException {
// credentials to use.
public static void authenticateImplicitWithAdc(String project) throws IOException {

String zone = "us-central1-a";
// This snippet demonstrates how to list instances.
// *NOTE*: Replace the client created below with the client required for your application.
// Note that the credentials are not specified when constructing the client.
// Hence, the client library will look for credentials using ADC.
//
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `instancesClient.close()` method on the client to safely
// clean up any remaining background resources.
try (InstancesClient instancesClient = InstancesClient.create()) {
// Set the project and zone to retrieve instances present in the zone.
System.out.printf("Listing instances from %s in %s:", project, zone);
for (Instance zoneInstance : instancesClient.list(project, zone).iterateAll()) {
System.out.println(zoneInstance.getName());
}
System.out.println("####### Listing instances complete #######");
// once, and can be reused for multiple requests.
Storage storage = StorageOptions.newBuilder().setProjectId(project).build().getService();

System.out.println("Buckets:");
Page<Bucket> buckets = storage.list();
for (Bucket bucket : buckets.iterateAll()) {
System.out.println(bucket.toString());
}
System.out.println("Listed all storage buckets.");
}
}
// [END auth_cloud_implicit_adc]
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,13 @@ public static void main(String[] args) throws IOException {

// Provide the scopes that you might need to request to access Google APIs,
// depending on the level of access you need.
// The best practice is to use the cloud-wide scope and use IAM to narrow the permissions.
// https://cloud.google.com/docs/authentication#authorization_for_services
// This example uses the cloud-wide scope and uses IAM to narrow the permissions.
// https://cloud.google.com/docs/authentication/external/authorization-gcp
// For more information, see: https://developers.google.com/identity/protocols/oauth2/scopes
String scope = "https://www.googleapis.com/auth/cloud-platform";

// The service name for which the id token is requested. Service name refers to the
// logical identifier of an API service, such as "pubsub.googleapis.com".
String targetAudience = "iap.googleapis.com";
// The service name for which the id token is requested.
String targetAudience = "https://example.com";

// The name of the privilege-bearing service account for whom the credential is created.
String impersonatedServiceAccount = "name@project.service.gserviceaccount.com";
Expand Down Expand Up @@ -78,8 +77,8 @@ public static void getIdTokenUsingOAuth2(
.build();

// Get the ID token.
// Once you've obtained the ID token, use it to make an authenticated call
// to the target audience.
// Once you've obtained the ID token, you can use it to make an authenticated call to the
// target audience.
String idToken = idTokenCredentials.refreshAccessToken().getTokenValue();
System.out.println("Generated ID token.");
}
Expand Down
11 changes: 5 additions & 6 deletions samples/snippets/src/main/java/IdTokenFromMetadataServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,13 @@ public static void main(String[] args) throws IOException, GeneralSecurityExcept
// TODO(Developer): Replace the below variables before running the code.

// The url or target audience to obtain the ID token for.
String url = "http://www.abc.com";
String url = "https://example.com";

getIdTokenFromMetadataServer(url);
}

// Use the Google Cloud metadata server in the Cloud Run (or AppEngine or Kubernetes etc.,)
// environment to create an identity token and add it to the HTTP request as part of an
// Authorization header.
// Use the Google Cloud metadata server to create an identity token and add it to the
// HTTP request as part of an Authorization header.
public static void getIdTokenFromMetadataServer(String url) throws IOException {
// Construct the GoogleCredentials object which obtains the default configuration from your
// working environment.
Expand All @@ -52,8 +51,8 @@ public static void getIdTokenFromMetadataServer(String url) throws IOException {
.build();

// Get the ID token.
// Once you've obtained the ID token, use it to make an authenticated call
// to the target audience.
// Once you've obtained the ID token, you can use it to make an authenticated call to the
// target audience.
String idToken = idTokenCredentials.refreshAccessToken().getTokenValue();
System.out.println("Generated ID token.");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public static void main(String[] args)
String jsonCredentialPath = "path-to-json-credential-file";

// The url or target audience to obtain the ID token for.
String targetAudience = "http://www.abc.com";
String targetAudience = "https://example.com";

getIdTokenFromServiceAccount(jsonCredentialPath, targetAudience);
}
Expand Down
5 changes: 2 additions & 3 deletions samples/snippets/src/main/java/VerifyGoogleIdToken.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ public static void main(String[] args) {
// The Google ID token to verify.
String idToken = "id-token";

// The service name for which the id token is requested. Service name refers to the
// logical identifier of an API service, such as "pubsub.googleapis.com".
String targetAudience = "pubsub.googleapis.com";
// The service name for which the id token was requested.
String targetAudience = "https://example.com";

// To verify id tokens, get the Json Web Key endpoint (jwk).
// OpenID Connect allows the use of a "Discovery document," a JSON document found at a
Expand Down
6 changes: 3 additions & 3 deletions samples/snippets/src/test/java/SnippetsIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -95,16 +95,16 @@ private static String getIdTokenFromServiceAccount(

@Test
public void testIdTokenFromServiceAccount() throws IOException {
IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com");
IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com");
assertThat(stdOut.toString()).contains("Generated ID token.");
}

@Test
public void testVerifyGoogleIdToken() throws IOException {
String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com");
String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com");

VerifyGoogleIdToken.verifyGoogleIdToken(
idToken, "iap.googleapis.com", "https://www.googleapis.com/oauth2/v3/certs");
idToken, "https://example.com", "https://www.googleapis.com/oauth2/v3/certs");
}

@Test
Expand Down