feat: refactor ExternalAccount to use base class universe domain, upd…

…ate tests
googleapis · Nov 14, 2023 · 763f6b0 · 763f6b0
1 parent 0749124
commit 763f6b0
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 32 deletions.
diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -392,7 +392,7 @@ public static ExternalAccountCredentials fromStream(
    * @return the credentials defined by the JSON
    */
   static ExternalAccountCredentials fromJson(
-      Map<String, Object> json, HttpTransportFactory transportFactory) {
+      Map<String, Object> json, HttpTransportFactory transportFactory) throws IOException {
     checkNotNull(json);
     checkNotNull(transportFactory);
 
@@ -409,10 +409,11 @@ static ExternalAccountCredentials fromJson(
     String clientSecret = (String) json.get("client_secret");
     String quotaProjectId = (String) json.get("quota_project_id");
     String userProject = (String) json.get("workforce_pool_user_project");
-    String universeDomain = (String) json.get("universe_domain");
     Map<String, Object> impersonationOptionsMap =
         (Map<String, Object>) json.get("service_account_impersonation");
 
+    GoogleCredentials baseCredential = GoogleCredentials.fromJson(json);
+
     if (impersonationOptionsMap == null) {
       impersonationOptionsMap = new HashMap<String, Object>();
     }
@@ -430,7 +431,7 @@ static ExternalAccountCredentials fromJson(
           .setClientId(clientId)
           .setClientSecret(clientSecret)
           .setServiceAccountImpersonationOptions(impersonationOptionsMap)
-          .setUniverseDomain(universeDomain)
+          .setUniverseDomain(baseCredential.getUniverseDomain())
           .build();
     } else if (isPluggableAuthCredential(credentialSourceMap)) {
       return PluggableAuthCredentials.newBuilder()
@@ -446,7 +447,7 @@ static ExternalAccountCredentials fromJson(
           .setClientSecret(clientSecret)
           .setWorkforcePoolUserProject(userProject)
           .setServiceAccountImpersonationOptions(impersonationOptionsMap)
-          .setUniverseDomain(universeDomain)
+          .setUniverseDomain(baseCredential.getUniverseDomain())
           .build();
     }
     return IdentityPoolCredentials.newBuilder()
@@ -462,7 +463,7 @@ static ExternalAccountCredentials fromJson(
         .setClientSecret(clientSecret)
         .setWorkforcePoolUserProject(userProject)
         .setServiceAccountImpersonationOptions(impersonationOptionsMap)
-        .setUniverseDomain(universeDomain)
+        .setUniverseDomain(baseCredential.getUniverseDomain())
         .build();
   }
 
@@ -723,7 +724,6 @@ public abstract static class Builder extends GoogleCredentials.Builder {
     @Nullable protected Collection<String> scopes;
     @Nullable protected String workforcePoolUserProject;
     @Nullable protected ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
-    @Nullable protected String universeDomain;
     @Nullable protected ExternalAccountMetricsHandler metricsHandler;
 
     protected Builder() {}

diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
@@ -173,7 +173,7 @@ public void fromStream_invalidWorkloadAudience_throws() throws IOException {
   }
 
   @Test
-  public void fromJson_identityPoolCredentialsWorkload() {
+  public void fromJson_identityPoolCredentialsWorkload() throws IOException {
     ExternalAccountCredentials credential =
         ExternalAccountCredentials.fromJson(
             buildJsonIdentityPoolCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
@@ -186,11 +186,11 @@ public void fromJson_identityPoolCredentialsWorkload() {
     assertEquals(STS_URL, credential.getTokenUrl());
     assertEquals("tokenInfoUrl", credential.getTokenInfoUrl());
     assertNotNull(credential.getCredentialSource());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_identityPoolCredentialsWorkforce() {
+  public void fromJson_identityPoolCredentialsWorkforce() throws IOException {
     ExternalAccountCredentials credential =
         ExternalAccountCredentials.fromJson(
             buildJsonIdentityPoolWorkforceCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
@@ -208,7 +208,8 @@ public void fromJson_identityPoolCredentialsWorkforce() {
   }
 
   @Test
-  public void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptions() {
+  public void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptions()
+      throws IOException {
     GenericJson identityPoolCredentialJson = buildJsonIdentityPoolCredential();
     identityPoolCredentialJson.set(
         "service_account_impersonation", buildServiceAccountImpersonationOptions(2800));
@@ -230,7 +231,7 @@ public void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptio
   }
 
   @Test
-  public void fromJson_identityPoolCredentialsWithUniverseDomain() {
+  public void fromJson_identityPoolCredentialsWithUniverseDomain() throws IOException {
     GenericJson identityPoolCredentialJson = buildJsonIdentityPoolCredential();
     identityPoolCredentialJson.set("universe_domain", "universeDomain");
 
@@ -261,7 +262,7 @@ public void fromJson_awsCredentials() throws IOException {
     assertEquals(STS_URL, credential.getTokenUrl());
     assertEquals("tokenInfoUrl", credential.getTokenInfoUrl());
     assertNotNull(credential.getCredentialSource());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
@@ -280,11 +281,11 @@ public void fromJson_awsCredentialsWithServiceAccountImpersonationOptions() thro
     assertEquals("tokenInfoUrl", credential.getTokenInfoUrl());
     assertNotNull(credential.getCredentialSource());
     assertEquals(2800, credential.getServiceAccountImpersonationOptions().getLifetime());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_awsCredentialsWithUniverseDomain() {
+  public void fromJson_awsCredentialsWithUniverseDomain() throws IOException {
     GenericJson awsCredentialJson = buildJsonAwsCredential();
     awsCredentialJson.set("universe_domain", "universeDomain");
 
@@ -301,7 +302,7 @@ public void fromJson_awsCredentialsWithUniverseDomain() {
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentials() {
+  public void fromJson_pluggableAuthCredentials() throws IOException {
     ExternalAccountCredentials credential =
         ExternalAccountCredentials.fromJson(
             buildJsonPluggableAuthCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
@@ -318,11 +319,11 @@ public void fromJson_pluggableAuthCredentials() {
     assertEquals("command", source.getCommand());
     assertEquals(30000, source.getTimeoutMs()); // Default timeout is 30s.
     assertNull(source.getOutputFilePath());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentialsWorkforce() {
+  public void fromJson_pluggableAuthCredentialsWorkforce() throws IOException {
     ExternalAccountCredentials credential =
         ExternalAccountCredentials.fromJson(
             buildJsonPluggableAuthWorkforceCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
@@ -343,11 +344,11 @@ public void fromJson_pluggableAuthCredentialsWorkforce() {
     assertEquals("command", source.getCommand());
     assertEquals(30000, source.getTimeoutMs()); // Default timeout is 30s.
     assertNull(source.getOutputFilePath());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() {
+  public void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() throws IOException {
     GenericJson json = buildJsonPluggableAuthCredential();
     Map<String, Object> credentialSourceMap = (Map<String, Object>) json.get("credential_source");
     // Add optional params to the executable config (timeout, output file path).
@@ -371,11 +372,12 @@ public void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() {
     assertEquals("command", source.getCommand());
     assertEquals("path/to/output/file", source.getOutputFilePath());
     assertEquals(5000, source.getTimeoutMs());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOptions() {
+  public void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOptions()
+      throws IOException {
     GenericJson pluggableAuthCredentialJson = buildJsonPluggableAuthCredential();
     pluggableAuthCredentialJson.set(
         "service_account_impersonation", buildServiceAccountImpersonationOptions(2800));
@@ -397,11 +399,11 @@ public void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOpti
     assertEquals("command", source.getCommand());
     assertEquals(30000, source.getTimeoutMs()); // Default timeout is 30s.
     assertNull(source.getOutputFilePath());
-    assertNull(credential.getUniverseDomain());
+    assertEquals(GOOGLE_DEFAULT_UNIVERSE, credential.getUniverseDomain());
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentials_withUniverseDomain() {
+  public void fromJson_pluggableAuthCredentials_withUniverseDomain() throws IOException {
     GenericJson json = buildJsonPluggableAuthCredential();
     json.set("universe_domain", "universeDomain");
 
@@ -431,7 +433,7 @@ public void fromJson_pluggableAuthCredentials_withUniverseDomain() {
   }
 
   @Test
-  public void fromJson_pluggableAuthCredentialsWithUniverseDomain() {
+  public void fromJson_pluggableAuthCredentialsWithUniverseDomain() throws IOException {
     GenericJson pluggableAuthCredentialJson = buildJsonPluggableAuthCredential();
     pluggableAuthCredentialJson.set("universe_domain", "universeDomain");
 
@@ -455,7 +457,7 @@ public void fromJson_pluggableAuthCredentialsWithUniverseDomain() {
   }
 
   @Test
-  public void fromJson_nullJson_throws() {
+  public void fromJson_nullJson_throws() throws IOException {
     try {
       ExternalAccountCredentials.fromJson(/* json= */ null, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
       fail("Exception should be thrown.");
@@ -465,7 +467,7 @@ public void fromJson_nullJson_throws() {
   }
 
   @Test
-  public void fromJson_invalidServiceAccountImpersonationUrl_throws() {
+  public void fromJson_invalidServiceAccountImpersonationUrl_throws() throws IOException {
     GenericJson json = buildJsonIdentityPoolCredential();
     json.put("service_account_impersonation_url", "https://iamcredentials.googleapis.com");
 
@@ -480,7 +482,7 @@ public void fromJson_invalidServiceAccountImpersonationUrl_throws() {
   }
 
   @Test
-  public void fromJson_nullTransport_throws() {
+  public void fromJson_nullTransport_throws() throws IOException {
     try {
       ExternalAccountCredentials.fromJson(
           new HashMap<String, Object>(), /* transportFactory= */ null);
@@ -491,7 +493,7 @@ public void fromJson_nullTransport_throws() {
   }
 
   @Test
-  public void fromJson_invalidWorkforceAudiences_throws() {
+  public void fromJson_invalidWorkforceAudiences_throws() throws IOException {
     List<String> invalidAudiences =
         Arrays.asList(
             "//iam.googleapis.com/locations/global/workloadIdentityPools/pool/providers/provider",

diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java
@@ -589,18 +589,18 @@ public void createWithQuotaProject() {
   }
 
   @Test
-  public void createWithUniverseDomain() {
+  public void buildWithUniverseDomain() {
     final GoogleCredentials original =
         new GoogleCredentials.Builder().setUniverseDomain("universe1").build();
-    GoogleCredentials updated = original.createWithUniverseDomain("universe2");
+    GoogleCredentials updated = original.toBuilder().setUniverseDomain("universe2").build();
 
     assertEquals("universe1", original.getUniverseDomain());
     assertEquals("universe2", updated.getUniverseDomain());
 
-    GoogleCredentials withEmpty = original.createWithUniverseDomain("");
+    GoogleCredentials withEmpty = original.toBuilder().setUniverseDomain("").build();
     assertEquals(GOOGLE_DEFAULT_UNIVERSE, withEmpty.getUniverseDomain());
 
-    GoogleCredentials withNull = original.createWithUniverseDomain(null);
+    GoogleCredentials withNull = original.toBuilder().setUniverseDomain(null).build();
     assertEquals(GOOGLE_DEFAULT_UNIVERSE, withNull.getUniverseDomain());
   }