diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index d04264593..7609eef6c 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -50,7 +50,6 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Joiner; import com.google.common.base.MoreObjects.ToStringHelper; -import com.google.common.base.Strings; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.errorprone.annotations.CanIgnoreReturnValue; @@ -110,6 +109,16 @@ public class ComputeEngineCredentials extends GoogleCredentials static final int MAX_COMPUTE_PING_TRIES = 3; static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500; + public enum Transport { + ALTS, + MTLS + } + + public enum BindingEnforcement { + ON, + IAMPOLICY + } + private static final String METADATA_FLAVOR = "Metadata-Flavor"; private static final String GOOGLE = "Google"; private static final String WINDOWS = "windows"; @@ -123,8 +132,8 @@ public class ComputeEngineCredentials extends GoogleCredentials private final Collection scopes; - private final String transport; - private final String bindingEnforcement; + private final Transport transport; + private final BindingEnforcement bindingEnforcement; private transient HttpTransportFactory transportFactory; private transient String serviceAccountEmail; @@ -209,11 +218,15 @@ String createTokenUrlWithScopes() { if (!scopes.isEmpty()) { tokenUrl.set("scopes", Joiner.on(',').join(scopes)); } - if (!Strings.isNullOrEmpty(transport)) { - tokenUrl.set("transport", transport); + if (transport == Transport.MTLS) { + tokenUrl.set("transport", "mtls"); + } else if (transport == Transport.ALTS) { + tokenUrl.set("transport", "alts"); } - if (!Strings.isNullOrEmpty(bindingEnforcement)) { - tokenUrl.set("binding-enforcement", bindingEnforcement); + if (bindingEnforcement == BindingEnforcement.ON) { + tokenUrl.set("binding-enforcement", "on"); + } else if (bindingEnforcement == BindingEnforcement.IAMPOLICY) { + tokenUrl.set("binding-enforcement", "iam-policy"); } return tokenUrl.toString(); } @@ -658,8 +671,8 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; - private String transport; - private String bindingEnforcement; + private Transport transport; + private BindingEnforcement bindingEnforcement; protected Builder() { setRefreshMargin(COMPUTE_REFRESH_MARGIN); @@ -703,13 +716,13 @@ public Builder setQuotaProjectId(String quotaProjectId) { } @CanIgnoreReturnValue - public Builder setTransport(String transport) { + public Builder setTransport(Transport transport) { this.transport = transport; return this; } @CanIgnoreReturnValue - public Builder setBindingEnforcement(String bindingEnforcement) { + public Builder setBindingEnforcement(BindingEnforcement bindingEnforcement) { this.bindingEnforcement = bindingEnforcement; return this; } @@ -726,11 +739,11 @@ public Collection getDefaultScopes() { return defaultScopes; } - public String getTransport() { + public Transport getTransport() { return transport; } - public String getBindingEnforcement() { + public BindingEnforcement getBindingEnforcement() { return bindingEnforcement; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index f40213305..13515a6c1 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -190,58 +190,36 @@ public void buildTokenUrlWithScopes_defaultScopes() { assertEquals("bar", scopes.toArray()[1]); } - @Test - public void buildTokenUrl_emptyTransport() { - ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder() - .setTransport("") - .setBindingEnforcement("abc") - .build(); - String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - - assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); - } - @Test public void buildTokenUrl_nullTransport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() .setTransport(null) - .setBindingEnforcement("abc") - .build(); - String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - - assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); - } - - @Test - public void buildTokenUrl_emptyBindingEnforcement() { - ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder() - .setTransport("abc") - .setBindingEnforcement("") + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + assertEquals(TOKEN_URL + "?binding-enforcement=on", softBoundTokenUrl); } @Test public void buildTokenUrl_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("abc") + .setTransport(ComputeEngineCredentials.Transport.MTLS) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); } @Test public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setTransport("mtls").build(); + ComputeEngineCredentials.newBuilder() + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); @@ -250,7 +228,9 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport() { @Test public void buildTokenUrlSoftMtlsBound_iam_enforcement() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setBindingEnforcement("iam-policy").build(); + ComputeEngineCredentials.newBuilder() + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?binding-enforcement=iam-policy", softBoundTokenUrl); @@ -260,8 +240,8 @@ public void buildTokenUrlSoftMtlsBound_iam_enforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("mtls") - .setBindingEnforcement("iam-policy") + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -271,7 +251,9 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { @Test public void buildTokenUrlHardMtlsBound_always_enforced() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setBindingEnforcement("on").build(); + ComputeEngineCredentials.newBuilder() + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?binding-enforcement=on", softBoundTokenUrl); @@ -281,8 +263,8 @@ public void buildTokenUrlHardMtlsBound_always_enforced() { public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("mtls") - .setBindingEnforcement("on") + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -292,7 +274,9 @@ public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { @Test public void buildTokenUrlHardDirectPathBound_alts_transport() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setTransport("alts").build(); + ComputeEngineCredentials.newBuilder() + .setTransport(ComputeEngineCredentials.Transport.ALTS) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?transport=alts", softBoundTokenUrl);