From 91dba119b9cc813490984ecec267b84bbdba72ce Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 25 Oct 2024 19:07:30 -0700 Subject: [PATCH 01/10] Support transport and binding-enforcement MDS parameters. --- .../auth/oauth2/ComputeEngineCredentials.java | 39 ++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index 15ce8947d..c679a316c 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -122,6 +122,9 @@ public class ComputeEngineCredentials extends GoogleCredentials private final Collection scopes; + private final String transport; + private final String bindingEnforcement; + private transient HttpTransportFactory transportFactory; private transient String serviceAccountEmail; @@ -152,6 +155,8 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) { scopeList.removeAll(Arrays.asList("", null)); this.scopes = ImmutableSet.copyOf(scopeList); } + this.transport = builder.getTransport(); + this.bindingEnforcement = builder.getBindingEnforcement(); } @Override @@ -191,7 +196,10 @@ public final Collection getScopes() { } /** - * If scopes is specified, add "?scopes=comma-separated-list-of-scopes" to the token url. + * If scopes is specified, add "?scopes=comma-separated-list-of-scopes" to the token url. If + * transport is specified, add "?transport=xyz" to the token url; xyz is one of "alts" or "mtls". + * If bindingEnforcement is specified, add "?binding-enforcement=xyz" to the token url; xyz is one + * of "iam-policy" or "on". * * @return token url with the given scopes */ @@ -200,6 +208,12 @@ String createTokenUrlWithScopes() { if (!scopes.isEmpty()) { tokenUrl.set("scopes", Joiner.on(',').join(scopes)); } + if (!transport.isEmpty()) { + tokenUrl.set("transport", transport); + } + if (!bindingEnforcement.isEmpty()) { + tokenUrl.set("binding-enforcement", bindingEnforcement); + } return tokenUrl.toString(); } @@ -643,6 +657,9 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; + private String transport = ""; + private String bindingEnforcement = ""; + protected Builder() { setRefreshMargin(COMPUTE_REFRESH_MARGIN); setExpirationMargin(COMPUTE_EXPIRATION_MARGIN); @@ -684,6 +701,18 @@ public Builder setQuotaProjectId(String quotaProjectId) { return this; } + @CanIgnoreReturnValue + public Builder setTransport(String transport) { + this.transport = transport; + return this; + } + + @CanIgnoreReturnValue + public Builder setBindingEnforcement(String bindingEnforcement) { + this.bindingEnforcement = bindingEnforcement; + return this; + } + public HttpTransportFactory getHttpTransportFactory() { return transportFactory; } @@ -696,6 +725,14 @@ public Collection getDefaultScopes() { return defaultScopes; } + public String getTransport() { + return transport; + } + + public String getBindingEnforcement() { + return bindingEnforcement; + } + @Override public ComputeEngineCredentials build() { return new ComputeEngineCredentials(this); From ba11e8a911a0c5a2a5a1e441d4a23fdc8f70dba5 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Mon, 28 Oct 2024 10:51:15 -0700 Subject: [PATCH 02/10] add some tests. --- .../oauth2/ComputeEngineCredentialsTest.java | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 10975d874..5d5326f45 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -190,6 +190,66 @@ public void buildTokenUrlWithScopes_defaultScopes() { assertEquals("bar", scopes.toArray()[1]); } + @Test + public void buildTokenUrlSoftMtlsBound_mtls_transport() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder().setTransport("mtls").build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); + } + + @Test + public void buildTokenUrlSoftMtlsBound_iam_enforcement() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder().setBindingEnforcement("iam-policy").build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?binding-enforcement=iam-policy", softBoundTokenUrl); + } + + @Test + public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport("mtls") + .setBindingEnforcement("iam-policy") + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=mtls&binding-enforcement=iam-policy", softBoundTokenUrl); + } + + @Test + public void buildTokenUrlHardMtlsBound_always_enforced() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder().setBindingEnforcement("on").build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?binding-enforcement=on", softBoundTokenUrl); + } + + @Test + public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport("mtls") + .setBindingEnforcement("on") + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=mtls&binding-enforcement=on", softBoundTokenUrl); + } + + @Test + public void buildTokenUrlHardDirectPathBound_alts_transport() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder().setTransport("alts").build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=alts", softBoundTokenUrl); + } + @Test public void buildScoped_scopesPresent() throws IOException { ComputeEngineCredentials credentials = From 9d46bbd880b6240bb7a828510254b075a60c7188 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Tue, 3 Dec 2024 15:33:52 -0800 Subject: [PATCH 03/10] null or empty. --- .../auth/oauth2/ComputeEngineCredentials.java | 5 +- .../oauth2/ComputeEngineCredentialsTest.java | 48 +++++++++++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index c679a316c..d9018d3f1 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -50,6 +50,7 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Joiner; import com.google.common.base.MoreObjects.ToStringHelper; +import com.google.common.base.Strings; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.errorprone.annotations.CanIgnoreReturnValue; @@ -208,10 +209,10 @@ String createTokenUrlWithScopes() { if (!scopes.isEmpty()) { tokenUrl.set("scopes", Joiner.on(',').join(scopes)); } - if (!transport.isEmpty()) { + if (!Strings.isNullOrEmpty(transport)) { tokenUrl.set("transport", transport); } - if (!bindingEnforcement.isEmpty()) { + if (!Strings.isNullOrEmpty(bindingEnforcement)) { tokenUrl.set("binding-enforcement", bindingEnforcement); } return tokenUrl.toString(); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 5d5326f45..f40213305 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -190,6 +190,54 @@ public void buildTokenUrlWithScopes_defaultScopes() { assertEquals("bar", scopes.toArray()[1]); } + @Test + public void buildTokenUrl_emptyTransport() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport("") + .setBindingEnforcement("abc") + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); + } + + @Test + public void buildTokenUrl_nullTransport() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport(null) + .setBindingEnforcement("abc") + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); + } + + @Test + public void buildTokenUrl_emptyBindingEnforcement() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport("abc") + .setBindingEnforcement("") + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + } + + @Test + public void buildTokenUrl_nullBindingEnforcement() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setTransport("abc") + .setBindingEnforcement(null) + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + } + @Test public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = From 3cb6e9852e77c77944d1418eec03bb5fdd970760 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Tue, 3 Dec 2024 15:37:53 -0800 Subject: [PATCH 04/10] no default value in builder. --- .../java/com/google/auth/oauth2/ComputeEngineCredentials.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index d9018d3f1..d04264593 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -658,8 +658,8 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; - private String transport = ""; - private String bindingEnforcement = ""; + private String transport; + private String bindingEnforcement; protected Builder() { setRefreshMargin(COMPUTE_REFRESH_MARGIN); From c96df22dd462f1e676989a5b2865b8152e49c474 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 13 Dec 2024 10:09:03 -0800 Subject: [PATCH 05/10] use enums to hold possible Transport + BindingEnforcement types --- .../auth/oauth2/ComputeEngineCredentials.java | 39 ++++++++----- .../oauth2/ComputeEngineCredentialsTest.java | 56 +++++++------------ 2 files changed, 46 insertions(+), 49 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index d04264593..7609eef6c 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -50,7 +50,6 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Joiner; import com.google.common.base.MoreObjects.ToStringHelper; -import com.google.common.base.Strings; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.errorprone.annotations.CanIgnoreReturnValue; @@ -110,6 +109,16 @@ public class ComputeEngineCredentials extends GoogleCredentials static final int MAX_COMPUTE_PING_TRIES = 3; static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500; + public enum Transport { + ALTS, + MTLS + } + + public enum BindingEnforcement { + ON, + IAMPOLICY + } + private static final String METADATA_FLAVOR = "Metadata-Flavor"; private static final String GOOGLE = "Google"; private static final String WINDOWS = "windows"; @@ -123,8 +132,8 @@ public class ComputeEngineCredentials extends GoogleCredentials private final Collection scopes; - private final String transport; - private final String bindingEnforcement; + private final Transport transport; + private final BindingEnforcement bindingEnforcement; private transient HttpTransportFactory transportFactory; private transient String serviceAccountEmail; @@ -209,11 +218,15 @@ String createTokenUrlWithScopes() { if (!scopes.isEmpty()) { tokenUrl.set("scopes", Joiner.on(',').join(scopes)); } - if (!Strings.isNullOrEmpty(transport)) { - tokenUrl.set("transport", transport); + if (transport == Transport.MTLS) { + tokenUrl.set("transport", "mtls"); + } else if (transport == Transport.ALTS) { + tokenUrl.set("transport", "alts"); } - if (!Strings.isNullOrEmpty(bindingEnforcement)) { - tokenUrl.set("binding-enforcement", bindingEnforcement); + if (bindingEnforcement == BindingEnforcement.ON) { + tokenUrl.set("binding-enforcement", "on"); + } else if (bindingEnforcement == BindingEnforcement.IAMPOLICY) { + tokenUrl.set("binding-enforcement", "iam-policy"); } return tokenUrl.toString(); } @@ -658,8 +671,8 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; - private String transport; - private String bindingEnforcement; + private Transport transport; + private BindingEnforcement bindingEnforcement; protected Builder() { setRefreshMargin(COMPUTE_REFRESH_MARGIN); @@ -703,13 +716,13 @@ public Builder setQuotaProjectId(String quotaProjectId) { } @CanIgnoreReturnValue - public Builder setTransport(String transport) { + public Builder setTransport(Transport transport) { this.transport = transport; return this; } @CanIgnoreReturnValue - public Builder setBindingEnforcement(String bindingEnforcement) { + public Builder setBindingEnforcement(BindingEnforcement bindingEnforcement) { this.bindingEnforcement = bindingEnforcement; return this; } @@ -726,11 +739,11 @@ public Collection getDefaultScopes() { return defaultScopes; } - public String getTransport() { + public Transport getTransport() { return transport; } - public String getBindingEnforcement() { + public BindingEnforcement getBindingEnforcement() { return bindingEnforcement; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index f40213305..13515a6c1 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -190,58 +190,36 @@ public void buildTokenUrlWithScopes_defaultScopes() { assertEquals("bar", scopes.toArray()[1]); } - @Test - public void buildTokenUrl_emptyTransport() { - ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder() - .setTransport("") - .setBindingEnforcement("abc") - .build(); - String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - - assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); - } - @Test public void buildTokenUrl_nullTransport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() .setTransport(null) - .setBindingEnforcement("abc") - .build(); - String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - - assertEquals(TOKEN_URL + "?binding-enforcement=abc", softBoundTokenUrl); - } - - @Test - public void buildTokenUrl_emptyBindingEnforcement() { - ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder() - .setTransport("abc") - .setBindingEnforcement("") + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + assertEquals(TOKEN_URL + "?binding-enforcement=on", softBoundTokenUrl); } @Test public void buildTokenUrl_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("abc") + .setTransport(ComputeEngineCredentials.Transport.MTLS) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); - assertEquals(TOKEN_URL + "?transport=abc", softBoundTokenUrl); + assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); } @Test public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setTransport("mtls").build(); + ComputeEngineCredentials.newBuilder() + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); @@ -250,7 +228,9 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport() { @Test public void buildTokenUrlSoftMtlsBound_iam_enforcement() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setBindingEnforcement("iam-policy").build(); + ComputeEngineCredentials.newBuilder() + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?binding-enforcement=iam-policy", softBoundTokenUrl); @@ -260,8 +240,8 @@ public void buildTokenUrlSoftMtlsBound_iam_enforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("mtls") - .setBindingEnforcement("iam-policy") + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -271,7 +251,9 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { @Test public void buildTokenUrlHardMtlsBound_always_enforced() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setBindingEnforcement("on").build(); + ComputeEngineCredentials.newBuilder() + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?binding-enforcement=on", softBoundTokenUrl); @@ -281,8 +263,8 @@ public void buildTokenUrlHardMtlsBound_always_enforced() { public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport("mtls") - .setBindingEnforcement("on") + .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -292,7 +274,9 @@ public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { @Test public void buildTokenUrlHardDirectPathBound_alts_transport() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setTransport("alts").build(); + ComputeEngineCredentials.newBuilder() + .setTransport(ComputeEngineCredentials.Transport.ALTS) + .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); assertEquals(TOKEN_URL + "?transport=alts", softBoundTokenUrl); From 3d469637c3246e82f7d3f4c54e3257a59521ab7a Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 13 Dec 2024 15:53:59 -0800 Subject: [PATCH 06/10] Enum labels + Transport -> AuthTransport. --- .../auth/oauth2/ComputeEngineCredentials.java | 54 +++++++++++++------ .../oauth2/ComputeEngineCredentialsTest.java | 10 ++-- 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index 7609eef6c..dccc8a045 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -109,14 +109,38 @@ public class ComputeEngineCredentials extends GoogleCredentials static final int MAX_COMPUTE_PING_TRIES = 3; static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500; - public enum Transport { - ALTS, - MTLS + public enum AuthTransport { + // Authenticating to Google APIs via DirectPath + ALTS("alts"), + // Authenticating to Google APIs via GFE + MTLS("mtls"); + + private final String label; + + private AuthTransport(String label) { + this.label = label; + } + + public String getLabel() { + return label; + } } public enum BindingEnforcement { - ON, - IAMPOLICY + // Binding enforcement will always happen, irrespective of the IAM policy. + ON("on"), + // Binding enforcement will depend on IAM policy. + IAMPOLICY("iam-policy"); + + private final String label; + + private BindingEnforcement(String label) { + this.label = label; + } + + public String getLabel() { + return label; + } } private static final String METADATA_FLAVOR = "Metadata-Flavor"; @@ -132,7 +156,7 @@ public enum BindingEnforcement { private final Collection scopes; - private final Transport transport; + private final AuthTransport transport; private final BindingEnforcement bindingEnforcement; private transient HttpTransportFactory transportFactory; @@ -218,15 +242,11 @@ String createTokenUrlWithScopes() { if (!scopes.isEmpty()) { tokenUrl.set("scopes", Joiner.on(',').join(scopes)); } - if (transport == Transport.MTLS) { - tokenUrl.set("transport", "mtls"); - } else if (transport == Transport.ALTS) { - tokenUrl.set("transport", "alts"); + if (transport != null) { + tokenUrl.set("transport", transport.getLabel()); } - if (bindingEnforcement == BindingEnforcement.ON) { - tokenUrl.set("binding-enforcement", "on"); - } else if (bindingEnforcement == BindingEnforcement.IAMPOLICY) { - tokenUrl.set("binding-enforcement", "iam-policy"); + if (bindingEnforcement != null) { + tokenUrl.set("binding-enforcement", bindingEnforcement.getLabel()); } return tokenUrl.toString(); } @@ -671,7 +691,7 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; - private Transport transport; + private AuthTransport transport; private BindingEnforcement bindingEnforcement; protected Builder() { @@ -716,7 +736,7 @@ public Builder setQuotaProjectId(String quotaProjectId) { } @CanIgnoreReturnValue - public Builder setTransport(Transport transport) { + public Builder setTransport(AuthTransport transport) { this.transport = transport; return this; } @@ -739,7 +759,7 @@ public Collection getDefaultScopes() { return defaultScopes; } - public Transport getTransport() { + public AuthTransport getTransport() { return transport; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 13515a6c1..4c420e616 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -206,7 +206,7 @@ public void buildTokenUrl_nullTransport() { public void buildTokenUrl_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -218,7 +218,7 @@ public void buildTokenUrl_nullBindingEnforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -240,7 +240,7 @@ public void buildTokenUrlSoftMtlsBound_iam_enforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -263,7 +263,7 @@ public void buildTokenUrlHardMtlsBound_always_enforced() { public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.Transport.MTLS) + .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -275,7 +275,7 @@ public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { public void buildTokenUrlHardDirectPathBound_alts_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.Transport.ALTS) + .setTransport(ComputeEngineCredentials.AuthTransport.ALTS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); From f36a19cd4e94898e896950304296160e2a88d685 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 20 Dec 2024 18:45:20 -0800 Subject: [PATCH 07/10] separate constant with underscore. --- .../java/com/google/auth/oauth2/ComputeEngineCredentials.java | 2 +- .../com/google/auth/oauth2/ComputeEngineCredentialsTest.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index dccc8a045..f97c239d4 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -130,7 +130,7 @@ public enum BindingEnforcement { // Binding enforcement will always happen, irrespective of the IAM policy. ON("on"), // Binding enforcement will depend on IAM policy. - IAMPOLICY("iam-policy"); + IAM_POLICY("iam-policy"); private final String label; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 4c420e616..778f046eb 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -229,7 +229,7 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport() { public void buildTokenUrlSoftMtlsBound_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAM_POLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -241,7 +241,7 @@ public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) - .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAMPOLICY) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAM_POLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); From 8a2d967552c6322f7b6514dcde4b7ba190a7128a Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 20 Dec 2024 18:54:12 -0800 Subject: [PATCH 08/10] add javadocs + getTransport -> getAuthTransport. --- .../auth/oauth2/ComputeEngineCredentials.java | 26 ++++++++++++++++--- .../oauth2/ComputeEngineCredentialsTest.java | 12 ++++----- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index f97c239d4..fd05bae6a 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -189,7 +189,7 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) { scopeList.removeAll(Arrays.asList("", null)); this.scopes = ImmutableSet.copyOf(scopeList); } - this.transport = builder.getTransport(); + this.transport = builder.getAuthTransport(); this.bindingEnforcement = builder.getBindingEnforcement(); } @@ -735,12 +735,22 @@ public Builder setQuotaProjectId(String quotaProjectId) { return this; } + /** + * Set the {@code AuthTransport} type. + * + * @param transport the transport type over which to authenticate to Google APIs + */ @CanIgnoreReturnValue - public Builder setTransport(AuthTransport transport) { + public Builder setAuthTransport(AuthTransport transport) { this.transport = transport; return this; } + /** + * Set the {@code BindingEnforcement} type. + * + * @param bindingEnforcement the token binding enforcement policy. + */ @CanIgnoreReturnValue public Builder setBindingEnforcement(BindingEnforcement bindingEnforcement) { this.bindingEnforcement = bindingEnforcement; @@ -759,10 +769,20 @@ public Collection getDefaultScopes() { return defaultScopes; } - public AuthTransport getTransport() { + /** + * Get the {@code AuthTransport} type. + * + * @return the transport type over which to authenticate to Google APIs + */ + public AuthTransport getAuthTransport() { return transport; } + /** + * Get the {@code BindingEnforcement} type. + * + * @return the token binding enforcement policy. + */ public BindingEnforcement getBindingEnforcement() { return bindingEnforcement; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 778f046eb..94641796a 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -194,7 +194,7 @@ public void buildTokenUrlWithScopes_defaultScopes() { public void buildTokenUrl_nullTransport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(null) + .setAuthTransport(null) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -206,7 +206,7 @@ public void buildTokenUrl_nullTransport() { public void buildTokenUrl_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -218,7 +218,7 @@ public void buildTokenUrl_nullBindingEnforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -240,7 +240,7 @@ public void buildTokenUrlSoftMtlsBound_iam_enforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAM_POLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -263,7 +263,7 @@ public void buildTokenUrlHardMtlsBound_always_enforced() { public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -275,7 +275,7 @@ public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { public void buildTokenUrlHardDirectPathBound_alts_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setTransport(ComputeEngineCredentials.AuthTransport.ALTS) + .setAuthTransport(ComputeEngineCredentials.AuthTransport.ALTS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); From ce74e45f2cb2fba09486fe4faccac933950ebd09 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 20 Dec 2024 18:57:07 -0800 Subject: [PATCH 09/10] add test both params null. --- .../auth/oauth2/ComputeEngineCredentialsTest.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 94641796a..aeaf3f8ec 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -214,6 +214,18 @@ public void buildTokenUrl_nullBindingEnforcement() { assertEquals(TOKEN_URL + "?transport=mtls", softBoundTokenUrl); } + @Test + public void buildTokenUrl_nullTransport_nullBindingEnforcement() { + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder() + .setAuthTransport(null) + .setBindingEnforcement(null) + .build(); + String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); + + assertEquals(TOKEN_URL, softBoundTokenUrl); + } + @Test public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = From 8ce3a4d6782d58b13a90fbf7899b28a02419adf6 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 20 Dec 2024 19:24:00 -0800 Subject: [PATCH 10/10] AuthTransport -> GoogleAuthTransport. --- .../auth/oauth2/ComputeEngineCredentials.java | 26 +++++++++---------- .../oauth2/ComputeEngineCredentialsTest.java | 14 +++++----- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index fd05bae6a..f503bbd75 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -109,7 +109,7 @@ public class ComputeEngineCredentials extends GoogleCredentials static final int MAX_COMPUTE_PING_TRIES = 3; static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500; - public enum AuthTransport { + public enum GoogleAuthTransport { // Authenticating to Google APIs via DirectPath ALTS("alts"), // Authenticating to Google APIs via GFE @@ -117,7 +117,7 @@ public enum AuthTransport { private final String label; - private AuthTransport(String label) { + private GoogleAuthTransport(String label) { this.label = label; } @@ -156,7 +156,7 @@ public String getLabel() { private final Collection scopes; - private final AuthTransport transport; + private final GoogleAuthTransport transport; private final BindingEnforcement bindingEnforcement; private transient HttpTransportFactory transportFactory; @@ -189,7 +189,7 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) { scopeList.removeAll(Arrays.asList("", null)); this.scopes = ImmutableSet.copyOf(scopeList); } - this.transport = builder.getAuthTransport(); + this.transport = builder.getGoogleAuthTransport(); this.bindingEnforcement = builder.getBindingEnforcement(); } @@ -691,7 +691,7 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private Collection defaultScopes; - private AuthTransport transport; + private GoogleAuthTransport transport; private BindingEnforcement bindingEnforcement; protected Builder() { @@ -736,19 +736,19 @@ public Builder setQuotaProjectId(String quotaProjectId) { } /** - * Set the {@code AuthTransport} type. - * + * Set the {@code GoogleAuthTransport} type. + * * @param transport the transport type over which to authenticate to Google APIs */ @CanIgnoreReturnValue - public Builder setAuthTransport(AuthTransport transport) { + public Builder setGoogleAuthTransport(GoogleAuthTransport transport) { this.transport = transport; return this; } /** * Set the {@code BindingEnforcement} type. - * + * * @param bindingEnforcement the token binding enforcement policy. */ @CanIgnoreReturnValue @@ -770,17 +770,17 @@ public Collection getDefaultScopes() { } /** - * Get the {@code AuthTransport} type. - * + * Get the {@code GoogleAuthTransport} type. + * * @return the transport type over which to authenticate to Google APIs */ - public AuthTransport getAuthTransport() { + public GoogleAuthTransport getGoogleAuthTransport() { return transport; } /** * Get the {@code BindingEnforcement} type. - * + * * @return the token binding enforcement policy. */ public BindingEnforcement getBindingEnforcement() { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index aeaf3f8ec..9f32d8277 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -194,7 +194,7 @@ public void buildTokenUrlWithScopes_defaultScopes() { public void buildTokenUrl_nullTransport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(null) + .setGoogleAuthTransport(null) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -206,7 +206,7 @@ public void buildTokenUrl_nullTransport() { public void buildTokenUrl_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -218,7 +218,7 @@ public void buildTokenUrl_nullBindingEnforcement() { public void buildTokenUrl_nullTransport_nullBindingEnforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(null) + .setGoogleAuthTransport(null) .setBindingEnforcement(null) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -230,7 +230,7 @@ public void buildTokenUrl_nullTransport_nullBindingEnforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -252,7 +252,7 @@ public void buildTokenUrlSoftMtlsBound_iam_enforcement() { public void buildTokenUrlSoftMtlsBound_mtls_transport_iam_enforcement() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.IAM_POLICY) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -275,7 +275,7 @@ public void buildTokenUrlHardMtlsBound_always_enforced() { public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(ComputeEngineCredentials.AuthTransport.MTLS) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes(); @@ -287,7 +287,7 @@ public void buildTokenUrlHardMtlsBound_mtls_transport_always_enforced() { public void buildTokenUrlHardDirectPathBound_alts_transport() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() - .setAuthTransport(ComputeEngineCredentials.AuthTransport.ALTS) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.ALTS) .build(); String softBoundTokenUrl = credentials.createTokenUrlWithScopes();