diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java index 098a5bd45..ec717b42e 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java @@ -612,12 +612,12 @@ public void fromStream_Impersonation_providesToken_WithQuotaProject() throws IOE .setExpireTime(ImpersonatedCredentialsTest.getDefaultExpireTime()); transportFactory .getTransport() - .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_URL); + .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL); transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, ""); InputStream impersonationCredentialsStream = ImpersonatedCredentialsTest.writeImpersonationCredentialsStream( - ImpersonatedCredentialsTest.IMPERSONATION_URL, + ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL, ImpersonatedCredentialsTest.DELEGATES, ImpersonatedCredentialsTest.QUOTA_PROJECT_ID); @@ -647,7 +647,7 @@ public void fromStream_Impersonation_defaultUniverse() throws IOException { InputStream impersonationCredentialsStream = ImpersonatedCredentialsTest.writeImpersonationCredentialsStream( - ImpersonatedCredentialsTest.IMPERSONATION_URL, + ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL, ImpersonatedCredentialsTest.DELEGATES, ImpersonatedCredentialsTest.QUOTA_PROJECT_ID); @@ -677,12 +677,12 @@ public void fromStream_Impersonation_providesToken_WithoutQuotaProject() throws .setExpireTime(ImpersonatedCredentialsTest.getDefaultExpireTime()); transportFactory .getTransport() - .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_URL); + .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL); transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, ""); InputStream impersonationCredentialsStream = ImpersonatedCredentialsTest.writeImpersonationCredentialsStream( - ImpersonatedCredentialsTest.IMPERSONATION_URL, + ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL, ImpersonatedCredentialsTest.DELEGATES, null); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index bd4dcbdb1..d48d70e3e 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -123,11 +123,24 @@ public class ImpersonatedCredentialsTest extends BaseSerializationTest { private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance(); private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ssX"; - public static final String DEFAULT_IMPERSONATION_URL = + + private static final String DEFAULT_UNIVERSE_DOMAIN = "googleapis.com"; + private static final String TEST_UNIVERSE_DOMAIN = "test.xyz"; + private static final String OLD_IMPERSONATION_URL = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/" + IMPERSONATED_CLIENT_EMAIL + ":generateAccessToken"; - public static final String IMPERSONATION_URL = + public static final String DEFAULT_IMPERSONATION_URL = + String.format( + OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT, + DEFAULT_UNIVERSE_DOMAIN, + IMPERSONATED_CLIENT_EMAIL); + private static final String NONGDU_IMPERSONATION_URL = + String.format( + OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT, + TEST_UNIVERSE_DOMAIN, + IMPERSONATED_CLIENT_EMAIL); + public static final String IMPERSONATION_OVERRIDE_URL = "https://us-east1-iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/" + IMPERSONATED_CLIENT_EMAIL + ":generateAccessToken"; @@ -169,7 +182,7 @@ private GoogleCredentials getSourceCredentials() throws IOException { public void fromJson_userAsSource_WithQuotaProjectId() throws IOException { GenericJson json = buildImpersonationCredentialsJson( - IMPERSONATION_URL, + IMPERSONATION_OVERRIDE_URL, DELEGATES, QUOTA_PROJECT_ID, USER_ACCOUNT_CLIENT_ID, @@ -178,7 +191,7 @@ public void fromJson_userAsSource_WithQuotaProjectId() throws IOException { ImpersonatedCredentials credentials = ImpersonatedCredentials.fromJson(json, mockTransportFactory); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); - assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); + assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride()); assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId()); assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(new ArrayList(), credentials.getScopes()); @@ -191,7 +204,7 @@ public void fromJson_userAsSource_WithQuotaProjectId() throws IOException { public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException { GenericJson json = buildImpersonationCredentialsJson( - IMPERSONATION_URL, + IMPERSONATION_OVERRIDE_URL, DELEGATES, null, USER_ACCOUNT_CLIENT_ID, @@ -200,7 +213,7 @@ public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException { ImpersonatedCredentials credentials = ImpersonatedCredentials.fromJson(json, mockTransportFactory); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); - assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); + assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride()); assertNull(credentials.getQuotaProjectId()); assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(new ArrayList(), credentials.getScopes()); @@ -213,7 +226,7 @@ public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException { public void fromJson_userAsSource_MissingDelegatesField() throws IOException { GenericJson json = buildImpersonationCredentialsJson( - IMPERSONATION_URL, + IMPERSONATION_OVERRIDE_URL, DELEGATES, null, USER_ACCOUNT_CLIENT_ID, @@ -223,7 +236,7 @@ public void fromJson_userAsSource_MissingDelegatesField() throws IOException { ImpersonatedCredentials credentials = ImpersonatedCredentials.fromJson(json, mockTransportFactory); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); - assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); + assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride()); assertNull(credentials.getQuotaProjectId()); assertEquals(new ArrayList(), credentials.getDelegates()); assertEquals(new ArrayList(), credentials.getScopes()); @@ -235,11 +248,11 @@ public void fromJson_userAsSource_MissingDelegatesField() throws IOException { @Test() public void fromJson_ServiceAccountAsSource() throws IOException { GenericJson json = - buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, QUOTA_PROJECT_ID); + buildImpersonationCredentialsJson(IMPERSONATION_OVERRIDE_URL, DELEGATES, QUOTA_PROJECT_ID); ImpersonatedCredentials credentials = ImpersonatedCredentials.fromJson(json, mockTransportFactory); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); - assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); + assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride()); assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId()); assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(new ArrayList(), credentials.getScopes()); @@ -342,7 +355,7 @@ public void createScopedWithIamEndpointOverride() { VALID_LIFETIME, mockTransportFactory, QUOTA_PROJECT_ID, - IMPERSONATION_URL); + IMPERSONATION_OVERRIDE_URL); ImpersonatedCredentials scoped_credentials = (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); @@ -480,12 +493,36 @@ public void refreshAccessToken_success() throws IOException, IllegalStateExcepti assertTrue(requestHeader.containsKey("authorization")); } + @Test() + public void refreshAccessToken_success_nonGDU() throws IOException, IllegalStateException { + MockIAMCredentialsServiceTransportFactory transportFactory = + new MockIAMCredentialsServiceTransportFactory(TEST_UNIVERSE_DOMAIN); + transportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); + transportFactory.getTransport().setAccessToken(ACCESS_TOKEN); + transportFactory.getTransport().setExpireTime(getDefaultExpireTime()); + transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, ""); + + GoogleCredentials sourceCredentialsNonGDU = + sourceCredentials.toBuilder().setUniverseDomain(TEST_UNIVERSE_DOMAIN).build(); + ImpersonatedCredentials targetCredentials = + ImpersonatedCredentials.create( + sourceCredentialsNonGDU, + IMPERSONATED_CLIENT_EMAIL, + null, + IMMUTABLE_SCOPES_LIST, + VALID_LIFETIME, + transportFactory); + + assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue()); + assertEquals(NONGDU_IMPERSONATION_URL, transportFactory.getTransport().getRequest().getUrl()); + } + @Test public void refreshAccessToken_endpointOverride() throws IOException, IllegalStateException { mockTransportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mockTransportFactory.getTransport().setAccessToken(ACCESS_TOKEN); mockTransportFactory.getTransport().setExpireTime(getDefaultExpireTime()); - mockTransportFactory.getTransport().setAccessTokenEndpoint(IMPERSONATION_URL); + mockTransportFactory.getTransport().setAccessTokenEndpoint(IMPERSONATION_OVERRIDE_URL); mockTransportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, ""); ImpersonatedCredentials targetCredentials = @@ -497,10 +534,11 @@ public void refreshAccessToken_endpointOverride() throws IOException, IllegalSta VALID_LIFETIME, mockTransportFactory, QUOTA_PROJECT_ID, - IMPERSONATION_URL); + IMPERSONATION_OVERRIDE_URL); assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue()); - assertEquals(IMPERSONATION_URL, mockTransportFactory.getTransport().getRequest().getUrl()); + assertEquals( + IMPERSONATION_OVERRIDE_URL, mockTransportFactory.getTransport().getRequest().getUrl()); } @Test() @@ -953,12 +991,7 @@ public void idToken_withOtherError() { @Test public void getUniverseDomain_defaultUniverse() throws IOException { - - mockTransportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); - mockTransportFactory.getTransport().setAccessToken(ACCESS_TOKEN); - mockTransportFactory.getTransport().setExpireTime(getDefaultExpireTime()); - - ImpersonatedCredentials targetCredentials = + ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create( sourceCredentials, IMPERSONATED_CLIENT_EMAIL, @@ -966,7 +999,7 @@ public void getUniverseDomain_defaultUniverse() throws IOException { IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); - assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, targetCredentials.getUniverseDomain()); + assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, impersonatedCredentials.getUniverseDomain()); } @Test @@ -988,9 +1021,8 @@ public void universeDomain_getFromSourceCredentials() throws IOException { @Test public void universeDomain_whenExplicit() throws IOException { - GoogleCredentials sourceCredentialsNonGDU = - sourceCredentials.toBuilder().setUniverseDomain("source.domain.com").build(); + sourceCredentials.toBuilder().setUniverseDomain("source.domain.xyz").build(); ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.newBuilder() .setSourceCredentials(sourceCredentialsNonGDU)