@Override public GoogleCredentials getGoogleCredentials(Map<PropertyDescriptor, String> properties, HttpTransportFactory transportFactory) throws IOException { return ComputeEngineCredentials.newBuilder() .setHttpTransportFactory(transportFactory) .build(); } }
static void authCompute() { // Explicitly request service account credentials from the compute engine instance. GoogleCredentials credentials = ComputeEngineCredentials.create(); Storage storage = StorageOptions.newBuilder().setCredentials(credentials).build().getService(); System.out.println("Buckets:"); Page<Bucket> buckets = storage.list(); for (Bucket bucket : buckets.iterateAll()) { System.out.println(bucket.toString()); } } // [END auth_cloud_explicit_compute_engine]
@Test public void getAccount_sameAs() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); String defaultAccountEmail = "mail@mail.com"; transportFactory.transport.setServiceAccountEmail(defaultAccountEmail); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); assertEquals(defaultAccountEmail, credentials.getAccount()); }
@Test public void getRequestMetadata_hasAccessToken() throws IOException { final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); transportFactory.transport.setAccessToken(accessToken); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI); TestUtils.assertContainsBearerToken(metadata, accessToken); }
@Test public void sign_sameAs() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; String defaultAccountEmail = "mail@mail.com"; byte[] expectedSignature = {0xD, 0xE, 0xA, 0xD}; transportFactory.transport.setAccessToken(accessToken); transportFactory.transport.setServiceAccountEmail(defaultAccountEmail); transportFactory.transport.setSignature(expectedSignature); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); assertArrayEquals(expectedSignature, credentials.sign(expectedSignature)); }
public static String getServiceAccountsUrl() { return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/?recursive=true"; }
@Test public void serialize() throws IOException, ClassNotFoundException { MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(serverTransportFactory).build(); GoogleCredentials deserializedCredentials = serializeAndDeserialize(credentials); assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); assertSame(deserializedCredentials.clock, Clock.SYSTEM); credentials = ComputeEngineCredentials.newBuilder().build(); deserializedCredentials = serializeAndDeserialize(credentials); assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); assertSame(deserializedCredentials.clock, Clock.SYSTEM); }
@Test public void equals_true() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); ComputeEngineCredentials otherCredentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); assertTrue(credentials.equals(otherCredentials)); assertTrue(otherCredentials.equals(credentials)); }
private final GoogleCredentials tryGetComputeCredentials(HttpTransportFactory transportFactory) { // Checking compute engine requires a round-trip, so check only once if (checkedComputeEngine) { return null; } boolean runningOnComputeEngine = ComputeEngineCredentials.runningOnComputeEngine(transportFactory, this); checkedComputeEngine = true; if (runningOnComputeEngine) { return ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); } return null; }
private String getSignature(String bytes) throws IOException { String signBlobUrl = String.format(SIGN_BLOB_URL_FORMAT, getAccount()); GenericUrl genericUrl = new GenericUrl(signBlobUrl); JsonHttpContent signContent = new JsonHttpContent(OAuth2Utils.JSON_FACTORY, signRequest); HttpRequest request = transportFactory.create().createRequestFactory().buildPostRequest(genericUrl, signContent); Map<String, List<String>> headers = getRequestMetadata(); HttpHeaders requestHeaders = request.getHeaders(); for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
@Test public void hashCode_equals() throws IOException { MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(serverTransportFactory).build(); ComputeEngineCredentials otherCredentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(serverTransportFactory).build(); assertEquals(credentials.hashCode(), otherCredentials.hashCode()); }
@Test public void toString_containsFields() throws IOException { MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); String expectedToString = String.format("ComputeEngineCredentials{transportFactoryClassName=%s}", MockMetadataServerTransportFactory.class.getName()); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(serverTransportFactory).build(); assertEquals(expectedToString, credentials.toString()); }
@Override public LowLevelHttpRequest buildRequest(String method, String url) throws IOException { if (url.equals(ComputeEngineCredentials.getTokenServerEncodedUrl())) { } else if (url.equals(ComputeEngineCredentials.getMetadataServerUrl())) { return new MockLowLevelHttpRequest(url) { @Override
private String getDefaultServiceAccount() throws IOException { HttpResponse response = getMetadataResponse(getServiceAccountsUrl()); int statusCode = response.getStatusCode(); if (statusCode == HttpStatusCodes.STATUS_CODE_NOT_FOUND) { throw new IOException(String.format("Error code %s trying to get service accounts from" + " Compute Engine metadata. This may be because the virtual machine instance" + " does not have permission scopes specified.", statusCode)); } if (statusCode != HttpStatusCodes.STATUS_CODE_OK) { throw new IOException(String.format("Unexpected Error code %s trying to get service accounts" + " from Compute Engine metadata: %s", statusCode, response.parseAsString())); } InputStream content = response.getContent(); if (content == null) { // Throw explicitly here on empty content to avoid NullPointerException from parseAs call. // Mock transports will have success code with empty content by default. throw new IOException("Empty content from metadata token server request."); } GenericData responseData = response.parseAs(GenericData.class); Map<String, Object> defaultAccount = OAuth2Utils.validateMap(responseData, "default", PARSE_ERROR_ACCOUNT); return OAuth2Utils.validateString(defaultAccount, "email", PARSE_ERROR_ACCOUNT); }
HttpResponse response = getMetadataResponse(getTokenServerEncodedUrl()); int statusCode = response.getStatusCode(); if (statusCode == HttpStatusCodes.STATUS_CODE_NOT_FOUND) {
public static String getTokenServerEncodedUrl() { return getTokenServerEncodedUrl(DefaultCredentialsProvider.DEFAULT); }
protected boolean isGetServiceAccountsUrl(String url) { return url.equals(ComputeEngineCredentials.getServiceAccountsUrl()); }
/** * Create a new ComputeEngineCredentials instance with default behavior. * * @return New ComputeEngineCredentials. */ public static ComputeEngineCredentials create() { return new ComputeEngineCredentials(null); }
transportFactory.transport.setServiceAccountEmail(defaultAccountEmail); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); credentials.getAccount(); fail("Fetching default service account should have failed"); } catch (RuntimeException e) {
@Test public void getRequestMetadata_serverError_throws() { final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); transportFactory.transport.setAccessToken(accessToken); transportFactory.transport.setTokenRequestStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); try { credentials.getRequestMetadata(CALL_URI); fail("Expected error refreshing token."); } catch (IOException expected) { String message = expected.getMessage(); assertTrue(message.contains(Integer.toString(HttpStatusCodes.STATUS_CODE_SERVER_ERROR))); assertTrue(message.contains("Unexpected")); } }