logger.info("Using default gcloud credential."); logger.info("DatasetID: " + datasetId + ", Service Account Email: " + ((GoogleCredential) credential).getServiceAccountId());
@Nullable private String getCredentialServiceAccount(Credential credential) { return credential instanceof GoogleCredential ? ((GoogleCredential) credential).getServiceAccountId() : null; }
@Nullable private String getCredentialServiceAccount(Credential credential) { return credential instanceof GoogleCredential ? ((GoogleCredential) credential).getServiceAccountId() : null; }
/** * Get a the service account id (email) to be placed in the signed JWT. * * @param credential credential object to obtain the service account id from. * @return the service account id to use. */ @Override public String getServiceAccountId(GoogleCredential credential) { Assert.notNull(credential, "GoogleCredential must not be null"); Assert.notNull( credential.getServiceAccountId(), "The configured GoogleCredential does not represent a service account. Configure the service account id with GcpIamAuthenticationOptionsBuilder#serviceAccountId(String)."); return credential.getServiceAccountId(); }
private String getToken(String targetAudience, GoogleCredential credential) throws IOException, GeneralSecurityException { if (credential.getServiceAccountId() != null) { // is a service account return getServiceAccountToken(credential, targetAudience); } else { // is a user return getUserToken(credential); } }
private static CryptoKey ensureCryptoKeyExists(CloudKMS cloudKms, GoogleCredential credential, String keyRingId, String cryptoKeyId) { CryptoKey cryptoKey; try { cryptoKey = cloudKms.projects().locations().keyRings().cryptoKeys().get(cryptoKeyId).execute(); } catch (GoogleJsonResponseException e) { if (e.getStatusCode() == 404) { cryptoKey = null; } else { throw new HalException(Problem.Severity.FATAL, "Unexpected error retrieving crypto key: " + e.getMessage(), e); } } catch (IOException e) { throw new HalException(Problem.Severity.FATAL, "Unexpected error retrieving crypto key: " + e.getMessage(), e); } if (cryptoKey == null) { String cryptoKeyName = cryptoKeyId.substring(cryptoKeyId.lastIndexOf('/') + 1); log.info("Creating a new crypto key " + cryptoKeyName); String user = "serviceAccount:" + credential.getServiceAccountId(); cryptoKey = createCryptoKey(cloudKms, keyRingId, cryptoKeyName, user); } return cryptoKey; }
private static CryptoKey ensureCryptoKeyExists(CloudKMS cloudKms, GoogleCredential credential, String keyRingId, String cryptoKeyId) { CryptoKey cryptoKey; try { cryptoKey = cloudKms.projects().locations().keyRings().cryptoKeys().get(cryptoKeyId).execute(); } catch (GoogleJsonResponseException e) { if (e.getStatusCode() == 404) { cryptoKey = null; } else { throw new HalException(Problem.Severity.FATAL, "Unexpected error retrieving crypto key: " + e.getMessage(), e); } } catch (IOException e) { throw new HalException(Problem.Severity.FATAL, "Unexpected error retrieving crypto key: " + e.getMessage(), e); } if (cryptoKey == null) { String cryptoKeyName = cryptoKeyId.substring(cryptoKeyId.lastIndexOf('/') + 1); log.info("Creating a new crypto key " + cryptoKeyName); String user = "serviceAccount:" + credential.getServiceAccountId(); cryptoKey = createCryptoKey(cloudKms, keyRingId, cryptoKeyName, user); } return cryptoKey; }
private String getServiceAccountToken(GoogleCredential credential, String targetAudience) throws IOException, GeneralSecurityException { log.debug("Fetching service account access token for {}", credential.getServiceAccountUser()); final TokenRequest request = new TokenRequest( this.httpTransport, JSON_FACTORY, new GenericUrl(credential.getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer"); final Header header = jwtHeader(); final Payload payload = jwtPayload( targetAudience, credential.getServiceAccountId(), credential.getTokenServerEncodedUrl()); request.put("assertion", JsonWebSignature.signUsingRsaSha256( credential.getServiceAccountPrivateKey(), JSON_FACTORY, header, payload)); final TokenResponse response = request.execute(); return (String) response.get("id_token"); }
GoogleCredential getJsonCredential( Path keyPath, HttpTransport transport, JsonFactory jsonFactory, HttpRequestInitializer httpRequestInitializer, Collection<String> scopes) throws IOException { try (InputStream is = newInputStream(keyPath)) { GoogleCredential credential = GoogleCredential.fromStream(is, transport, jsonFactory).createScoped(scopes); return new GoogleCredential.Builder() .setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountScopes(scopes) .setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey()) .setTransport(transport) .setJsonFactory(jsonFactory) .setRequestInitializer(httpRequestInitializer) .build(); } }
.setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey()) .setServiceAccountScopes(credential.getServiceAccountScopes())
.build(); if (credential.getServiceAccountId() == null) { .setTransport(httpTransport) .setJsonFactory(jsonFactory) .setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountScopes(ImmutableSet.of(ADMIN_DIRECTORY_GROUP_MEMBER_READONLY)) .setServiceAccountUser(gsuiteUserEmail)
.setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey()) .setServiceAccountScopes(credential.getServiceAccountScopes())
/** Create a new GoogleCredentialWithRetry from a GoogleCredential. */ public static GoogleCredentialWithRetry fromGoogleCredential(GoogleCredential credential) { GoogleCredential.Builder builder = new GoogleCredential.Builder() .setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey()) .setServiceAccountPrivateKeyId(credential.getServiceAccountPrivateKeyId()) .setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountUser(credential.getServiceAccountUser()) .setServiceAccountScopes(credential.getServiceAccountScopes()) .setTokenServerEncodedUrl(credential.getTokenServerEncodedUrl()) .setTransport(credential.getTransport()) .setClientAuthentication(credential.getClientAuthentication()) .setJsonFactory(credential.getJsonFactory()) .setClock(credential.getClock()) .setRequestInitializer(new CredentialHttpRetryInitializer()); GoogleCredentialWithRetry withRetry = new GoogleCredentialWithRetry(builder); // Setting a refresh token requires validation even if it is null. if (credential.getRefreshToken() != null) { withRetry.setRefreshToken(credential.getRefreshToken()); } return withRetry; }
/** Create a new GoogleCredentialWithRetry from a GoogleCredential. */ public static GoogleCredentialWithRetry fromGoogleCredential(GoogleCredential credential) { GoogleCredential.Builder builder = new GoogleCredential.Builder() .setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey()) .setServiceAccountPrivateKeyId(credential.getServiceAccountPrivateKeyId()) .setServiceAccountId(credential.getServiceAccountId()) .setServiceAccountUser(credential.getServiceAccountUser()) .setServiceAccountScopes(credential.getServiceAccountScopes()) .setTokenServerEncodedUrl(credential.getTokenServerEncodedUrl()) .setTransport(credential.getTransport()) .setClientAuthentication(credential.getClientAuthentication()) .setJsonFactory(credential.getJsonFactory()) .setClock(credential.getClock()) .setRequestInitializer(new CredentialHttpRetryInitializer()); GoogleCredentialWithRetry withRetry = new GoogleCredentialWithRetry(builder); // Setting a refresh token requires validation even if it is null. if (credential.getRefreshToken() != null) { withRetry.setRefreshToken(credential.getRefreshToken()); } return withRetry; }