private static Credentials getJwtToken(ServiceAccountCredentials serviceAccount) { return ServiceAccountJwtAccessCredentials.newBuilder() .setClientEmail(serviceAccount.getClientEmail()) .setClientId(serviceAccount.getClientId()) .setPrivateKey(serviceAccount.getPrivateKey()) .setPrivateKeyId(serviceAccount.getPrivateKeyId()) .build(); } }
@Override public Credentials getCredentials() throws IOException { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault(); // Check if the current scopes permit JWT token use boolean hasJwtEnabledScope = false; for (String scope : getJwtEnabledScopes()) { if (getScopesToApply().contains(scope)) { hasJwtEnabledScope = true; break; } } // Use JWT tokens when using a service account with an appropriate scope. if (credentials instanceof ServiceAccountCredentials && hasJwtEnabledScope) { ServiceAccountCredentials serviceAccount = (ServiceAccountCredentials) credentials; return ServiceAccountJwtAccessCredentials.newBuilder() .setClientEmail(serviceAccount.getClientEmail()) .setClientId(serviceAccount.getClientId()) .setPrivateKey(serviceAccount.getPrivateKey()) .setPrivateKeyId(serviceAccount.getPrivateKeyId()) .build(); } if (credentials.createScopedRequired()) { credentials = credentials.createScoped(getScopesToApply()); } return credentials; }
@Override public Credentials getCredentials() throws IOException { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault(); // Check if the current scopes permit JWT token use boolean hasJwtEnabledScope = false; for (String scope : getJwtEnabledScopes()) { if (getScopesToApply().contains(scope)) { hasJwtEnabledScope = true; break; } } // Use JWT tokens when using a service account with an appropriate scope. if (credentials instanceof ServiceAccountCredentials && hasJwtEnabledScope) { ServiceAccountCredentials serviceAccount = (ServiceAccountCredentials) credentials; return ServiceAccountJwtAccessCredentials.newBuilder() .setClientEmail(serviceAccount.getClientEmail()) .setClientId(serviceAccount.getClientId()) .setPrivateKey(serviceAccount.getPrivateKey()) .setPrivateKeyId(serviceAccount.getPrivateKeyId()) .build(); } if (credentials.createScopedRequired()) { credentials = credentials.createScoped(getScopesToApply()); } return credentials; }
assertThat(serviceAccountCredentials2.getClientId()) .isEqualTo(serviceAccountCredentials.getClientId()); assertThat(serviceAccountCredentials2.getClientEmail()) .isEqualTo(serviceAccountCredentials.getClientEmail());
@Test public void serviceAccountReplacedWithJwtTokens() throws Exception { ServiceAccountCredentials serviceAccountCredentials = ServiceAccountCredentials.newBuilder() .setClientId("fake-client-id") .setClientEmail("fake@example.com") .setPrivateKeyId("fake-private-key") .setPrivateKey(Mockito.mock(PrivateKey.class)) .build(); PowerMockito.mockStatic(GoogleCredentials.class); Mockito.when(GoogleCredentials.getApplicationDefault()).thenReturn(serviceAccountCredentials); GoogleCredentialsProvider provider = GoogleCredentialsProvider.newBuilder() .setScopesToApply(ImmutableList.of("scope1", "scope2")) .setJwtEnabledScopes(ImmutableList.of("scope1")) .build(); Credentials credentials = provider.getCredentials(); assertThat(credentials).isInstanceOf(ServiceAccountJwtAccessCredentials.class); ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials; assertThat(jwtCreds.getClientId()).isEqualTo(serviceAccountCredentials.getClientId()); assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail()); assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId()); assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey()); }
@Test public void createdScoped_clones() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() .setClientId(SA_CLIENT_ID) .setClientEmail(SA_CLIENT_EMAIL) .setPrivateKey(privateKey) .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setScopes(SCOPES) .setServiceAccountUser(SERVICE_ACCOUNT_USER) .setProjectId(PROJECT_ID) .build(); List<String> newScopes = Arrays.asList("scope1", "scope2"); ServiceAccountCredentials newCredentials = (ServiceAccountCredentials) credentials.createScoped(newScopes); assertEquals(SA_CLIENT_ID, newCredentials.getClientId()); assertEquals(SA_CLIENT_EMAIL, newCredentials.getClientEmail()); assertEquals(privateKey, newCredentials.getPrivateKey()); assertEquals(SA_PRIVATE_KEY_ID, newCredentials.getPrivateKeyId()); assertArrayEquals(newScopes.toArray(), newCredentials.getScopes().toArray()); assertEquals(SERVICE_ACCOUNT_USER, newCredentials.getServiceAccountUser()); assertEquals(PROJECT_ID, newCredentials.getProjectId()); assertArrayEquals(SCOPES.toArray(), ((ServiceAccountCredentials)credentials).getScopes().toArray()); }
@Test public void createdDelegated_clones() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() .setClientId(SA_CLIENT_ID) .setClientEmail(SA_CLIENT_EMAIL) .setPrivateKey(privateKey) .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setScopes(SCOPES) .setServiceAccountUser(SERVICE_ACCOUNT_USER) .setProjectId(PROJECT_ID) .build(); String newServiceAccountUser = "stranger@other.org"; ServiceAccountCredentials newCredentials = (ServiceAccountCredentials) credentials.createDelegated(newServiceAccountUser); assertEquals(SA_CLIENT_ID, newCredentials.getClientId()); assertEquals(SA_CLIENT_EMAIL, newCredentials.getClientEmail()); assertEquals(privateKey, newCredentials.getPrivateKey()); assertEquals(SA_PRIVATE_KEY_ID, newCredentials.getPrivateKeyId()); assertArrayEquals(SCOPES.toArray(), newCredentials.getScopes().toArray()); assertEquals(newServiceAccountUser, newCredentials.getServiceAccountUser()); assertEquals(PROJECT_ID, newCredentials.getProjectId()); assertEquals(SERVICE_ACCOUNT_USER, ((ServiceAccountCredentials)credentials).getServiceAccountUser()); }