Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add scope for Credentials #517

Merged
merged 3 commits into from
Apr 19, 2024
Merged

fix: Add scope for Credentials #517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c713155
fix: Add scope for Credentials
ttosta-google Apr 19, 2024
a1b33f9
chore: fix lint issues
ttosta-google Apr 19, 2024
aea18ba
chore: remove login scope
ttosta-google Apr 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConstantCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,18 @@

import com.google.api.gax.core.FixedCredentialsProvider;
import com.google.auth.oauth2.GoogleCredentials;
import java.util.Arrays;

class ConstantCredentialFactory implements CredentialFactory {

private final GoogleCredentials credentials;

public ConstantCredentialFactory(GoogleCredentials credentials) {
this.credentials = credentials;
if (credentials.createScopedRequired()) {
this.credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM));
} else {
this.credentials = credentials;
}
}

@Override
Expand Down
2 changes: 2 additions & 0 deletions alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/CredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@
import com.google.auth.oauth2.GoogleCredentials;

interface CredentialFactory {
static final String SCOPE_CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";

default FixedCredentialsProvider create() {
return FixedCredentialsProvider.create(getCredentials());
}
Expand Down
10 changes: 9 additions & 1 deletion alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/DefaultCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,22 @@

import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.util.Arrays;

class DefaultCredentialFactory implements CredentialFactory {
@Override
public GoogleCredentials getCredentials() {
GoogleCredentials credentials;
try {
return GoogleCredentials.getApplicationDefault();
credentials = GoogleCredentials.getApplicationDefault();
} catch (IOException e) {
throw new RuntimeException("failed to retrieve OAuth2 access token", e);
}

if (credentials.createScopedRequired()) {
credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM));
}

return credentials;
}
}
10 changes: 9 additions & 1 deletion alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/FileCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import com.google.auth.oauth2.GoogleCredentials;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;

class FileCredentialFactory implements CredentialFactory {
private final String path;
Expand All @@ -29,10 +30,17 @@ class FileCredentialFactory implements CredentialFactory {

@Override
public GoogleCredentials getCredentials() {
GoogleCredentials credentials;
try {
return GoogleCredentials.fromStream(new FileInputStream(path));
credentials = GoogleCredentials.fromStream(new FileInputStream(path));
} catch (IOException e) {
throw new IllegalStateException("Unable to load GoogleCredentials from file " + path, e);
}

if (credentials.createScopedRequired()) {
credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM));
}

return credentials;
}
}
4 changes: 1 addition & 3 deletions .../src/main/java/com/google/cloud/alloydb/ServiceAccountImpersonatingCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,6 @@
*/
class ServiceAccountImpersonatingCredentialFactory implements CredentialFactory {

private static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
private static final String ALLOYDB_LOGIN = "https://www.googleapis.com/auth/alloydb.login";
private final CredentialFactory source;
private final List<String> delegates;
private final String targetPrincipal;
Expand Down Expand Up @@ -70,7 +68,7 @@ public GoogleCredentials getCredentials() {
.setSourceCredentials(credentials)
.setTargetPrincipal(targetPrincipal)
.setDelegates(this.delegates)
.setScopes(Arrays.asList(ALLOYDB_LOGIN, CLOUD_PLATFORM))
.setScopes(Arrays.asList(SCOPE_CLOUD_PLATFORM))
.build();
return credentials;
}
Expand Down
9 changes: 8 additions & 1 deletion alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/SupplierCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package com.google.cloud.alloydb;

import com.google.auth.oauth2.GoogleCredentials;
import java.util.Arrays;
import java.util.function.Supplier;

class SupplierCredentialFactory implements CredentialFactory {
Expand All @@ -29,6 +30,12 @@ public SupplierCredentialFactory(Supplier<GoogleCredentials> supplier) {

@Override
public GoogleCredentials getCredentials() {
return supplier.get();
GoogleCredentials credentials = supplier.get();

if (credentials.createScopedRequired()) {
credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM));
}

return credentials;
}
}