From 536df4d1dbd0d6547e81ffe8e9172c683d55ace5 Mon Sep 17 00:00:00 2001 From: Dheeraj Panangat <63601723+dpanangat@users.noreply.github.com> Date: Wed, 8 Sep 2021 16:14:40 +0530 Subject: [PATCH 1/6] fix: ImmutableSet converted to List for Impersonated Credentials As part of BigQueryOptions the SCOPES is defined as an ImmutableSet. When using an Impersonated Account, it fails when trying to get service as the SCOPES are immutableSet and the previous code tries to cast it to List directly and fails. Adding a fix for the same --- .../java/com/google/auth/oauth2/ImpersonatedCredentials.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java index 700ad2117..962c105cd 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java @@ -365,7 +365,7 @@ public boolean createScopedRequired() { @Override public GoogleCredentials createScoped(Collection scopes) { return toBuilder() - .setScopes((List) scopes) + .setScopes(new ArrayList(scopes)) .setLifetime(this.lifetime) .setDelegates(this.delegates) .setHttpTransportFactory(this.transportFactory) From 8fda76e577369962d5432598c5ed3d032644be84 Mon Sep 17 00:00:00 2001 From: Dheeraj Panangat <63601723+dpanangat@users.noreply.github.com> Date: Tue, 19 Oct 2021 17:39:46 +0530 Subject: [PATCH 2/6] fix: ImmutableSet converted to List for Impersonated Credentials Adding JUnit Test Cases for the change --- .../oauth2/ImpersonatedCredentialsTest.java | 36 +++++++++++++++---- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index 3eeb2d2db..ce7962613 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -60,12 +60,9 @@ import java.nio.charset.Charset; import java.security.PrivateKey; import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Calendar; -import java.util.Date; -import java.util.List; -import java.util.Map; +import java.util.*; + +import com.google.common.collect.ImmutableSet; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -107,11 +104,13 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest { + "CJzdWIiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgifQ.redacted"; public static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2"; + private static final Set IMMUTABLE_SCOPES = ImmutableSet.of("scope1","scope2"); + private static final String PROJECT_ID = "project-id"; public static final String IMPERSONATED_CLIENT_EMAIL = "impersonated-account@iam.gserviceaccount.com"; private static final List SCOPES = - Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only"); + ImmutableList.of("scope1", "scope2"); private static final int VALID_LIFETIME = 300; private static final int INVALID_LIFETIME = 43210; private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance(); @@ -304,6 +303,29 @@ void createScoped() { assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes()); } + @Test + void createScopedWithImmutableScopes() { + ImpersonatedCredentials targetCredentials = + ImpersonatedCredentials.create( + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + DELEGATES, + SCOPES, + VALID_LIFETIME, + mockTransportFactory, + QUOTA_PROJECT_ID); + + ImpersonatedCredentials scoped_credentials = + (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES); + assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); + assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); + assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); + assertEquals( + targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials()); + assertEquals(targetCredentials.getQuotaProjectId(), scoped_credentials.getQuotaProjectId()); + assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes()); + } + @Test void refreshAccessToken_unauthorized() throws IOException { From d9a27a1315bd4ad66238f2be6bd56c62978a7622 Mon Sep 17 00:00:00 2001 From: Dheeraj Panangat <63601723+dpanangat@users.noreply.github.com> Date: Tue, 19 Oct 2021 17:41:24 +0530 Subject: [PATCH 3/6] fix: ImmutableSet converted to List for Impersonated Credentials Adding JUnit Test Cases for the change --- .../com/google/auth/oauth2/ImpersonatedCredentialsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index ce7962613..c1ef6adbd 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -293,7 +293,7 @@ void createScoped() { QUOTA_PROJECT_ID); ImpersonatedCredentials scoped_credentials = - (ImpersonatedCredentials) targetCredentials.createScoped(Arrays.asList("scope1", "scope2")); + (ImpersonatedCredentials) targetCredentials.createScoped(SCOPES); assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); From 0f2b024ebf6c433b4aa9eade1bfea8508a4b39ae Mon Sep 17 00:00:00 2001 From: Dheeraj Panangat <63601723+dpanangat@users.noreply.github.com> Date: Thu, 3 Mar 2022 15:57:23 +0530 Subject: [PATCH 4/6] fix: ImmutableSet converted to List for Impersonated Credentials Changes made as per the code review comments --- .../auth/oauth2/ImpersonatedCredentialsTest.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index c1ef6adbd..1fdcf8208 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -60,7 +60,13 @@ import java.nio.charset.Charset; import java.security.PrivateKey; import java.text.SimpleDateFormat; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Calendar; +import java.util.Date; +import java.util.List; +import java.util.Set; +import java.util.Map; import com.google.common.collect.ImmutableSet; import org.junit.jupiter.api.BeforeEach; @@ -104,8 +110,7 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest { + "CJzdWIiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgifQ.redacted"; public static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2"; - private static final Set IMMUTABLE_SCOPES = ImmutableSet.of("scope1","scope2"); - + private static final Set IMMUTABLE_SCOPES_SET = ImmutableSet.of("scope1","scope2"); private static final String PROJECT_ID = "project-id"; public static final String IMPERSONATED_CLIENT_EMAIL = "impersonated-account@iam.gserviceaccount.com"; @@ -316,7 +321,7 @@ void createScopedWithImmutableScopes() { QUOTA_PROJECT_ID); ImpersonatedCredentials scoped_credentials = - (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES); + (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); From e5683f178411501dabf9e837f2b5fdef6e4b5bac Mon Sep 17 00:00:00 2001 From: Dheeraj Panangat <63601723+dpanangat@users.noreply.github.com> Date: Thu, 3 Mar 2022 16:00:11 +0530 Subject: [PATCH 5/6] fix: ImmutableSet converted to List for Impersonated Credentials Changes made as per the code review comments --- .../oauth2/ImpersonatedCredentialsTest.java | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index 1fdcf8208..1cbd48dbd 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -114,7 +114,7 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest { private static final String PROJECT_ID = "project-id"; public static final String IMPERSONATED_CLIENT_EMAIL = "impersonated-account@iam.gserviceaccount.com"; - private static final List SCOPES = + private static final List IMMUTABLE_SCOPES_LIST = ImmutableList.of("scope1", "scope2"); private static final int VALID_LIFETIME = 300; private static final int INVALID_LIFETIME = 43210; @@ -160,7 +160,7 @@ private GoogleCredentials getSourceCredentials() throws IOException { .setClientEmail(SA_CLIENT_EMAIL) .setPrivateKey(privateKey) .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setScopes(SCOPES) + .setScopes(IMMUTABLE_SCOPES_LIST) .setProjectId(PROJECT_ID) .setHttpTransportFactory(transportFactory) .build(); @@ -279,7 +279,7 @@ void createScopedRequired_False() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); assertFalse(targetCredentials.createScopedRequired()); @@ -292,13 +292,13 @@ void createScoped() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, DELEGATES, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory, QUOTA_PROJECT_ID); ImpersonatedCredentials scoped_credentials = - (ImpersonatedCredentials) targetCredentials.createScoped(SCOPES); + (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_LIST); assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); @@ -315,7 +315,7 @@ void createScopedWithImmutableScopes() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, DELEGATES, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory, QUOTA_PROJECT_ID); @@ -346,7 +346,7 @@ void refreshAccessToken_unauthorized() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -375,7 +375,7 @@ void refreshAccessToken_malformedTarget() throws IOException { sourceCredentials, invalidTargetEmail, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -392,7 +392,7 @@ void refreshAccessToken_malformedTarget() throws IOException { void credential_with_zero_lifetime() throws IllegalStateException { ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, 0); + sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, IMMUTABLE_SCOPES_LIST, 0); assertEquals(3600, targetCredentials.getLifetime()); } @@ -405,7 +405,7 @@ void credential_with_invalid_lifetime() throws IOException, IllegalStateExceptio () -> { ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, INVALID_LIFETIME); + sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, IMMUTABLE_SCOPES_LIST, INVALID_LIFETIME); targetCredentials.refreshAccessToken().getTokenValue(); }, String.format( @@ -442,7 +442,7 @@ void refreshAccessToken_success() throws IOException, IllegalStateException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -460,7 +460,7 @@ void getRequestMetadata_withQuotaProjectId() throws IOException, IllegalStateExc sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory, QUOTA_PROJECT_ID); @@ -483,7 +483,7 @@ void getRequestMetadata_withoutQuotaProjectId() throws IOException, IllegalState sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -503,7 +503,7 @@ void refreshAccessToken_delegates_success() throws IOException, IllegalStateExce sourceCredentials, IMPERSONATED_CLIENT_EMAIL, delegates, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -522,7 +522,7 @@ void refreshAccessToken_invalidDate() throws IllegalStateException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -544,7 +544,7 @@ void getAccount_sameAs() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -561,7 +561,7 @@ void sign_sameAs() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -583,7 +583,7 @@ void sign_requestIncludesDelegates() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, ImmutableList.of("delegate@example.com"), - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -622,7 +622,7 @@ void sign_usesSourceCredentials() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, ImmutableList.of("delegate@example.com"), - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -647,7 +647,7 @@ void sign_accessDenied_throws() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -679,7 +679,7 @@ void sign_serverError_throws() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -712,7 +712,7 @@ void idTokenWithAudience_sameAs() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -743,7 +743,7 @@ void idTokenWithAudience_withEmail() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -773,7 +773,7 @@ void idToken_withServerError() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -803,7 +803,7 @@ void idToken_withOtherError() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -833,7 +833,7 @@ void hashCode_equals() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -842,7 +842,7 @@ void hashCode_equals() throws IOException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); @@ -861,7 +861,7 @@ void serialize() throws IOException, ClassNotFoundException { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - SCOPES, + IMMUTABLE_SCOPES_LIST, VALID_LIFETIME, mockTransportFactory); GoogleCredentials deserializedCredentials = serializeAndDeserialize(targetCredentials); From d6d8183be5693943d487921b9b1128c5babc8a3f Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Tue, 15 Mar 2022 16:40:42 -0700 Subject: [PATCH 6/6] format fixes --- .../oauth2/ImpersonatedCredentialsTest.java | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index 1cbd48dbd..d0da844d8 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -54,6 +54,7 @@ import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -65,10 +66,8 @@ import java.util.Calendar; import java.util.Date; import java.util.List; -import java.util.Set; import java.util.Map; - -import com.google.common.collect.ImmutableSet; +import java.util.Set; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -110,12 +109,11 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest { + "CJzdWIiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgifQ.redacted"; public static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2"; - private static final Set IMMUTABLE_SCOPES_SET = ImmutableSet.of("scope1","scope2"); + private static final Set IMMUTABLE_SCOPES_SET = ImmutableSet.of("scope1", "scope2"); private static final String PROJECT_ID = "project-id"; public static final String IMPERSONATED_CLIENT_EMAIL = "impersonated-account@iam.gserviceaccount.com"; - private static final List IMMUTABLE_SCOPES_LIST = - ImmutableList.of("scope1", "scope2"); + private static final List IMMUTABLE_SCOPES_LIST = ImmutableList.of("scope1", "scope2"); private static final int VALID_LIFETIME = 300; private static final int INVALID_LIFETIME = 43210; private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance(); @@ -311,22 +309,22 @@ void createScoped() { @Test void createScopedWithImmutableScopes() { ImpersonatedCredentials targetCredentials = - ImpersonatedCredentials.create( - sourceCredentials, - IMPERSONATED_CLIENT_EMAIL, - DELEGATES, - IMMUTABLE_SCOPES_LIST, - VALID_LIFETIME, - mockTransportFactory, - QUOTA_PROJECT_ID); + ImpersonatedCredentials.create( + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + DELEGATES, + IMMUTABLE_SCOPES_LIST, + VALID_LIFETIME, + mockTransportFactory, + QUOTA_PROJECT_ID); ImpersonatedCredentials scoped_credentials = - (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); + (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); assertEquals( - targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials()); + targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials()); assertEquals(targetCredentials.getQuotaProjectId(), scoped_credentials.getQuotaProjectId()); assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes()); } @@ -405,7 +403,11 @@ void credential_with_invalid_lifetime() throws IOException, IllegalStateExceptio () -> { ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, IMMUTABLE_SCOPES_LIST, INVALID_LIFETIME); + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + null, + IMMUTABLE_SCOPES_LIST, + INVALID_LIFETIME); targetCredentials.refreshAccessToken().getTokenValue(); }, String.format(