feat: Add Credential Information to GoogleCredential classes by lqiu96 · Pull Request #1791 · googleapis/google-auth-library-java · GitHub
Skip to content
This repository was archived by the owner on May 12, 2026. It is now read-only.
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ public static CloudShellCredentials create(int authPort) {
private CloudShellCredentials(Builder builder) {
super(builder);
this.authPort = builder.getAuthPort();
this.name = GoogleCredentialsInfo.CLOUD_SHELL_CREDENTIALS.getCredentialName();
}

protected int getAuthPort() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,26 @@ public class ComputeEngineCredentials extends GoogleCredentials
static final int MAX_COMPUTE_PING_TRIES = 3;
static final int COMPUTE_PING_CONNECTION_TIMEOUT_MS = 500;

private static final String METADATA_FLAVOR = "Metadata-Flavor";
private static final String GOOGLE = "Google";
private static final String WINDOWS = "windows";
private static final String LINUX = "linux";

private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
private static final long serialVersionUID = -4113476462526554235L;

private final String transportFactoryClassName;

private final Collection<String> scopes;

private final GoogleAuthTransport transport;
private final BindingEnforcement bindingEnforcement;

private transient HttpTransportFactory transportFactory;

private String universeDomainFromMetadata = null;

/**
* Experimental Feature.
*
Expand Down Expand Up @@ -172,27 +192,6 @@ public String getLabel() {
}
}

private static final String METADATA_FLAVOR = "Metadata-Flavor";
private static final String GOOGLE = "Google";
private static final String WINDOWS = "windows";
private static final String LINUX = "linux";

private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
private static final long serialVersionUID = -4113476462526554235L;

private final String transportFactoryClassName;

private final Collection<String> scopes;

private final GoogleAuthTransport transport;
private final BindingEnforcement bindingEnforcement;

private transient HttpTransportFactory transportFactory;
private transient String serviceAccountEmail;

private String universeDomainFromMetadata = null;

/**
* An internal constructor
*
Expand Down Expand Up @@ -220,6 +219,7 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) {
}
this.transport = builder.getGoogleAuthTransport();
this.bindingEnforcement = builder.getBindingEnforcement();
this.name = GoogleCredentialsInfo.COMPUTE_ENGINE_CREDENTIALS.getCredentialName();
}

@Override
Expand Down Expand Up @@ -344,6 +344,11 @@ private String getUniverseDomainFromMetadata() throws IOException {
/** Refresh the access token by getting it from the GCE metadata server */
@Override
public AccessToken refreshAccessToken() throws IOException {
// Retrieve the default service account email prior to retrieving the access token
Comment thread
lqiu96 marked this conversation as resolved.
if (principal == null) {
principal = getDefaultServiceAccount();
}

HttpResponse response =
getMetadataResponse(createTokenUrlWithScopes(), RequestType.ACCESS_TOKEN_REQUEST, true);
int statusCode = response.getStatusCode();
Expand Down Expand Up @@ -688,14 +693,14 @@ public static Builder newBuilder() {
@Override
// todo(#314) getAccount should not throw a RuntimeException
public String getAccount() {
if (serviceAccountEmail == null) {
if (principal == null) {
try {
serviceAccountEmail = getDefaultServiceAccount();
principal = getDefaultServiceAccount();
} catch (IOException ex) {
throw new RuntimeException("Failed to get service account", ex);
}
}
return serviceAccountEmail;
return principal;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,10 @@ private final GoogleCredentials getDefaultCredentialsUnsynchronized(
throw new IOException("File does not exist.");
}
credentialsStream = readStream(credentialsFile);
credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory);
credentials =
GoogleCredentials.fromStream(credentialsStream, transportFactory)
.withSource(
String.format("Env Var %s set to %s", CREDENTIAL_ENV_VAR, credentialsPath));
} catch (IOException e) {
// Although it is also the cause, the message of the caught exception can have very
// important information for diagnosing errors, so include its message in the
Expand Down Expand Up @@ -176,7 +179,11 @@ private final GoogleCredentials getDefaultCredentialsUnsynchronized(
"Attempting to load credentials from well known file: %s",
wellKnownFileLocation.getCanonicalPath()));
credentialsStream = readStream(wellKnownFileLocation);
credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory);
credentials =
GoogleCredentials.fromStream(credentialsStream, transportFactory)
.withSource(
String.format(
"Well Known File at %s", wellKnownFileLocation.getCanonicalPath()));
}
} catch (IOException e) {
throw new IOException(
Expand Down Expand Up @@ -210,6 +217,15 @@ private final GoogleCredentials getDefaultCredentialsUnsynchronized(
if (credentials == null) {
LOGGER.log(Level.FINE, "Attempting to load credentials from GCE");
credentials = tryGetComputeCredentials(transportFactory);
// tryGetComputeCredentials can return a null value. This check won't set the source
// if the ComputeEngineCredentials is unable to be created
if (credentials != null) {
credentials =
credentials.withSource(
String.format(
"Metadata Server URL set to %s",
ComputeEngineCredentials.getMetadataServerUrl(this)));
}
}

if (credentials != null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,6 @@ public class ExternalAccountAuthorizedUserCredentials extends GoogleCredentials

private static final long serialVersionUID = -2181779590486283287L;

static final String EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE =
"external_account_authorized_user";

private final String transportFactoryClassName;
private final String audience;
private final String tokenUrl;
Expand Down Expand Up @@ -117,6 +114,9 @@ private ExternalAccountAuthorizedUserCredentials(Builder builder) {
this.clientId = builder.clientId;
this.clientSecret = builder.clientSecret;

this.name =
GoogleCredentialsInfo.EXTERNAL_ACCOUNT_AUTHORIZED_USER_CREDENTIALS.getCredentialName();

Preconditions.checkState(
getAccessToken() != null || canRefresh(),
"ExternalAccountAuthorizedUserCredentials must be initialized with "
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ public abstract class ExternalAccountCredentials extends GoogleCredentials {
private static final String CLOUD_PLATFORM_SCOPE =
"https://www.googleapis.com/auth/cloud-platform";

static final String EXTERNAL_ACCOUNT_FILE_TYPE = "external_account";
static final String EXECUTABLE_SOURCE_KEY = "executable";

static final String DEFAULT_TOKEN_URL = "https://sts.{UNIVERSE_DOMAIN}/v1/token";
Expand Down Expand Up @@ -214,6 +213,7 @@ protected ExternalAccountCredentials(
}

this.metricsHandler = new ExternalAccountMetricsHandler(this);
this.name = GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getCredentialName();
}

/**
Expand Down Expand Up @@ -271,6 +271,8 @@ protected ExternalAccountCredentials(ExternalAccountCredentials.Builder builder)
builder.metricsHandler == null
? new ExternalAccountMetricsHandler(this)
: builder.metricsHandler;

this.name = GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getCredentialName();
}

ImpersonatedCredentials buildImpersonatedCredentials() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ public class GdchCredentials extends GoogleCredentials {
this.caCertPath = builder.caCertPath;
this.apiAudience = builder.apiAudience;
this.lifetime = builder.lifetime;
this.name = GoogleCredentialsInfo.GDCH_CREDENTIALS.getCredentialName();
}

/**
Expand Down
122 changes: 106 additions & 16 deletions oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java
Loading
Loading