getTrustBoundaryUrl now called within refreshTrustBoundaries(...)

Author: vverman

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -388,7 +388,7 @@ public AccessToken refreshAccessToken() throws IOException {
     long expiresAtMilliseconds = clock.currentTimeMillis() + expiresInSeconds * 1000;
     AccessToken newAccessToken = new AccessToken(accessToken, new Date(expiresAtMilliseconds));
 
-    refreshTrustBoundary(newAccessToken, getTrustBoundaryUrl(), transportFactory);
+    refreshTrustBoundary(newAccessToken, transportFactory);
 
     return newAccessToken;
   }

oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java

@@ -343,13 +343,11 @@ TrustBoundary getTrustBoundary() {
    * Refreshes the trust boundary by making a call to the trust boundary URL.
    *
    * @param newAccessToken The new access token to be used for the refresh.
-   * @param trustBoundaryUrl The URL of the trust boundary service.
    * @param transportFactory The HTTP transport factory to be used for the refresh.
    * @throws IOException If the refresh fails and no cached value is available.
    */
   @InternalApi
-  void refreshTrustBoundary(
-      AccessToken newAccessToken, String trustBoundaryUrl, HttpTransportFactory transportFactory)
+  void refreshTrustBoundary(AccessToken newAccessToken, HttpTransportFactory transportFactory)
       throws IOException {
 
     if (!(this instanceof TrustBoundaryProvider)
@@ -358,6 +356,7 @@ void refreshTrustBoundary(
       return;
     }
 
+    String trustBoundaryUrl = ((TrustBoundaryProvider) this).getTrustBoundaryUrl();
     TrustBoundary cachedTrustBoundary;
 
     synchronized (lock) {

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

@@ -599,7 +599,7 @@ public AccessToken refreshAccessToken() throws IOException {
       Date date = format.parse(expireTime);
       AccessToken newAccessToken = new AccessToken(accessToken, date);
 
-      refreshTrustBoundary(newAccessToken, getTrustBoundaryUrl(), transportFactory);
+      refreshTrustBoundary(newAccessToken, transportFactory);
 
       return newAccessToken;
     } catch (ParseException pe) {

oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

@@ -583,7 +583,7 @@ public AccessToken refreshAccessToken() throws IOException {
     long expiresAtMilliseconds = clock.currentTimeMillis() + expiresInSeconds * 1000L;
     AccessToken newAccessToken = new AccessToken(accessToken, new Date(expiresAtMilliseconds));
 
-    refreshTrustBoundary(newAccessToken, getTrustBoundaryUrl(), transportFactory);
+    refreshTrustBoundary(newAccessToken, transportFactory);
 
     return newAccessToken;
   }

oauth2_http/java/com/google/auth/oauth2/TrustBoundary.java

@@ -180,13 +180,13 @@ static TrustBoundary refresh(
 
     HttpRequestFactory requestFactory = transportFactory.create().createRequestFactory();
     HttpRequest request = requestFactory.buildGetRequest(new GenericUrl(url));
-    //    request.getHeaders().setAuthorization("Bearer " + accessToken.getTokenValue());
+    request.getHeaders().setAuthorization("Bearer " + accessToken.getTokenValue());
 
     // Add the cached trust boundary header, if available.
     if (cachedTrustBoundary != null) {
       String headerValue =
           cachedTrustBoundary.isNoOp() ? "" : cachedTrustBoundary.getEncodedLocations();
-      //      request.getHeaders().set(TRUST_BOUNDARY_KEY, headerValue);
+      request.getHeaders().set(TRUST_BOUNDARY_KEY, headerValue);
     }
 
     // Add retry logic

oauth2_http/javatests/com/google/auth/oauth2/LoggingTest.java

@@ -441,7 +441,7 @@ public void getRequestMetadata_hasAccessToken() throws IOException {
 
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
 
-    assertEquals(8, testAppender.events.size());
+    assertEquals(6, testAppender.events.size());
 
     ILoggingEvent defaultServiceAccountRequest = testAppender.events.get(0);
     assertEquals(

oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java

@@ -388,6 +388,8 @@ public LowLevelHttpResponse execute() throws IOException {
   }
 
   protected boolean isIamLookupUrl(String url) {
+    // This is for mocking the call to IAM lookup when we attempt to refresh trust boundaries
+    // after refreshing the access token.
     return url.endsWith("/allowedLocations");
   }
 }

oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java

@@ -327,6 +327,8 @@ public LowLevelHttpResponse execute() throws IOException {
           };
       return request;
     } else if (urlWithoutQuery.endsWith("/allowedLocations")) {
+        // This is for mocking the call to IAM lookup when we attempt to refresh trust boundaries
+        // after refreshing the access token.
       request =
           new MockLowLevelHttpRequest(url) {
             @Override