Trust Boundary Recovery

Author: vverman

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -131,9 +131,9 @@ public class ComputeEngineCredentials extends GoogleCredentials
 
   private String universeDomainFromMetadata = null;
 
-  private final boolean trustBoundaryEnabled;
+//  private final boolean trustBoundaryEnabled;
 
-    /**
+  /**
    * Experimental Feature.
    *
    * <p>{@link GoogleAuthTransport} specifies how to authenticate to Google APIs.
@@ -222,7 +222,7 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) {
     this.transport = builder.getGoogleAuthTransport();
     this.bindingEnforcement = builder.getBindingEnforcement();
     this.name = GoogleCredentialsInfo.COMPUTE_ENGINE_CREDENTIALS.getCredentialName();
-    this.trustBoundaryEnabled = builder.isTrustBoundaryEnabled();
+//    this.trustBoundaryEnabled = builder.isTrustBoundaryEnabled();
   }
 
   @Override
@@ -717,7 +717,7 @@ public HttpTransportFactory getTransportFactory() {
   @Override
   public String getTrustBoundaryUrl() throws IOException {
     if (principal == null) {
-        principal = getDefaultServiceAccount();
+      principal = getDefaultServiceAccount();
     }
     return String.format(
         "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s/allowedLocations",

oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java

@@ -55,7 +55,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-
 import javax.annotation.Nullable;
 
 /** Base type for credentials for authorizing calls to Google APIs using OAuth2. */
@@ -423,7 +422,7 @@ protected void refreshTrustBoundaries(AccessToken newAccessToken) throws IOExcep
     }
   }
 
- @Override
+  @Override
   protected Map<String, List<String>> getAdditionalHeaders() {
     Map<String, List<String>> headers = new HashMap<>(super.getAdditionalHeaders());
     String quotaProjectId = this.getQuotaProjectId();

oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

@@ -152,7 +152,6 @@ public class ServiceAccountCredentials extends GoogleCredentials
     this.defaultRetriesEnabled = builder.defaultRetriesEnabled;
     this.name = GoogleCredentialsInfo.SERVICE_ACCOUNT_CREDENTIALS.getCredentialName();
     this.principal = builder.clientEmail;
-    this.trustBoundaryEnabled = builder.trustBoundaryEnabled;
   }
 
   /**

oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java

@@ -80,10 +80,10 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicBoolean;
+import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
-import org.junit.After;
 
 /** Test case for {@link ServiceAccountCredentials}. */
 @RunWith(JUnit4.class)
@@ -1822,14 +1822,15 @@ public void refresh_trustBoundarySuccess() throws IOException {
     transport.addServiceAccount("[email protected]", "test-access-token");
     transport.setTrustBoundary(trustBoundary);
 
-        ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder()
-                .setClientEmail("[email protected]")
-                .setPrivateKey(
-                        OAuth2Utils.privateKeyFromPkcs8(ServiceAccountCredentialsTest.PRIVATE_KEY_PKCS8))
-                .setPrivateKeyId("test-key-id")
-                .setHttpTransportFactory(() -> transport)
-                .setScopes(SCOPES)
-                .build();
+    ServiceAccountCredentials credentials =
+        ServiceAccountCredentials.newBuilder()
+            .setClientEmail("[email protected]")
+            .setPrivateKey(
+                OAuth2Utils.privateKeyFromPkcs8(ServiceAccountCredentialsTest.PRIVATE_KEY_PKCS8))
+            .setPrivateKeyId("test-key-id")
+            .setHttpTransportFactory(() -> transport)
+            .setScopes(SCOPES)
+            .build();
 
     Map<String, List<String>> headers = credentials.getRequestMetadata();
     assertEquals(headers.get("x-allowed-locations"), Arrays.asList("0x80000"));