Skip to content

Commit 7dcd549

Browse files
dheerajpanangatdheerajpanangat
authored
fix: ImmutableSet converted to List for Impersonated Credentials (#732)
As part of BigQueryOptions or StorageOptions the SCOPES is defined as an ImmutableSet. When using an Impersonated Account, it fails when trying to get service, as the SCOPES are immutableSet and the previous code tries to cast it to List directly and fails. Adding a fix for the same. Fixes #731 ☕️
1 parent 1e6de7e commit 7dcd549

File tree

2 files changed

+58
-29
lines changed

2 files changed

+58
-29
lines changed

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -365,7 +365,7 @@ public boolean createScopedRequired() {
365365
@Override
366366
public GoogleCredentials createScoped(Collection<String> scopes) {
367367
return toBuilder()
368-
.setScopes((List<String>) scopes)
368+
.setScopes(new ArrayList(scopes))
369369
.setLifetime(this.lifetime)
370370
.setDelegates(this.delegates)
371371
.setHttpTransportFactory(this.transportFactory)

oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java

Lines changed: 57 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@
5454
import com.google.auth.http.HttpTransportFactory;
5555
import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
5656
import com.google.common.collect.ImmutableList;
57+
import com.google.common.collect.ImmutableSet;
5758
import java.io.ByteArrayOutputStream;
5859
import java.io.IOException;
5960
import java.io.InputStream;
@@ -66,6 +67,7 @@
6667
import java.util.Date;
6768
import java.util.List;
6869
import java.util.Map;
70+
import java.util.Set;
6971
import org.junit.jupiter.api.BeforeEach;
7072
import org.junit.jupiter.api.Test;
7173

@@ -107,11 +109,11 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest {
107109
+ "CJzdWIiOiIxMDIxMDE1NTA4MzQyMDA3MDg1NjgifQ.redacted";
108110
public static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
109111

112+
private static final Set<String> IMMUTABLE_SCOPES_SET = ImmutableSet.of("scope1", "scope2");
110113
private static final String PROJECT_ID = "project-id";
111114
public static final String IMPERSONATED_CLIENT_EMAIL =
112115
"[email protected]";
113-
private static final List<String> SCOPES =
114-
Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only");
116+
private static final List<String> IMMUTABLE_SCOPES_LIST = ImmutableList.of("scope1", "scope2");
115117
private static final int VALID_LIFETIME = 300;
116118
private static final int INVALID_LIFETIME = 43210;
117119
private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
@@ -156,7 +158,7 @@ private GoogleCredentials getSourceCredentials() throws IOException {
156158
.setClientEmail(SA_CLIENT_EMAIL)
157159
.setPrivateKey(privateKey)
158160
.setPrivateKeyId(SA_PRIVATE_KEY_ID)
159-
.setScopes(SCOPES)
161+
.setScopes(IMMUTABLE_SCOPES_LIST)
160162
.setProjectId(PROJECT_ID)
161163
.setHttpTransportFactory(transportFactory)
162164
.build();
@@ -275,7 +277,7 @@ void createScopedRequired_False() {
275277
sourceCredentials,
276278
IMPERSONATED_CLIENT_EMAIL,
277279
null,
278-
SCOPES,
280+
IMMUTABLE_SCOPES_LIST,
279281
VALID_LIFETIME,
280282
mockTransportFactory);
281283
assertFalse(targetCredentials.createScopedRequired());
@@ -288,13 +290,36 @@ void createScoped() {
288290
sourceCredentials,
289291
IMPERSONATED_CLIENT_EMAIL,
290292
DELEGATES,
291-
SCOPES,
293+
IMMUTABLE_SCOPES_LIST,
292294
VALID_LIFETIME,
293295
mockTransportFactory,
294296
QUOTA_PROJECT_ID);
295297

296298
ImpersonatedCredentials scoped_credentials =
297-
(ImpersonatedCredentials) targetCredentials.createScoped(Arrays.asList("scope1", "scope2"));
299+
(ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_LIST);
300+
assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount());
301+
assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates());
302+
assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime());
303+
assertEquals(
304+
targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials());
305+
assertEquals(targetCredentials.getQuotaProjectId(), scoped_credentials.getQuotaProjectId());
306+
assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes());
307+
}
308+
309+
@Test
310+
void createScopedWithImmutableScopes() {
311+
ImpersonatedCredentials targetCredentials =
312+
ImpersonatedCredentials.create(
313+
sourceCredentials,
314+
IMPERSONATED_CLIENT_EMAIL,
315+
DELEGATES,
316+
IMMUTABLE_SCOPES_LIST,
317+
VALID_LIFETIME,
318+
mockTransportFactory,
319+
QUOTA_PROJECT_ID);
320+
321+
ImpersonatedCredentials scoped_credentials =
322+
(ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET);
298323
assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount());
299324
assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates());
300325
assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime());
@@ -319,7 +344,7 @@ void refreshAccessToken_unauthorized() throws IOException {
319344
sourceCredentials,
320345
IMPERSONATED_CLIENT_EMAIL,
321346
null,
322-
SCOPES,
347+
IMMUTABLE_SCOPES_LIST,
323348
VALID_LIFETIME,
324349
mockTransportFactory);
325350

@@ -348,7 +373,7 @@ void refreshAccessToken_malformedTarget() throws IOException {
348373
sourceCredentials,
349374
invalidTargetEmail,
350375
null,
351-
SCOPES,
376+
IMMUTABLE_SCOPES_LIST,
352377
VALID_LIFETIME,
353378
mockTransportFactory);
354379

@@ -365,7 +390,7 @@ void refreshAccessToken_malformedTarget() throws IOException {
365390
void credential_with_zero_lifetime() throws IllegalStateException {
366391
ImpersonatedCredentials targetCredentials =
367392
ImpersonatedCredentials.create(
368-
sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, 0);
393+
sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, IMMUTABLE_SCOPES_LIST, 0);
369394
assertEquals(3600, targetCredentials.getLifetime());
370395
}
371396

@@ -378,7 +403,11 @@ void credential_with_invalid_lifetime() throws IOException, IllegalStateExceptio
378403
() -> {
379404
ImpersonatedCredentials targetCredentials =
380405
ImpersonatedCredentials.create(
381-
sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, INVALID_LIFETIME);
406+
sourceCredentials,
407+
IMPERSONATED_CLIENT_EMAIL,
408+
null,
409+
IMMUTABLE_SCOPES_LIST,
410+
INVALID_LIFETIME);
382411
targetCredentials.refreshAccessToken().getTokenValue();
383412
},
384413
String.format(
@@ -415,7 +444,7 @@ void refreshAccessToken_success() throws IOException, IllegalStateException {
415444
sourceCredentials,
416445
IMPERSONATED_CLIENT_EMAIL,
417446
null,
418-
SCOPES,
447+
IMMUTABLE_SCOPES_LIST,
419448
VALID_LIFETIME,
420449
mockTransportFactory);
421450

@@ -433,7 +462,7 @@ void getRequestMetadata_withQuotaProjectId() throws IOException, IllegalStateExc
433462
sourceCredentials,
434463
IMPERSONATED_CLIENT_EMAIL,
435464
null,
436-
SCOPES,
465+
IMMUTABLE_SCOPES_LIST,
437466
VALID_LIFETIME,
438467
mockTransportFactory,
439468
QUOTA_PROJECT_ID);
@@ -456,7 +485,7 @@ void getRequestMetadata_withoutQuotaProjectId() throws IOException, IllegalState
456485
sourceCredentials,
457486
IMPERSONATED_CLIENT_EMAIL,
458487
null,
459-
SCOPES,
488+
IMMUTABLE_SCOPES_LIST,
460489
VALID_LIFETIME,
461490
mockTransportFactory);
462491

@@ -476,7 +505,7 @@ void refreshAccessToken_delegates_success() throws IOException, IllegalStateExce
476505
sourceCredentials,
477506
IMPERSONATED_CLIENT_EMAIL,
478507
delegates,
479-
SCOPES,
508+
IMMUTABLE_SCOPES_LIST,
480509
VALID_LIFETIME,
481510
mockTransportFactory);
482511

@@ -495,7 +524,7 @@ void refreshAccessToken_invalidDate() throws IllegalStateException {
495524
sourceCredentials,
496525
IMPERSONATED_CLIENT_EMAIL,
497526
null,
498-
SCOPES,
527+
IMMUTABLE_SCOPES_LIST,
499528
VALID_LIFETIME,
500529
mockTransportFactory);
501530

@@ -517,7 +546,7 @@ void getAccount_sameAs() {
517546
sourceCredentials,
518547
IMPERSONATED_CLIENT_EMAIL,
519548
null,
520-
SCOPES,
549+
IMMUTABLE_SCOPES_LIST,
521550
VALID_LIFETIME,
522551
mockTransportFactory);
523552

@@ -534,7 +563,7 @@ void sign_sameAs() {
534563
sourceCredentials,
535564
IMPERSONATED_CLIENT_EMAIL,
536565
null,
537-
SCOPES,
566+
IMMUTABLE_SCOPES_LIST,
538567
VALID_LIFETIME,
539568
mockTransportFactory);
540569

@@ -556,7 +585,7 @@ void sign_requestIncludesDelegates() throws IOException {
556585
sourceCredentials,
557586
IMPERSONATED_CLIENT_EMAIL,
558587
ImmutableList.of("[email protected]"),
559-
SCOPES,
588+
IMMUTABLE_SCOPES_LIST,
560589
VALID_LIFETIME,
561590
mockTransportFactory);
562591

@@ -595,7 +624,7 @@ void sign_usesSourceCredentials() {
595624
sourceCredentials,
596625
IMPERSONATED_CLIENT_EMAIL,
597626
ImmutableList.of("[email protected]"),
598-
SCOPES,
627+
IMMUTABLE_SCOPES_LIST,
599628
VALID_LIFETIME,
600629
mockTransportFactory);
601630

@@ -620,7 +649,7 @@ void sign_accessDenied_throws() {
620649
sourceCredentials,
621650
IMPERSONATED_CLIENT_EMAIL,
622651
null,
623-
SCOPES,
652+
IMMUTABLE_SCOPES_LIST,
624653
VALID_LIFETIME,
625654
mockTransportFactory);
626655

@@ -652,7 +681,7 @@ void sign_serverError_throws() {
652681
sourceCredentials,
653682
IMPERSONATED_CLIENT_EMAIL,
654683
null,
655-
SCOPES,
684+
IMMUTABLE_SCOPES_LIST,
656685
VALID_LIFETIME,
657686
mockTransportFactory);
658687

@@ -685,7 +714,7 @@ void idTokenWithAudience_sameAs() throws IOException {
685714
sourceCredentials,
686715
IMPERSONATED_CLIENT_EMAIL,
687716
null,
688-
SCOPES,
717+
IMMUTABLE_SCOPES_LIST,
689718
VALID_LIFETIME,
690719
mockTransportFactory);
691720

@@ -716,7 +745,7 @@ void idTokenWithAudience_withEmail() throws IOException {
716745
sourceCredentials,
717746
IMPERSONATED_CLIENT_EMAIL,
718747
null,
719-
SCOPES,
748+
IMMUTABLE_SCOPES_LIST,
720749
VALID_LIFETIME,
721750
mockTransportFactory);
722751

@@ -746,7 +775,7 @@ void idToken_withServerError() {
746775
sourceCredentials,
747776
IMPERSONATED_CLIENT_EMAIL,
748777
null,
749-
SCOPES,
778+
IMMUTABLE_SCOPES_LIST,
750779
VALID_LIFETIME,
751780
mockTransportFactory);
752781

@@ -776,7 +805,7 @@ void idToken_withOtherError() {
776805
sourceCredentials,
777806
IMPERSONATED_CLIENT_EMAIL,
778807
null,
779-
SCOPES,
808+
IMMUTABLE_SCOPES_LIST,
780809
VALID_LIFETIME,
781810
mockTransportFactory);
782811

@@ -806,7 +835,7 @@ void hashCode_equals() throws IOException {
806835
sourceCredentials,
807836
IMPERSONATED_CLIENT_EMAIL,
808837
null,
809-
SCOPES,
838+
IMMUTABLE_SCOPES_LIST,
810839
VALID_LIFETIME,
811840
mockTransportFactory);
812841

@@ -815,7 +844,7 @@ void hashCode_equals() throws IOException {
815844
sourceCredentials,
816845
IMPERSONATED_CLIENT_EMAIL,
817846
null,
818-
SCOPES,
847+
IMMUTABLE_SCOPES_LIST,
819848
VALID_LIFETIME,
820849
mockTransportFactory);
821850

@@ -834,7 +863,7 @@ void serialize() throws IOException, ClassNotFoundException {
834863
sourceCredentials,
835864
IMPERSONATED_CLIENT_EMAIL,
836865
null,
837-
SCOPES,
866+
IMMUTABLE_SCOPES_LIST,
838867
VALID_LIFETIME,
839868
mockTransportFactory);
840869
GoogleCredentials deserializedCredentials = serializeAndDeserialize(targetCredentials);

0 commit comments

Comments
 (0)