chore: Address PR comments

Author: lqiu96

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -128,7 +128,6 @@ public class ComputeEngineCredentials extends GoogleCredentials
   private final BindingEnforcement bindingEnforcement;
 
   private transient HttpTransportFactory transportFactory;
-  private transient String serviceAccountEmail;
 
   private String universeDomainFromMetadata = null;
 
@@ -346,9 +345,8 @@ private String getUniverseDomainFromMetadata() throws IOException {
   @Override
   public AccessToken refreshAccessToken() throws IOException {
     // Retrieve the default service account email prior to retrieving the access token
-    if (serviceAccountEmail == null) {
-      serviceAccountEmail = getDefaultServiceAccount();
-      principal = serviceAccountEmail;
+    if (principal == null) {
+      principal = getDefaultServiceAccount();
     }
 
     HttpResponse response =
@@ -695,14 +693,14 @@ public static Builder newBuilder() {
   @Override
   // todo(#314) getAccount should not throw a RuntimeException
   public String getAccount() {
-    if (serviceAccountEmail == null) {
+    if (principal == null) {
       try {
-        serviceAccountEmail = getDefaultServiceAccount();
+        principal = getDefaultServiceAccount();
       } catch (IOException ex) {
         throw new RuntimeException("Failed to get service account", ex);
       }
     }
-    return serviceAccountEmail;
+    return principal;
   }
 
   /**

oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java

@@ -311,9 +311,10 @@ private final GoogleCredentials tryGetComputeCredentials(HttpTransportFactory tr
     }
     boolean runningOnComputeEngine = ComputeEngineCredentials.isOnGce(transportFactory, this);
     checkedComputeEngine = true;
-    ComputeEngineCredentials.Builder builder = ComputeEngineCredentials.newBuilder();
     if (runningOnComputeEngine) {
-      return builder.setHttpTransportFactory(transportFactory).build();
+      return ComputeEngineCredentials.newBuilder()
+          .setHttpTransportFactory(transportFactory)
+          .build();
     }
     return null;
   }

oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java

@@ -42,6 +42,7 @@
 import com.google.common.base.MoreObjects.ToStringHelper;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import java.io.IOException;
 import java.io.InputStream;
@@ -76,7 +77,7 @@ enum GoogleCredentialsInfo {
     COMPUTE_ENGINE_CREDENTIALS("Compute Engine Credentials", null);
 
     private final String credentialName;
-    private final String fileType;
+    @Nullable private final String fileType;
 
     GoogleCredentialsInfo(String credentialName, String fileType) {
       this.credentialName = credentialName;
@@ -98,7 +99,8 @@ String getFileType() {
   // User-friendly name of the Credential class
   String name;
   // Identity of the credential
-  String principal;
+  // Note: This field is marked transient to prevent it from being serialized
+  transient String principal;
 
   private final String universeDomain;
   private final boolean isExplicitUniverseDomain;
@@ -554,9 +556,11 @@ GoogleCredentials withSource(String source) {
    *   <li>principal - Identity used for the credential
    * </ul>
    *
-   * Missing fields values are not included in the mapping
+   * Unknown field values are not included in the mapping (e.g. ComputeCredentials may not know the
+   * principal value until after a call to MDS is made and will be excluded if `getCredentialInfo`
+   * is called prior to retrieving that value)
    *
-   * @return Map of information regarding how the Credential was initialized
+   * @return ImmutableMap of information regarding how the Credential was initialized
    */
   public Map<String, String> getCredentialInfo() {
     Map<String, String> infoMap = new HashMap<>();
@@ -569,7 +573,7 @@ public Map<String, String> getCredentialInfo() {
     if (!Strings.isNullOrEmpty(principal)) {
       infoMap.put("Principal", principal);
     }
-    return infoMap;
+    return ImmutableMap.copyOf(infoMap);
   }
 
   public static class Builder extends OAuth2Credentials.Builder {

oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java

@@ -41,6 +41,7 @@
 import com.google.auth.Credentials;
 import com.google.auth.RequestMetadataCallback;
 import com.google.auth.ServiceAccountSigner;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Throwables;
@@ -296,17 +297,14 @@ public static ServiceAccountJwtAccessCredentials fromStream(
     if (fileType == null) {
       throw new IOException("Error reading credentials from stream, 'type' field not specified.");
     }
-    if (GoogleCredentials.GoogleCredentialsInfo.SERVICE_ACCOUNT_CREDENTIALS
-        .getFileType()
-        .equals(fileType)) {
+    if (GoogleCredentialsInfo.SERVICE_ACCOUNT_CREDENTIALS.getFileType().equals(fileType)) {
       return fromJson(fileContents, defaultAudience);
     }
     throw new IOException(
         String.format(
             "Error reading credentials from stream, 'type' value '%s' not recognized."
                 + " Expecting '%s'.",
-            fileType,
-            GoogleCredentials.GoogleCredentialsInfo.SERVICE_ACCOUNT_CREDENTIALS.getFileType()));
+            fileType, GoogleCredentialsInfo.SERVICE_ACCOUNT_CREDENTIALS.getFileType()));
   }
 
   private LoadingCache<JwtClaims, JwtCredentials> createCache() {

oauth2_http/java/com/google/auth/oauth2/UserCredentials.java

@@ -96,6 +96,9 @@ private UserCredentials(Builder builder) {
     this.tokenServerUri =
         (builder.tokenServerUri == null) ? OAuth2Utils.TOKEN_SERVER_URI : builder.tokenServerUri;
     this.transportFactoryClassName = this.transportFactory.getClass().getName();
+    if (builder.getAccount() != null) {
+      this.principal = builder.getAccount();
+    }
 
     this.name = GoogleCredentialsInfo.USER_CREDENTIALS.getCredentialName();
 
@@ -132,6 +135,10 @@ static UserCredentials fromJson(Map<String, Object> json, HttpTransportFactory t
     // currently "token_uri" is not a default field and needs to be added to json file manually
     String tokenUrl = (String) json.get("token_uri");
     URI tokenUri = (tokenUrl == null || tokenUrl.isEmpty()) ? null : URI.create(tokenUrl);
+    String account = null;
+    if (json.containsKey("account")) {
+      account = (String) json.get("account");
+    }
     return UserCredentials.newBuilder()
         .setClientId(clientId)
         .setClientSecret(clientSecret)
@@ -140,6 +147,7 @@ static UserCredentials fromJson(Map<String, Object> json, HttpTransportFactory t
         .setHttpTransportFactory(transportFactory)
         .setTokenServerUri(tokenUri)
         .setQuotaProjectId(quotaProjectId)
+        .setAccount(account)
         .build();
   }
 
@@ -409,6 +417,7 @@ public static class Builder extends GoogleCredentials.Builder {
     private String clientSecret;
     private String refreshToken;
     private URI tokenServerUri;
+    private String account;
     private HttpTransportFactory transportFactory;
 
     protected Builder() {}
@@ -420,6 +429,7 @@ protected Builder(UserCredentials credentials) {
       this.refreshToken = credentials.refreshToken;
       this.transportFactory = credentials.transportFactory;
       this.tokenServerUri = credentials.tokenServerUri;
+      this.account = credentials.account;
     }
 
     @CanIgnoreReturnValue
@@ -452,6 +462,12 @@ public Builder setHttpTransportFactory(HttpTransportFactory transportFactory) {
       return this;
     }
 
+    @CanIgnoreReturnValue
+    Builder setAccount(String account) {
+      this.account = account;
+      return this;
+    }
+
     @Override
     @CanIgnoreReturnValue
     public Builder setAccessToken(AccessToken token) {
@@ -496,6 +512,10 @@ public URI getTokenServerUri() {
       return tokenServerUri;
     }
 
+    String getAccount() {
+      return account;
+    }
+
     public HttpTransportFactory getHttpTransportFactory() {
       return transportFactory;
     }

oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java

@@ -45,6 +45,7 @@
 import com.google.api.client.util.Clock;
 import com.google.auth.TestUtils;
 import com.google.auth.oauth2.ExternalAccountCredentialsTest.MockExternalAccountCredentialsTransportFactory;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
@@ -1346,8 +1347,7 @@ static InputStream writeAwsCredentialsStream(String stsUrl, String regionUrl, St
     json.put("subject_token_type", "subjectTokenType");
     json.put("token_url", stsUrl);
     json.put("token_info_url", "tokenInfoUrl");
-    json.put(
-        "type", GoogleCredentials.GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
+    json.put("type", GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
 
     GenericJson credentialSource = new GenericJson();
     credentialSource.put("environment_id", "aws1");

oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java

@@ -47,6 +47,7 @@
 import com.google.auth.TestUtils;
 import com.google.auth.http.AuthHttpConstants;
 import com.google.auth.http.HttpTransportFactory;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
@@ -1241,9 +1242,7 @@ public void serialize() throws IOException, ClassNotFoundException {
   static GenericJson buildJsonCredentials() {
     GenericJson json = new GenericJson();
     json.put(
-        "type",
-        GoogleCredentials.GoogleCredentialsInfo.EXTERNAL_ACCOUNT_AUTHORIZED_USER_CREDENTIALS
-            .getFileType());
+        "type", GoogleCredentialsInfo.EXTERNAL_ACCOUNT_AUTHORIZED_USER_CREDENTIALS.getFileType());
     json.put("audience", AUDIENCE);
     json.put("refresh_token", REFRESH_TOKEN);
     json.put("client_id", CLIENT_ID);

oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java

@@ -46,6 +46,7 @@
 import com.google.api.client.testing.http.FixedClock;
 import com.google.api.client.util.Clock;
 import com.google.auth.TestUtils;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -915,7 +916,7 @@ static GenericJson writeGdchServiceAccountJson(
     if (tokenServerUri != null) {
       json.put("token_uri", tokenServerUri.toString());
     }
-    json.put("type", GoogleCredentials.GoogleCredentialsInfo.GDCH_CREDENTIALS.getFileType());
+    json.put("type", GoogleCredentialsInfo.GDCH_CREDENTIALS.getFileType());
     return json;
   }
 

oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java

@@ -44,6 +44,7 @@
 import com.google.auth.TestUtils;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.mtls.X509Provider;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -1197,8 +1198,7 @@ static InputStream writeIdentityPoolCredentialsStream(
     json.put("subject_token_type", "subjectTokenType");
     json.put("token_url", tokenUrl);
     json.put("token_info_url", "tokenInfoUrl");
-    json.put(
-        "type", GoogleCredentials.GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
+    json.put("type", GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
 
     if (serviceAccountImpersonationUrl != null) {
       json.put("service_account_impersonation_url", serviceAccountImpersonationUrl);

oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java

@@ -40,6 +40,7 @@
 import com.google.auth.TestUtils;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.oauth2.ExecutableHandler.ExecutableOptions;
+import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.NotSerializableException;
@@ -628,8 +629,7 @@ static InputStream writeCredentialsStream(String tokenUrl) throws IOException {
     json.put("subject_token_type", "subjectTokenType");
     json.put("token_url", tokenUrl);
     json.put("token_info_url", "tokenInfoUrl");
-    json.put(
-        "type", GoogleCredentials.GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
+    json.put("type", GoogleCredentialsInfo.EXTERNAL_ACCOUNT_CREDENTIALS.getFileType());
 
     GenericJson credentialSource = new GenericJson();
     GenericJson executable = new GenericJson();