fix: Simplify call to directly retrieve the default service account from MDS

Author: lqiu96

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -41,6 +41,7 @@
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.api.client.json.JsonObjectParser;
 import com.google.api.client.util.GenericData;
+import com.google.api.core.ObsoleteApi;
 import com.google.auth.CredentialTypeForMetrics;
 import com.google.auth.Credentials;
 import com.google.auth.Retryable;
@@ -69,7 +70,6 @@
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
-import java.util.Map;
 import java.util.Objects;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -627,11 +627,22 @@ public static String getUniverseDomainUrl() {
         + "/computeMetadata/v1/universe/universe-domain";
   }
 
+  /**
+   * This method is marked as Obsolete. Prefer to use {@link #getDefaultServiceAccount()} to
+   * retrieve the default service account.
+   */
+  @ObsoleteApi("Prefer getDefaultServiceAccountUrl() to retrieve the default service account")
   public static String getServiceAccountsUrl() {
     return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT)
         + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
   }
 
+  /** Url to retrieve the default service account entry from the Metadata Server. */
+  public static String getDefaultServiceAccountUrl() {
+    return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT)
+        + "/computeMetadata/v1/instance/service-accounts/default/email";
+  }
+
   public static String getIdentityDocumentUrl() {
     return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT)
         + "/computeMetadata/v1/instance/service-accounts/default/identity";
@@ -733,7 +744,7 @@ public byte[] sign(byte[] toSign) {
 
   private String getDefaultServiceAccount() throws IOException {
     HttpResponse response =
-        getMetadataResponse(getServiceAccountsUrl(), RequestType.UNTRACKED, false);
+        getMetadataResponse(getDefaultServiceAccountUrl(), RequestType.UNTRACKED, false);
     int statusCode = response.getStatusCode();
     if (statusCode == HttpStatusCodes.STATUS_CODE_NOT_FOUND) {
       throw new IOException(
@@ -756,12 +767,7 @@ private String getDefaultServiceAccount() throws IOException {
       // Mock transports will have success code with empty content by default.
       throw new IOException(METADATA_RESPONSE_EMPTY_CONTENT_ERROR_MESSAGE);
     }
-    GenericData responseData = response.parseAs(GenericData.class);
-    LoggingUtils.logResponsePayload(
-        responseData, LOGGER_PROVIDER, "Received default service account payload");
-    Map<String, Object> defaultAccount =
-        OAuth2Utils.validateMap(responseData, "default", PARSE_ERROR_ACCOUNT);
-    return OAuth2Utils.validateString(defaultAccount, "email", PARSE_ERROR_ACCOUNT);
+    return response.parseAsString();
   }
 
   public static class Builder extends GoogleCredentials.Builder {

oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java

@@ -590,7 +590,7 @@ public void getAccount_missing_throws() {
         new MockMetadataServerTransport() {
           @Override
           public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
-            if (isGetServiceAccountsUrl(url)) {
+            if (isGetDefaultServiceAccountsUrl(url)) {
               return new MockLowLevelHttpRequest(url) {
                 @Override
                 public LowLevelHttpResponse execute() throws IOException {
@@ -626,7 +626,7 @@ public void getAccount_emptyContent_throws() {
         new MockMetadataServerTransport() {
           @Override
           public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
-            if (isGetServiceAccountsUrl(url)) {
+            if (isGetDefaultServiceAccountsUrl(url)) {
               return new MockLowLevelHttpRequest(url) {
                 @Override
                 public LowLevelHttpResponse execute() throws IOException {

oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java

@@ -129,8 +129,8 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce
     if (url.startsWith(ComputeEngineCredentials.getTokenServerEncodedUrl())) {
       this.request = getMockRequestForTokenEndpoint(url);
       return this.request;
-    } else if (isGetServiceAccountsUrl(url)) {
-      this.request = getMockRequestForServiceAccount(url);
+    } else if (isGetDefaultServiceAccountsUrl(url)) {
+      this.request = getMockRequestForDefaultServiceAccount(url);
       return this.request;
     } else if (isSignRequestUrl(url)) {
       this.request = getMockRequestForSign(url);
@@ -176,22 +176,13 @@ public LowLevelHttpResponse execute() throws IOException {
     };
   }
 
-  private MockLowLevelHttpRequest getMockRequestForServiceAccount(String url) {
+  private MockLowLevelHttpRequest getMockRequestForDefaultServiceAccount(String url) {
     return new MockLowLevelHttpRequest(url) {
       @Override
-      public LowLevelHttpResponse execute() throws IOException {
-        // Create the JSON response
-        GenericJson serviceAccountsContents = new GenericJson();
-        serviceAccountsContents.setFactory(OAuth2Utils.JSON_FACTORY);
-        GenericJson defaultAccount = new GenericJson();
-        defaultAccount.put("email", serviceAccountEmail);
-        serviceAccountsContents.put("default", defaultAccount);
-
-        String serviceAccounts = serviceAccountsContents.toPrettyString();
-
+      public LowLevelHttpResponse execute() {
         return new MockLowLevelHttpResponse()
             .setContentType(Json.MEDIA_TYPE)
-            .setContent(serviceAccounts);
+            .setContent(serviceAccountEmail);
       }
     };
   }
@@ -341,8 +332,8 @@ public LowLevelHttpResponse execute() throws IOException {
     };
   }
 
-  protected boolean isGetServiceAccountsUrl(String url) {
-    return url.equals(ComputeEngineCredentials.getServiceAccountsUrl());
+  protected boolean isGetDefaultServiceAccountsUrl(String url) {
+    return url.equals(ComputeEngineCredentials.getDefaultServiceAccountUrl());
   }
 
   protected boolean isSignRequestUrl(String url) {