add slf4j and other test dep. add logging utils. add logging to req/resp to auth endpoints.

Author: zhumin8

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -92,6 +92,8 @@ public class ComputeEngineCredentials extends GoogleCredentials
   static final Duration COMPUTE_REFRESH_MARGIN = Duration.ofMinutes(3).plusSeconds(45);
 
   private static final Logger LOGGER = Logger.getLogger(ComputeEngineCredentials.class.getName());
+  private static final org.slf4j.Logger SLF4JLOGGER =
+      LoggingUtils.getLogger(ComputeEngineCredentials.class);
 
   static final String DEFAULT_METADATA_SERVER_URL = "http://metadata.google.internal";
 
@@ -296,11 +298,14 @@ public AccessToken refreshAccessToken() throws IOException {
       throw new IOException("Empty content from metadata token server request.");
     }
     GenericData responseData = response.parseAs(GenericData.class);
+    LoggingUtils.logGenericData(
+        responseData, SLF4JLOGGER, "Auth response from refresh access token payload.");
     String accessToken =
         OAuth2Utils.validateString(responseData, "access_token", PARSE_ERROR_PREFIX);
     int expiresInSeconds =
         OAuth2Utils.validateInt32(responseData, "expires_in", PARSE_ERROR_PREFIX);
     long expiresAtMilliseconds = clock.currentTimeMillis() + expiresInSeconds * 1000;
+
     return new AccessToken(accessToken, new Date(expiresAtMilliseconds));
   }
 
@@ -361,7 +366,9 @@ private HttpResponse getMetadataResponse(
     request.setThrowExceptionOnExecuteError(false);
     HttpResponse response;
     try {
+      LoggingUtils.logRequest(request, SLF4JLOGGER, "auth get metadata sending request.");
       response = request.execute();
+      LoggingUtils.logResponse(response, SLF4JLOGGER, "auth get metadata received response.");
     } catch (UnknownHostException exception) {
       throw new IOException(
           "ComputeEngineCredentials cannot find the metadata server. This is"
@@ -461,7 +468,10 @@ private static boolean pingComputeEngineMetadata(
             request,
             MetricsUtils.getGoogleCredentialsMetricsHeader(
                 RequestType.METADATA_SERVER_PING, CredentialTypeForMetrics.DO_NOT_SEND));
+
+        LoggingUtils.logRequest(request, SLF4JLOGGER, "auth pin MDS.");
         HttpResponse response = request.execute();
+        LoggingUtils.logResponse(response, SLF4JLOGGER, "auth received response from MDS.");
         try {
           // Internet providers can return a generic response to all requests, so it is necessary
           // to check that metadata header is present also.
@@ -633,6 +643,8 @@ private String getDefaultServiceAccount() throws IOException {
       throw new IOException("Empty content from metadata token server request.");
     }
     GenericData responseData = response.parseAs(GenericData.class);
+    LoggingUtils.logGenericData(
+        responseData, SLF4JLOGGER, "Auth get default service account payload.");
     Map<String, Object> defaultAccount =
         OAuth2Utils.validateMap(responseData, "default", PARSE_ERROR_ACCOUNT);
     return OAuth2Utils.validateString(defaultAccount, "email", PARSE_ERROR_ACCOUNT);

oauth2_http/java/com/google/auth/oauth2/IamUtils.java

@@ -56,6 +56,7 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import org.slf4j.Logger;
 
 /**
  * This internal class provides shared utilities for interacting with the IAM API for common
@@ -68,6 +69,7 @@ class IamUtils {
       "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateIdToken";
   private static final String PARSE_ERROR_MESSAGE = "Error parsing error message response. ";
   private static final String PARSE_ERROR_SIGNATURE = "Error parsing signature response. ";
+  private static final Logger LOGGER = LoggingUtils.getLogger(IamUtils.class);
 
   // Following guidance for IAM retries:
   // https://cloud.google.com/iam/docs/retry-strategy#errors-to-retry
@@ -142,7 +144,9 @@ private static String getSignature(
                     IamUtils.IAM_RETRYABLE_STATUS_CODES.contains(response.getStatusCode())));
     request.setIOExceptionHandler(new HttpBackOffIOExceptionHandler(backoff));
 
+    LoggingUtils.logRequest(request, LOGGER, "auth sending request to get signature.");
     HttpResponse response = request.execute();
+    LoggingUtils.logResponse(response, LOGGER, "auth received response for signature.");
     int statusCode = response.getStatusCode();
     if (statusCode >= 400 && statusCode < HttpStatusCodes.STATUS_CODE_SERVER_ERROR) {
       GenericData responseError = response.parseAs(GenericData.class);
@@ -169,6 +173,7 @@ private static String getSignature(
     }
 
     GenericData responseData = response.parseAs(GenericData.class);
+    LoggingUtils.logGenericData(responseData, LOGGER, "Auth response payload.");
     return OAuth2Utils.validateString(responseData, "signedBlob", PARSE_ERROR_SIGNATURE);
   }
 
@@ -220,7 +225,10 @@ static IdToken getIdToken(
         MetricsUtils.getGoogleCredentialsMetricsHeader(
             RequestType.ID_TOKEN_REQUEST, credentialTypeForMetrics));
 
+    LoggingUtils.logRequest(request, LOGGER, "auth sending request to get id token.");
     HttpResponse response = request.execute();
+
+    LoggingUtils.logResponse(response, LOGGER, "auth received response for id token.");
     int statusCode = response.getStatusCode();
     if (statusCode >= 400 && statusCode < HttpStatusCodes.STATUS_CODE_SERVER_ERROR) {
       GenericData responseError = response.parseAs(GenericData.class);
@@ -245,6 +253,7 @@ static IdToken getIdToken(
     }
 
     GenericJson responseData = response.parseAs(GenericJson.class);
+    LoggingUtils.logGenericData(responseData, LOGGER, "response data payload.");
     String rawToken = OAuth2Utils.validateString(responseData, "token", PARSE_ERROR_MESSAGE);
     return IdToken.create(rawToken);
   }

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

@@ -65,6 +65,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import org.slf4j.Logger;
 
 /**
  * ImpersonatedCredentials allowing credentials issued to a user or service account to impersonate
@@ -110,6 +111,7 @@ public class ImpersonatedCredentials extends GoogleCredentials
   private int lifetime;
   private String iamEndpointOverride;
   private final String transportFactoryClassName;
+  private static final Logger LOGGER = LoggingUtils.getLogger(ImpersonatedCredentials.class);
 
   private transient HttpTransportFactory transportFactory;
 
@@ -546,12 +548,15 @@ public AccessToken refreshAccessToken() throws IOException {
 
     HttpResponse response = null;
     try {
+      LoggingUtils.logRequest(request, LOGGER, "auth sending refresh access token request.");
       response = request.execute();
+      LoggingUtils.logResponse(response, LOGGER, "auth received response.");
     } catch (IOException e) {
       throw new IOException("Error requesting access token", e);
     }
 
     GenericData responseData = response.parseAs(GenericData.class);
+    LoggingUtils.logGenericData(responseData, LOGGER, "Auth response payload.");
     response.disconnect();
 
     String accessToken =

oauth2_http/java/com/google/auth/oauth2/LoggingInterceptor.java

@@ -0,0 +1,65 @@
+package com.google.auth.oauth2;
+
+import com.google.api.client.http.HttpExecuteInterceptor;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestInitializer;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.http.UrlEncodedContent;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.event.Level;
+
+public class LoggingInterceptor
+    implements HttpExecuteInterceptor, HttpRequestInitializer, HttpResponseInterceptor {
+
+  private static final Logger logger = LoggingUtils.getLogger(LoggingInterceptor.class);
+
+  @Override
+  public void intercept(HttpRequest request) throws IOException {
+    // Log the request
+    // StringBuilder requestLog = new StringBuilder("Sending request.");
+    Map<String, String> loggingDataMap = new HashMap<>();
+    loggingDataMap.put("request.method", request.getRequestMethod());
+    loggingDataMap.put("request.url", request.getUrl().toString());
+    // requestLog.append(request.getRequestMethod()).append(" ").append(request.getUrl());
+
+    Map<String, Object> headers = new HashMap<>();
+    request.getHeaders().forEach((key, val) -> headers.put(key, val));
+    loggingDataMap.put("request.headers", headers.toString());
+    if (request.getContent() != null && logger.isDebugEnabled()) {
+      loggingDataMap.put(
+          "request.payload", ((UrlEncodedContent) request.getContent()).getData().toString());
+
+      LoggingUtils.logWithMDC(logger, Level.DEBUG, loggingDataMap, "Sending auth request");
+    } else {
+
+      LoggingUtils.logWithMDC(logger, Level.INFO, loggingDataMap, "Sending auth request");
+    }
+  }
+
+  @Override
+  public void interceptResponse(HttpResponse response) throws IOException {
+    // Log the response
+    // StringBuilder responseLog = new StringBuilder("Received response: ");
+    // responseLog.append(response.getStatusCode()).append(" ").append(response.getStatusMessage());
+
+    Map<String, String> responseLogDataMap = new HashMap<>();
+    responseLogDataMap.put("response.status", String.valueOf(response.getStatusCode()));
+    responseLogDataMap.put("response.status.message", response.getStatusMessage());
+
+    Map<String, Object> headers = new HashMap<>();
+    response.getHeaders().forEach((key, val) -> headers.put(key, val));
+    responseLogDataMap.put("response.headers", headers.toString());
+
+    LoggingUtils.logWithMDC(logger, Level.INFO, responseLogDataMap, "Auth response.");
+  }
+
+  @Override
+  public void initialize(HttpRequest request) throws IOException {
+    request.setInterceptor(this);
+    request.setResponseInterceptor(this);
+  }
+}