Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: update branding in ExternalAccountCredentials #893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 29, 2022
Merged

fix: update branding in ExternalAccountCredentials #893

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1d2de7
fix: update branding in ExternalAccountCredentials
hegemonic Mar 16, 2022
fca6e78
Merge branch 'main' into branding
Mar 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 27 additions & 25 deletions oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,8 @@
/**
* Base external account credentials class.
*
* <p>Handles initializing external credentials, calls to STS, and service account impersonation.
* <p>Handles initializing external credentials, calls to the Security Token Service, and service
* account impersonation.
*/
public abstract class ExternalAccountCredentials extends GoogleCredentials
implements QuotaProjectIdProvider {
Expand Down Expand Up @@ -89,8 +90,9 @@ abstract static class CredentialSource {
@Nullable private final String clientId;
@Nullable private final String clientSecret;

// This is used for Workforce Pools. It is passed to STS during token exchange in the
// `options` param and will be embedded in the token by STS.
// This is used for Workforce Pools. It is passed to the Security Token Service during token
// exchange in the `options` param and will be embedded in the token by the Security Token
// Service.
@Nullable private final String workforcePoolUserProject;

protected transient HttpTransportFactory transportFactory;
Expand All @@ -104,18 +106,17 @@ abstract static class CredentialSource {
* workforce credentials.
*
* @param transportFactory HTTP transport factory, creates the transport used to get access tokens
* @param audience the STS audience which is usually the fully specified resource name of the
* workload/workforce pool provider
* @param subjectTokenType the STS subject token type based on the OAuth 2.0 token exchange spec.
* Indicates the type of the security token in the credential file
* @param tokenUrl the STS token exchange endpoint
* @param audience the Security Token Service audience, which is usually the fully specified
* resource name of the workload/workforce pool provider
* @param subjectTokenType the Security Token Service subject token type based on the OAuth 2.0
* token exchange spec. Indicates the type of the security token in the credential file
* @param tokenUrl the Security Token Service token exchange endpoint
* @param tokenInfoUrl the endpoint used to retrieve account related information. Required for
* gCloud session account identification.
* @param credentialSource the external credential source
* @param serviceAccountImpersonationUrl the URL for the service account impersonation request.
* This is only required for workload identity pools when APIs to be accessed have not
* integrated with UberMint. If this is not available, the STS returned GCP access token is
* directly used. May be null.
* This URL is required for some APIs. If this URL is not available, the access token from the
* Security Token Service is used directly. May be null.
* @param quotaProjectId the project used for quota and billing purposes. May be null.
* @param clientId client ID of the service account from the console. May be null.
* @param clientSecret client secret of the service account from the console. May be null.
Expand Down Expand Up @@ -395,11 +396,11 @@ private static boolean isAwsCredential(Map<String, Object> credentialSource) {
}

/**
* Exchanges the external credential for a GCP access token.
* Exchanges the external credential for a Google Cloud access token.
*
* @param stsTokenExchangeRequest the STS token exchange request
* @return the access token returned by STS
* @throws OAuthException if the call to STS fails
* @param stsTokenExchangeRequest the Security Token Service token exchange request
* @return the access token returned by the Security Token Service
* @throws OAuthException if the call to the Security Token Service fails
*/
protected AccessToken exchangeExternalCredentialForAccessToken(
StsTokenExchangeRequest stsTokenExchangeRequest) throws IOException {
Expand All @@ -413,7 +414,8 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
tokenUrl, stsTokenExchangeRequest, transportFactory.create().createRequestFactory());

// If this credential was initialized with a Workforce configuration then the
// workforcePoolUserProject must passed to STS via the the internal options param.
// workforcePoolUserProject must be passed to the Security Token Service via the internal
// options param.
if (isWorkforcePoolConfiguration()) {
GenericJson options = new GenericJson();
options.setFactory(OAuth2Utils.JSON_FACTORY);
Expand All @@ -431,7 +433,7 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
}

/**
* Retrieves the external subject token to be exchanged for a GCP access token.
* Retrieves the external subject token to be exchanged for a Google Cloud access token.
*
* <p>Must be implemented by subclasses as the retrieval method is dependent on the credential
* source.
Expand Down Expand Up @@ -603,24 +605,24 @@ public Builder setHttpTransportFactory(HttpTransportFactory transportFactory) {
}

/**
* Sets the STS audience which is usually the fully specified resource name of the
* workload/workforce pool provider.
* Sets the Security Token Service audience, which is usually the fully specified resource name
* of the workload/workforce pool provider.
*/
public Builder setAudience(String audience) {
this.audience = audience;
return this;
}

/**
* Sets the STS subject token type based on the OAuth 2.0 token exchange spec. Indicates the
* type of the security token in the credential file.
* Sets the Security Token Service subject token type based on the OAuth 2.0 token exchange
* spec. Indicates the type of the security token in the credential file.
*/
public Builder setSubjectTokenType(String subjectTokenType) {
this.subjectTokenType = subjectTokenType;
return this;
}

/** Sets the STS token exchange endpoint. */
/** Sets the Security Token Service token exchange endpoint. */
public Builder setTokenUrl(String tokenUrl) {
this.tokenUrl = tokenUrl;
return this;
Expand All @@ -633,9 +635,9 @@ public Builder setCredentialSource(CredentialSource credentialSource) {
}

/**
* Sets the optional URL used for service account impersonation. This is only required when APIs
* to be accessed have not integrated with UberMint. If this is not available, the STS returned
* GCP access token is directly used.
* Sets the optional URL used for service account impersonation, which is required for some
* APIs. If this URL is not available, the access token from the Security Token Service is used
* directly.
*/
public Builder setServiceAccountImpersonationUrl(String serviceAccountImpersonationUrl) {
this.serviceAccountImpersonationUrl = serviceAccountImpersonationUrl;
Expand Down