fix: universe domain check for grpc transport (#534)

googleapis · Feb 16, 2024 · 1026d8a · 1026d8a
1 parent dfca60f
commit 1026d8a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/src/CredentialsWrapper.php b/src/CredentialsWrapper.php
@@ -272,7 +272,7 @@ public function getAuthorizationHeaderCallback($audience = null)
     /**
      * Verify that the expected universe domain matches the universe domain from the credentials.
      */
-    private function checkUniverseDomain()
+    public function checkUniverseDomain()
     {
         if (false === $this->hasCheckedUniverse) {
             $credentialsUniverse = $this->credentialsFetcher instanceof GetUniverseDomainInterface

diff --git a/src/Transport/GrpcTransport.php b/src/Transport/GrpcTransport.php
@@ -159,6 +159,8 @@ public static function build(string $apiEndpoint, array $config = [])
      */
     public function startBidiStreamingCall(Call $call, array $options)
     {
+        $this->verifyUniverseDomain($options);
+
         return new BidiStream(
             $this->_bidiRequest(
                 '/' . $call->getMethod(),
@@ -175,6 +177,9 @@ public function startBidiStreamingCall(Call $call, array $options)
      */
     public function startClientStreamingCall(Call $call, array $options)
     {
+
+        $this->verifyUniverseDomain($options);
+
         return new ClientStream(
             $this->_clientStreamRequest(
                 '/' . $call->getMethod(),
@@ -191,6 +196,8 @@ public function startClientStreamingCall(Call $call, array $options)
      */
     public function startServerStreamingCall(Call $call, array $options)
     {
+        $this->verifyUniverseDomain($options);
+
         $message = $call->getMessage();
 
         if (!$message) {
@@ -216,6 +223,8 @@ public function startServerStreamingCall(Call $call, array $options)
      */
     public function startUnaryCall(Call $call, array $options)
     {
+        $this->verifyUniverseDomain($options);
+
         $unaryCall = $this->_simpleRequest(
             '/' . $call->getMethod(),
             $call->getMessage(),
@@ -245,6 +254,13 @@ function () use ($unaryCall, $options, &$promise) {
         return $promise;
     }
 
+    private function verifyUniverseDomain(array $options)
+    {
+        if (isset($options['credentialsWrapper'])) {
+            $options['credentialsWrapper']->checkUniverseDomain();
+        }
+    }
+
     private function getCallOptions(array $options)
     {
         $callOptions = $options['transportOptions']['grpcOptions'] ?? [];

diff --git a/tests/Tests/Unit/Transport/GrpcTransportTest.php b/tests/Tests/Unit/Transport/GrpcTransportTest.php
@@ -387,6 +387,8 @@ public function testAudienceOption()
         $call->getDecodeType()->shouldBeCalled();
 
         $credentialsWrapper = $this->prophesize(CredentialsWrapper::class);
+        $credentialsWrapper->checkUniverseDomain()
+            ->shouldBeCalledOnce();
         $credentialsWrapper->getAuthorizationHeaderCallback('an-audience')
             ->shouldBeCalledOnce();
         $hostname = '';