Revert "remove logic for passing of universeDomain"

This reverts commit ca9192a.
googleapis · Sep 20, 2023 · 8a0bb41 · 8a0bb41
1 parent be34ff3
commit 8a0bb41
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 6 deletions.
diff --git a/src/ApplicationDefaultCredentials.php b/src/ApplicationDefaultCredentials.php
@@ -144,6 +144,8 @@ public static function getMiddleware(
      * @param string|string[] $defaultScope The default scope to use if no
      *   user-defined scopes exist, expressed either as an Array or as a
      *   space-delimited string.
+     * @param string $universeDomain Specifies a universe domain to use for the
+     *   calling client library
      *
      * @return FetchAuthTokenInterface
      * @throws DomainException if no implementation can be obtained.
@@ -154,7 +156,8 @@ public static function getCredentials(
         array $cacheConfig = null,
         CacheItemPoolInterface $cache = null,
         $quotaProject = null,
-        $defaultScope = null
+        $defaultScope = null,
+        string $universeDomain = null
     ) {
         $creds = null;
         $jsonKey = CredentialsLoader::fromEnv()
@@ -179,6 +182,9 @@ public static function getCredentials(
             if ($quotaProject) {
                 $jsonKey['quota_project_id'] = $quotaProject;
             }
+            if ($universeDomain) {
+                $jsonKey['universe_domain'] = $universeDomain;
+            }
             $creds = CredentialsLoader::makeCredentials(
                 $scope,
                 $jsonKey,
@@ -187,7 +193,7 @@ public static function getCredentials(
         } elseif (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) {
             $creds = new AppIdentityCredentials($anyScope);
         } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) {
-            $creds = new GCECredentials(null, $anyScope, null, $quotaProject);
+            $creds = new GCECredentials(null, $anyScope, null, $quotaProject, null, $universeDomain);
             $creds->setIsOnGce(true); // save the credentials a trip to the metadata server
         }
 

diff --git a/src/Credentials/GCECredentials.php b/src/Credentials/GCECredentials.php
@@ -95,6 +95,11 @@ class GCECredentials extends CredentialsLoader implements
      */
     const PROJECT_ID_URI_PATH = 'v1/project/project-id';
 
+    /**
+     * The metadata path of the project ID.
+     */
+    const UNIVERSE_DOMAIN_URI_PATH = 'v1/universe/universe_domain';
+
     /**
      * The header whose presence indicates GCE presence.
      */
@@ -169,6 +174,11 @@ class GCECredentials extends CredentialsLoader implements
      */
     private $serviceAccountIdentity;
 
+    /**
+     * @var string
+     */
+    private ?string $universeDomain;
+
     /**
      * @param Iam $iam [optional] An IAM instance.
      * @param string|string[] $scope [optional] the scope of the access request,
@@ -178,6 +188,8 @@ class GCECredentials extends CredentialsLoader implements
      *   charges associated with the request.
      * @param string $serviceAccountIdentity [optional] Specify a service
      *   account identity name to use instead of "default".
+     * @param string $universeDomain [optional] Specify a universe domain to use
+     *   instead of fetching one from the metadata server.
      */
     public function __construct(
         Iam $iam = null,
@@ -212,6 +224,7 @@ public function __construct(
         $this->tokenUri = $tokenUri;
         $this->quotaProject = $quotaProject;
         $this->serviceAccountIdentity = $serviceAccountIdentity;
+        $this->universeDomain = $universeDomain;
     }
 
     /**

diff --git a/src/Credentials/ServiceAccountCredentials.php b/src/Credentials/ServiceAccountCredentials.php
@@ -341,10 +341,7 @@ public function getQuotaProject()
      */
     public function getUniverseDomain(): string
     {
-        if (null === $this->universeDomain) {
-            return self::DEFAULT_UNIVERSE_DOMAIN;
-        }
-        return $this->universeDomain;
+        return $this->universeDomain ?: self::DEFAULT_UNIVERSE_DOMAIN;
     }
 
     /**

diff --git a/tests/ApplicationDefaultCredentialsTest.php b/tests/ApplicationDefaultCredentialsTest.php
@@ -798,11 +798,35 @@ public function testUniverseDomainInKeyFile()
         $creds = ApplicationDefaultCredentials::getCredentials();
         $this->assertEquals('example-universe.com', $creds->getUniverseDomain());
 
+        // test passing in a different universe domain overrides keyfile
+        $creds3 = ApplicationDefaultCredentials::getCredentials(
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            'example-universe2.com'
+        );
+        $this->assertEquals('example-universe2.com', $creds3->getUniverseDomain());
+
         // Test universe domain in "authenticated_user" keyfile is not read.
         $keyFile = __DIR__ . '/fixtures2/private.json';
         putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile);
         $creds2 = ApplicationDefaultCredentials::getCredentials();
         $this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds2->getUniverseDomain());
+
+        // test passing in a different universe domain for "authenticated_user" has no effect.
+        $creds3 = ApplicationDefaultCredentials::getCredentials(
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            'example-universe2.com'
+        );
+        $this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds3->getUniverseDomain());
     }
 
     /** @runInSeparateProcess */