From 8a0bb41cb8c5f0f1d5844a755f6140c5d1006969 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Wed, 20 Sep 2023 15:16:51 -0700 Subject: [PATCH] Revert "remove logic for passing of universeDomain" This reverts commit ca9192a8784a1dc607d27c49343af9c049c41e84. --- src/ApplicationDefaultCredentials.php | 10 ++++++-- src/Credentials/GCECredentials.php | 13 ++++++++++ src/Credentials/ServiceAccountCredentials.php | 5 +--- tests/ApplicationDefaultCredentialsTest.php | 24 +++++++++++++++++++ 4 files changed, 46 insertions(+), 6 deletions(-) diff --git a/src/ApplicationDefaultCredentials.php b/src/ApplicationDefaultCredentials.php index d556fac4e..80437c8c9 100644 --- a/src/ApplicationDefaultCredentials.php +++ b/src/ApplicationDefaultCredentials.php @@ -144,6 +144,8 @@ public static function getMiddleware( * @param string|string[] $defaultScope The default scope to use if no * user-defined scopes exist, expressed either as an Array or as a * space-delimited string. + * @param string $universeDomain Specifies a universe domain to use for the + * calling client library * * @return FetchAuthTokenInterface * @throws DomainException if no implementation can be obtained. @@ -154,7 +156,8 @@ public static function getCredentials( array $cacheConfig = null, CacheItemPoolInterface $cache = null, $quotaProject = null, - $defaultScope = null + $defaultScope = null, + string $universeDomain = null ) { $creds = null; $jsonKey = CredentialsLoader::fromEnv() @@ -179,6 +182,9 @@ public static function getCredentials( if ($quotaProject) { $jsonKey['quota_project_id'] = $quotaProject; } + if ($universeDomain) { + $jsonKey['universe_domain'] = $universeDomain; + } $creds = CredentialsLoader::makeCredentials( $scope, $jsonKey, @@ -187,7 +193,7 @@ public static function getCredentials( } elseif (AppIdentityCredentials::onAppEngine() && !GCECredentials::onAppEngineFlexible()) { $creds = new AppIdentityCredentials($anyScope); } elseif (self::onGce($httpHandler, $cacheConfig, $cache)) { - $creds = new GCECredentials(null, $anyScope, null, $quotaProject); + $creds = new GCECredentials(null, $anyScope, null, $quotaProject, null, $universeDomain); $creds->setIsOnGce(true); // save the credentials a trip to the metadata server } diff --git a/src/Credentials/GCECredentials.php b/src/Credentials/GCECredentials.php index 7204965c3..6f31d7d63 100644 --- a/src/Credentials/GCECredentials.php +++ b/src/Credentials/GCECredentials.php @@ -95,6 +95,11 @@ class GCECredentials extends CredentialsLoader implements */ const PROJECT_ID_URI_PATH = 'v1/project/project-id'; + /** + * The metadata path of the project ID. + */ + const UNIVERSE_DOMAIN_URI_PATH = 'v1/universe/universe_domain'; + /** * The header whose presence indicates GCE presence. */ @@ -169,6 +174,11 @@ class GCECredentials extends CredentialsLoader implements */ private $serviceAccountIdentity; + /** + * @var string + */ + private ?string $universeDomain; + /** * @param Iam $iam [optional] An IAM instance. * @param string|string[] $scope [optional] the scope of the access request, @@ -178,6 +188,8 @@ class GCECredentials extends CredentialsLoader implements * charges associated with the request. * @param string $serviceAccountIdentity [optional] Specify a service * account identity name to use instead of "default". + * @param string $universeDomain [optional] Specify a universe domain to use + * instead of fetching one from the metadata server. */ public function __construct( Iam $iam = null, @@ -212,6 +224,7 @@ public function __construct( $this->tokenUri = $tokenUri; $this->quotaProject = $quotaProject; $this->serviceAccountIdentity = $serviceAccountIdentity; + $this->universeDomain = $universeDomain; } /** diff --git a/src/Credentials/ServiceAccountCredentials.php b/src/Credentials/ServiceAccountCredentials.php index 086417c07..c7a7a2dd0 100644 --- a/src/Credentials/ServiceAccountCredentials.php +++ b/src/Credentials/ServiceAccountCredentials.php @@ -341,10 +341,7 @@ public function getQuotaProject() */ public function getUniverseDomain(): string { - if (null === $this->universeDomain) { - return self::DEFAULT_UNIVERSE_DOMAIN; - } - return $this->universeDomain; + return $this->universeDomain ?: self::DEFAULT_UNIVERSE_DOMAIN; } /** diff --git a/tests/ApplicationDefaultCredentialsTest.php b/tests/ApplicationDefaultCredentialsTest.php index efdde5ebf..9af669357 100644 --- a/tests/ApplicationDefaultCredentialsTest.php +++ b/tests/ApplicationDefaultCredentialsTest.php @@ -798,11 +798,35 @@ public function testUniverseDomainInKeyFile() $creds = ApplicationDefaultCredentials::getCredentials(); $this->assertEquals('example-universe.com', $creds->getUniverseDomain()); + // test passing in a different universe domain overrides keyfile + $creds3 = ApplicationDefaultCredentials::getCredentials( + null, + null, + null, + null, + null, + null, + 'example-universe2.com' + ); + $this->assertEquals('example-universe2.com', $creds3->getUniverseDomain()); + // Test universe domain in "authenticated_user" keyfile is not read. $keyFile = __DIR__ . '/fixtures2/private.json'; putenv(ServiceAccountCredentials::ENV_VAR . '=' . $keyFile); $creds2 = ApplicationDefaultCredentials::getCredentials(); $this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds2->getUniverseDomain()); + + // test passing in a different universe domain for "authenticated_user" has no effect. + $creds3 = ApplicationDefaultCredentials::getCredentials( + null, + null, + null, + null, + null, + null, + 'example-universe2.com' + ); + $this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds3->getUniverseDomain()); } /** @runInSeparateProcess */