feat: adds universe_domain to external account creds (#1199)

oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java

@@ -95,6 +95,7 @@ abstract static class CredentialSource implements java.io.Serializable {
   @Nullable private final String serviceAccountImpersonationUrl;
   @Nullable private final String clientId;
   @Nullable private final String clientSecret;
+  @Nullable private final String universeDomain;
 
   // This is used for Workforce Pools. It is passed to the Security Token Service during token
   // exchange in the `options` param and will be embedded in the token by the Security Token
@@ -214,6 +215,7 @@ protected ExternalAccountCredentials(
     this.environmentProvider =
         environmentProvider == null ? SystemEnvironmentProvider.getInstance() : environmentProvider;
     this.workforcePoolUserProject = null;
+    this.universeDomain = null;
     this.serviceAccountImpersonationOptions =
         new ServiceAccountImpersonationOptions(new HashMap<String, Object>());
 
@@ -265,6 +267,8 @@ protected ExternalAccountCredentials(ExternalAccountCredentials.Builder builder)
           "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.");
     }
 
+    this.universeDomain = builder.universeDomain;
+
     validateTokenUrl(tokenUrl);
     if (serviceAccountImpersonationUrl != null) {
       validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
@@ -403,6 +407,7 @@ static ExternalAccountCredentials fromJson(
     String clientSecret = (String) json.get("client_secret");
     String quotaProjectId = (String) json.get("quota_project_id");
     String userProject = (String) json.get("workforce_pool_user_project");
+    String universeDomain = (String) json.get("universe_domain");
     Map<String, Object> impersonationOptionsMap =
         (Map<String, Object>) json.get("service_account_impersonation");
 
@@ -423,6 +428,7 @@ static ExternalAccountCredentials fromJson(
           .setClientId(clientId)
           .setClientSecret(clientSecret)
           .setServiceAccountImpersonationOptions(impersonationOptionsMap)
+          .setUniverseDomain(universeDomain)
           .build();
     } else if (isPluggableAuthCredential(credentialSourceMap)) {
       return PluggableAuthCredentials.newBuilder()
@@ -438,6 +444,7 @@ static ExternalAccountCredentials fromJson(
           .setClientSecret(clientSecret)
           .setWorkforcePoolUserProject(userProject)
           .setServiceAccountImpersonationOptions(impersonationOptionsMap)
+          .setUniverseDomain(universeDomain)
           .build();
     }
     return IdentityPoolCredentials.newBuilder()
@@ -453,6 +460,7 @@ static ExternalAccountCredentials fromJson(
         .setClientSecret(clientSecret)
         .setWorkforcePoolUserProject(userProject)
         .setServiceAccountImpersonationOptions(impersonationOptionsMap)
+        .setUniverseDomain(universeDomain)
         .build();
   }
 
@@ -571,6 +579,11 @@ public String getWorkforcePoolUserProject() {
     return workforcePoolUserProject;
   }
 
+  @Nullable
+  public String getUniverseDomain() {
+    return universeDomain;
+  }
+
   @Nullable
   public ServiceAccountImpersonationOptions getServiceAccountImpersonationOptions() {
     return serviceAccountImpersonationOptions;
@@ -700,6 +713,7 @@ public abstract static class Builder extends GoogleCredentials.Builder {
     @Nullable protected Collection<String> scopes;
     @Nullable protected String workforcePoolUserProject;
     @Nullable protected ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
+    @Nullable protected String universeDomain;
 
     protected Builder() {}
 
@@ -718,6 +732,7 @@ protected Builder(ExternalAccountCredentials credentials) {
       this.environmentProvider = credentials.environmentProvider;
       this.workforcePoolUserProject = credentials.workforcePoolUserProject;
       this.serviceAccountImpersonationOptions = credentials.serviceAccountImpersonationOptions;
+      this.universeDomain = credentials.universeDomain;
     }
 
     /**
@@ -870,6 +885,17 @@ public Builder setServiceAccountImpersonationOptions(Map<String, Object> options
       return this;
     }
 
+    /**
+     * Sets the optional universe domain.
+     *
+     * @param universeDomain the universe domain to set
+     * @return this {@code Builder} object
+     */
+    public Builder setUniverseDomain(String universeDomain) {
+      this.universeDomain = universeDomain;
+      return this;
+    }
+
     /**
      * Sets the optional Environment Provider.
      *

oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java

@@ -746,6 +746,7 @@ public void createdScoped_clonedCredentialWithAddedScopes() {
                 .setQuotaProjectId("quotaProjectId")
                 .setClientId("clientId")
                 .setClientSecret("clientSecret")
+                .setUniverseDomain("universeDomain")
                 .build();
 
     List<String> newScopes = Arrays.asList("scope1", "scope2");
@@ -764,6 +765,8 @@ public void createdScoped_clonedCredentialWithAddedScopes() {
     assertEquals(credentials.getClientId(), newCredentials.getClientId());
     assertEquals(credentials.getClientSecret(), newCredentials.getClientSecret());
     assertEquals(newScopes, newCredentials.getScopes());
+    assertEquals(credentials.getUniverseDomain(), newCredentials.getUniverseDomain());
+    assertEquals("universeDomain", newCredentials.getUniverseDomain());
   }
 
   @Test
@@ -991,6 +994,7 @@ public void serialize() throws IOException, ClassNotFoundException {
                 .setQuotaProjectId("quotaProjectId")
                 .setClientId("clientId")
                 .setClientSecret("clientSecret")
+                .setUniverseDomain("universeDomain")
                 .setScopes(scopes)
                 .build();