feat: adds universe domain support for compute credentials

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -156,9 +156,7 @@ private ComputeEngineCredentials(ComputeEngineCredentials.Builder builder) {
   @Override
   public GoogleCredentials createScoped(Collection<String> newScopes) {
     ComputeEngineCredentials.Builder builder =
-        ComputeEngineCredentials.newBuilder()
-            .setHttpTransportFactory(transportFactory)
-            .setScopes(newScopes);
+        this.toBuilder().setHttpTransportFactory(transportFactory).setScopes(newScopes);
     return new ComputeEngineCredentials(builder);
   }
 
@@ -180,8 +178,7 @@ public GoogleCredentials createScoped(
    * @return new ComputeEngineCredentials
    */
   public static ComputeEngineCredentials create() {
-    ComputeEngineCredentials.Builder builder = ComputeEngineCredentials.newBuilder();
-    return new ComputeEngineCredentials(builder);
+    return new ComputeEngineCredentials(ComputeEngineCredentials.newBuilder());
   }
 
   public final Collection<String> getScopes() {
@@ -206,8 +203,8 @@ String createTokenUrlWithScopes() {
    *
    * <p>Returns an explicit universe domain if it was provided during credential initialization.
    *
-   * <p>Returns the {@link Credentials#GOOGLE_DEFAULT_UNIVERSE} if universe domain endpoint is
-   * unavailable or returns an empty string.
+   * <p>Returns the {@link Credentials#GOOGLE_DEFAULT_UNIVERSE} if universe domain endpoint is not
+   * found (404) or returns an empty string.
    *
    * <p>Otherwise, returns universe domain from GCE metadata service.
    *
@@ -220,18 +217,21 @@ String createTokenUrlWithScopes() {
    */
   @Override
   public String getUniverseDomain() throws IOException {
-    if (!isDefaultUniverseDomain()) {
+    if (isExplicitUniverseDomain()) {
       return super.getUniverseDomain();
     }
 
     synchronized (this) {
-      if (universeDomainFromMetadata != null) {
-        return universeDomainFromMetadata;
+      if (this.universeDomainFromMetadata != null) {
+        return this.universeDomainFromMetadata;
       }
+    }
 
-      universeDomainFromMetadata = getUniverseDomainFromMetadata();
-      return universeDomainFromMetadata;
+    String universeDomainFromMetadata = getUniverseDomainFromMetadata();
+    synchronized (this) {
+      this.universeDomainFromMetadata = universeDomainFromMetadata;
     }
+    return universeDomainFromMetadata;
   }
 
   private String getUniverseDomainFromMetadata() throws IOException {
@@ -250,6 +250,8 @@ private String getUniverseDomainFromMetadata() throws IOException {
       throw new GoogleAuthException(true, cause);
     }
     String responseString = response.parseAsString();
+
+    /* Earlier versions of MDS that supports universe_domain return empty string instead of GDU. */
     if (responseString.isEmpty()) {
       return Credentials.GOOGLE_DEFAULT_UNIVERSE;
     }
@@ -519,6 +521,9 @@ public boolean equals(Object obj) {
     if (!(obj instanceof ComputeEngineCredentials)) {
       return false;
     }
+    if (!super.equals(obj)) {
+      return false;
+    }
     ComputeEngineCredentials other = (ComputeEngineCredentials) obj;
     return Objects.equals(this.transportFactoryClassName, other.transportFactoryClassName)
         && Objects.equals(this.scopes, other.scopes)
@@ -623,6 +628,7 @@ protected Builder() {
     }
 
     protected Builder(ComputeEngineCredentials credentials) {
+      super(credentials);
       this.transportFactory = credentials.transportFactory;
       this.scopes = credentials.scopes;
     }
@@ -651,6 +657,12 @@ public Builder setUniverseDomain(String universeDomain) {
       return this;
     }
 
+    @CanIgnoreReturnValue
+    public Builder setQuotaProjectId(String quotaProjectId) {
+      super.quotaProjectId = quotaProjectId;
+      return this;
+    }
+
     public HttpTransportFactory getHttpTransportFactory() {
       return transportFactory;
     }

oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java

@@ -37,6 +37,7 @@
 import com.google.api.client.util.Preconditions;
 import com.google.auth.Credentials;
 import com.google.auth.http.HttpTransportFactory;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
 import com.google.common.base.MoreObjects.ToStringHelper;
 import com.google.common.collect.ImmutableList;
@@ -64,6 +65,7 @@ public class GoogleCredentials extends OAuth2Credentials implements QuotaProject
   static final String GDCH_SERVICE_ACCOUNT_FILE_TYPE = "gdch_service_account";
 
   private final String universeDomain;
+  private final boolean isExplicitUniverseDomain;
 
   protected final String quotaProjectId;
 
@@ -77,9 +79,20 @@ public class GoogleCredentials extends OAuth2Credentials implements QuotaProject
    * @return the credentials instance
    */
   public static GoogleCredentials create(AccessToken accessToken) {
+    return GoogleCredentials.newBuilder().setAccessToken(accessToken).build();
+  }
+
+  /**
+   * Returns the credentials instance from the given access token and universe domain.
+   *
+   * @param universeDomain the universe domain
+   * @param accessToken the access token
+   * @return the credentials instance
+   */
+  public static GoogleCredentials create(String universeDomain, AccessToken accessToken) {
     return GoogleCredentials.newBuilder()
         .setAccessToken(accessToken)
-        .setUniverseDomain(Credentials.GOOGLE_DEFAULT_UNIVERSE)
+        .setUniverseDomain(universeDomain)
         .build();
   }
 
@@ -233,6 +246,11 @@ public String getUniverseDomain() throws IOException {
     return this.universeDomain;
   }
 
+  @VisibleForTesting
+  protected boolean isExplicitUniverseDomain() {
+    return this.isExplicitUniverseDomain;
+  }
+
   /**
    * Checks if universe domain equals to {@link Credentials#GOOGLE_DEFAULT_UNIVERSE}.
    *
@@ -285,9 +303,10 @@ protected GoogleCredentials() {
    */
   @Deprecated
   protected GoogleCredentials(AccessToken accessToken, String quotaProjectId) {
-    super(accessToken);
-    this.quotaProjectId = quotaProjectId;
-    this.universeDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE;
+    this(
+        GoogleCredentials.newBuilder()
+            .setAccessToken(accessToken)
+            .setQuotaProjectId(quotaProjectId));
   }
 
   /**
@@ -312,8 +331,10 @@ protected GoogleCredentials(Builder builder) {
 
     if (builder.universeDomain == null || builder.universeDomain.trim().isEmpty()) {
       this.universeDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE;
+      this.isExplicitUniverseDomain = false;
     } else {
       this.universeDomain = builder.getUniverseDomain();
+      this.isExplicitUniverseDomain = true;
     }
   }
 
@@ -328,9 +349,11 @@ protected GoogleCredentials(Builder builder) {
   @Deprecated
   protected GoogleCredentials(
       AccessToken accessToken, Duration refreshMargin, Duration expirationMargin) {
-    super(accessToken, refreshMargin, expirationMargin);
-    this.quotaProjectId = null;
-    this.universeDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE;
+    this(
+        GoogleCredentials.newBuilder()
+            .setAccessToken(accessToken)
+            .setRefreshMargin(refreshMargin)
+            .setExpirationMargin(expirationMargin));
   }
 
   /**
@@ -344,7 +367,8 @@ protected ToStringHelper toStringHelper() {
     return MoreObjects.toStringHelper(this)
         .omitNullValues()
         .add("quotaProjectId", this.quotaProjectId)
-        .add("universeDomain", this.universeDomain);
+        .add("universeDomain", this.universeDomain)
+        .add("isExplicitUniverseDomain", this.isExplicitUniverseDomain);
   }
 
   @Override
@@ -359,12 +383,13 @@ public boolean equals(Object obj) {
     }
     GoogleCredentials other = (GoogleCredentials) obj;
     return Objects.equals(this.quotaProjectId, other.quotaProjectId)
-        && Objects.equals(this.universeDomain, other.universeDomain);
+        && Objects.equals(this.universeDomain, other.universeDomain)
+        && Objects.equals(this.isExplicitUniverseDomain, other.isExplicitUniverseDomain);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(this.quotaProjectId, this.universeDomain);
+    return Objects.hash(this.quotaProjectId, this.universeDomain, this.isExplicitUniverseDomain);
   }
 
   public static Builder newBuilder() {
@@ -454,9 +479,11 @@ public static class Builder extends OAuth2Credentials.Builder {
     protected Builder() {}
 
     protected Builder(GoogleCredentials credentials) {
-      setAccessToken(credentials.getAccessToken());
+      super(credentials);
       this.quotaProjectId = credentials.quotaProjectId;
-      this.universeDomain = credentials.universeDomain;
+      if (credentials.isExplicitUniverseDomain) {
+        this.universeDomain = credentials.universeDomain;
+      }
     }
 
     protected Builder(GoogleCredentials.Builder builder) {
@@ -494,5 +521,17 @@ public Builder setAccessToken(AccessToken token) {
       super.setAccessToken(token);
       return this;
     }
+
+    @CanIgnoreReturnValue
+    public Builder setExpirationMargin(Duration expirationMargin) {
+      super.setExpirationMargin(expirationMargin);
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    public Builder setRefreshMargin(Duration refreshMargin) {
+      super.setRefreshMargin(refreshMargin);
+      return this;
+    }
   }
 }