iamCredentials added

provider/indexer-gcp/pom.xml

@@ -25,7 +25,7 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-gcp</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>0.15.0-SNAPSHOT</version>
         </dependency>
 
         <dependency>

provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImpl.java

@@ -16,15 +16,12 @@ package org.opengroup.osdu.indexer.util;
 
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
-import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
-import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.services.iam.v1.Iam;
-import com.google.api.services.iam.v1.IamScopes;
-import com.google.api.services.iam.v1.model.SignJwtRequest;
-import com.google.api.services.iam.v1.model.SignJwtResponse;
+import com.google.cloud.iam.credentials.v1.IamCredentialsClient;
+import com.google.cloud.iam.credentials.v1.ServiceAccountName;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import org.apache.http.HttpHeaders;
@@ -63,11 +60,11 @@ import java.util.Map;
 public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient {
 
     private static final String JWT_AUDIENCE = "https://www.googleapis.com/oauth2/v4/token";
-    private static final String SERVICE_ACCOUNT_NAME_FORMAT = "projects/%s/serviceAccounts/%s";
+    private static final String SERVICE_ACCOUNT_NAME_FORMAT = "projects/-/serviceAccounts/%s";
 
     private final JsonFactory jsonFactory = new JacksonFactory();
 
-    private Iam iam;
+    private IamCredentialsClient iam;
 
     @Inject
     private ITenantFactory tenantInfoServiceProvider;
@@ -100,13 +97,17 @@ public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient
             // Getting signed JWT
             Map<String, Object> signJwtPayload = this.getJWTCreationPayload(tenant);
 
-            SignJwtRequest signJwtRequest = new SignJwtRequest();
-            signJwtRequest.setPayload(jsonFactory.toString(signJwtPayload));
-
-            String serviceAccountName = String.format(SERVICE_ACCOUNT_NAME_FORMAT, tenant.getProjectId(), tenant.getServiceAccount());
-
-            Iam.Projects.ServiceAccounts.SignJwt signJwt = this.getIam().projects().serviceAccounts().signJwt(serviceAccountName, signJwtRequest);
-            SignJwtResponse signJwtResponse = signJwt.execute();
+            ServiceAccountName name = ServiceAccountName.parse(String.format(SERVICE_ACCOUNT_NAME_FORMAT,
+                tenant.getServiceAccount()));
+            List<String> delegates = new ArrayList<>();
+            delegates.add(tenant.getServiceAccount());
+
+            SignJwtRequest request = SignJwtRequest.newBuilder()
+                .setName(name.toString())
+                .addAllDelegates(delegates)
+                .setPayload(jsonFactory.toString(signJwtPayload))
+                .build();
+            SignJwtResponse signJwtResponse = this.getIamCredentialsClient().signJwt(request);
             String signedJwt = signJwtResponse.getSignedJwt();
 
             // Getting id token
@@ -143,26 +144,10 @@ public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient
         }
     }
 
-    public Iam getIam() throws Exception {
-
+    public IamCredentialsClient getIamCredentialsClient() throws Exception {
         if (this.iam == null) {
-            HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
-
-            // Authenticate using Google Application Default Credentials.
-            GoogleCredential credential = GoogleCredential.getApplicationDefault();
-            if (credential.createScopedRequired()) {
-                List<String> scopes = new ArrayList<>();
-                // Enable full Cloud Platform scope.
-                scopes.add(IamScopes.CLOUD_PLATFORM);
-                credential = credential.createScoped(scopes);
-            }
-
-            // Create IAM API object associated with the authenticated transport.
-            this.iam = new Iam.Builder(httpTransport, jsonFactory, credential)
-                    .setApplicationName(properties.getIndexerHost())
-                    .build();
+            this.iam = IamCredentialsClient.create();
         }
-
         return this.iam;
     }
 

provider/indexer-gcp/src/test/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImplTest.java

@@ -17,8 +17,11 @@ package org.opengroup.osdu.indexer.util;
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
 import com.google.api.client.http.javanet.NetHttpTransport;
-import com.google.api.services.iam.v1.Iam;
-import com.google.api.services.iam.v1.model.SignJwtResponse;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.iam.credentials.v1.IamCredentialsClient;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStub;
 import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -31,6 +34,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
+import org.mockito.Mockito;
 import org.mockito.Spy;
 import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
 import org.opengroup.osdu.core.common.model.http.AppException;
@@ -40,6 +44,7 @@ import org.opengroup.osdu.core.common.model.search.IdToken;
 import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
 import org.opengroup.osdu.indexer.config.IndexerConfigurationProperties;
 import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.reflect.Whitebox;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.junit.Assert.fail;
@@ -49,7 +54,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
 
 @Ignore
 @RunWith(SpringRunner.class)
-@PrepareForTest({GoogleNetHttpTransport.class, GoogleCredential.class, NetHttpTransport.class, SignJwtResponse.class, Iam.Builder.class, HttpClients.class, EntityUtils.class, IndexerConfigurationProperties.class})
+@PrepareForTest({GoogleNetHttpTransport.class, GoogleCredential.class, NetHttpTransport.class, SignJwtResponse.class, HttpClients.class, EntityUtils.class, IndexerConfigurationProperties.class})
 public class ServiceAccountJwtGcpClientImplTest {
 
     private static final String JWT_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1UVXlPREE0TXpFd09BPT0ifQ.eyJzdWIiOiJtemh1OUBzbGIuY29tIiwiaXNzIjoic2F1dGgtcHJldmlldy5zbGIuY29tIiwiYXVkIjoidGVzdC1zbGJkZXYtZGV2cG9ydGFsLnNsYmFwcC5jb20iLCJpYXQiOjE1MjgxNDg5MTUsImV4cCI6MTUyODIzNTMxNSwicHJvdmlkZXIiOiJzbGIuY29tIiwiY2xpZW50IjoidGVzdC1zbGJkZXYtZGV2cG9ydGFsLnNsYmFwcC5jb20iLCJ1c2VyaWQiOiJtemh1OUBzbGIuY29tIiwiZW1haWwiOiJtemh1OUBzbGIuY29tIiwiYXV0aHoiOiJ7XCJhY2NvdW50Q291bnRyeVwiOntcImNvZGVcIjpcInVzXCIsXCJpZFwiOjU3MTU5OTkxMDE4MTI3MzYsXCJuYW1lXCI6XCJVbml0ZWQgU3RhdGVzIG9mIEFtZXJpY2FcIn0sXCJhY2NvdW50SWRcIjo1NjkxODc4ODMzOTEzODU2LFwiYWNjb3VudE5hbWVcIjpcIlNJUyBJbnRlcm5hbCBIUVwiLFwiY3JlYXRlZFwiOlwiMjAxOC0wNS0wM1QxNzoyNTo1NS40NDNaXCIsXCJkZXBhcnRtZW50TWFuYWdlclwiOm51bGwsXCJzdWJzY3JpcHRpb25zXCI6W3tcImFjY291bnRJZFwiOjU2OTE4Nzg4MzM5MTM4NTYsXCJjb250cmFjdElkXCI6NTc1MTcwMDIxMjE1NDM2OCxcImNyZWF0ZWRcIjpcIjIwMTgtMDUtMDNUMTc6MzM6MDkuNTczWlwiLFwiY3JtQ29udHJhY3RJZFwiOlwiU0lTLUlOVEVSTkFMLUhRLVFBXCIsXCJjcm1Db250cmFjdEl0ZW1JZFwiOlwiZGV2bGlcIixcImV4cGlyYXRpb25cIjpcIjE5NzAtMDEtMDFUMDA6MDA6MDAuMDAwWlwiLFwiaWRcIjo1MDc5Mjg4NTA0MTIzMzkyLFwicHJvZHVjdFwiOntcImNvZGVcIjpcImRldmVsb3Blci1saWdodFwiLFwiY29tY2F0TmFtZVwiOlwiTm90IGluIENvbUNhdFwiLFwiZmVhdHVyZVNldHNcIjpbe1wiYXBwbGljYXRpb25cIjp7XCJjb2RlXCI6XCJhcGlkZXZlbG9wZXJwb3J0YWxcIixcImlkXCI6NTE2ODkzMDY5NTkzODA0OCxcIm5hbWVcIjpcIkFQSSBEZXZlbG9wZXIgUG9ydGFsXCIsXCJ0eXBlXCI6XCJXZWJBcHBcIn0sXCJjbGFpbXNcIjpudWxsLFwiaWRcIjo1MTkxNTcyMjg3MTI3NTUyLFwibmFtZVwiOlwiRGV2ZWxvcGVyXCIsXCJ0eXBlXCI6XCJCQVNFXCJ9XSxcImlkXCI6NTE1MDczMDE1MTI2NDI1NixcIm5hbWVcIjpcIkRldmVsb3BlciBQb3J0YWxcIixcInBhcnROdW1iZXJcIjpcIlNERUwtUEItU1VCVVwifX1dLFwidXNlckVtYWlsXCI6XCJtemh1OUBzbGIuY29tXCIsXCJ1c2VyTmFtZVwiOlwiTWluZ3lhbmcgWmh1XCJ9XG4iLCJsYXN0bmFtZSI6IlpodSIsImZpcnN0bmFtZSI6Ik1pbmd5YW5nIiwiY291bnRyeSI6IiIsImNvbXBhbnkiOiIiLCJqb2J0aXRsZSI6IiIsInN1YmlkIjoiNDE3YjczMjktYmMwNy00OTFmLWJiYzQtZTQ1YjRhMWFiYjVjLVd3U0c0dyIsImlkcCI6ImNvcnAyIiwiaGQiOiJzbGIuY29tIn0.WQfGr1Xu-6IdaXdoJ9Fwzx8O2el1UkFPWo1vk_ujiAfdOjAR46UG5SrBC7mzC7gYRyK3a4fimBmbv3uRVJjTNXdxXRLZDw0SvXUMIOqjUGLom491ESbrtka_Xz7vGO-tWyDcEQDTfFzQ91LaVN7XdzL18_EDTXZoPhKb-zquyk9WLQxP9Mw-3Yh-UrbvC9nl1-GRn1IVbzp568kqkpOVUFM9alYSGw-oMGDZNt1DIYOJnpGaw2RB5B3AKvNivZH_Xdac7ZTzQbsDOt8B8DL2BphuxcJ9jshCJkM2SHQ15uErv8sfnzMwdF08e_0QcC_30I8eX9l8yOu6TnwwqlXunw";
@@ -63,15 +68,11 @@ public class ServiceAccountJwtGcpClientImplTest {
     @Mock
     private NetHttpTransport httpTransport;
     @Mock
-    private SignJwtResponse signJwtResponse;
+    private IamCredentialsClient iam;
     @Mock
-    private Iam iam;
+    private IamCredentialsStub iamCredentialsStub;
     @Mock
-    private Iam.Projects iamProject;
-    @Mock
-    private Iam.Projects.ServiceAccounts iamProjectServiceAccounts;
-    @Mock
-    private Iam.Projects.ServiceAccounts.SignJwt signJwt;
+    private UnaryCallable<SignJwtRequest, SignJwtResponse> unaryCallable;
     @Mock
     private CloseableHttpClient httpClient;
     @Mock
@@ -109,12 +110,15 @@ public class ServiceAccountJwtGcpClientImplTest {
         tenantInfo.setServiceAccount("tenant");
 //        when(this.tenantInfoService.getTenantInfo()).thenReturn(tenantInfo);
 
-        when(this.sut.getIam()).thenReturn(iam);
-        when(this.iam.projects()).thenReturn(iamProject);
-        when(this.iamProject.serviceAccounts()).thenReturn(iamProjectServiceAccounts);
-        when(this.iamProjectServiceAccounts.signJwt(any(), any())).thenReturn(signJwt);
-        when(this.signJwt.execute()).thenReturn(signJwtResponse);
-        when(this.signJwtResponse.getSignedJwt()).thenReturn("testJwt");
+        when(this.sut.getIamCredentialsClient()).thenReturn(iam);
+        Whitebox.setInternalState(iam, "stub", iamCredentialsStub);
+
+        SignJwtResponse signJwtResponse = SignJwtResponse.getDefaultInstance();
+        SignJwtRequest signJwtRequest = SignJwtRequest.newBuilder().build();
+
+        when(iamCredentialsStub.signJwtCallable()).thenReturn(unaryCallable);
+        when(unaryCallable.call(any())).thenReturn(signJwtResponse);
+        when(iam.signJwt(signJwtRequest)).thenReturn(signJwtResponse);
 
     }