From 03b980bc64d447548900bf8812c427079ff36966 Mon Sep 17 00:00:00 2001
From: Igor_Filippov <Igor_Filippov@epam.com>
Date: Fri, 28 May 2021 17:06:16 +0300
Subject: [PATCH] iamCredentials added
---
provider/indexer-gcp/pom.xml | 2 +-
.../util/ServiceAccountJwtGcpClientImpl.java | 53 +++++++------------
.../ServiceAccountJwtGcpClientImplTest.java | 36 +++++++------
3 files changed, 40 insertions(+), 51 deletions(-)
diff --git a/provider/indexer-gcp/pom.xml b/provider/indexer-gcp/pom.xml
index c1d847eae..c77d9f8e3 100644
--- a/provider/indexer-gcp/pom.xml
+++ b/provider/indexer-gcp/pom.xml
@@ -25,7 +25,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-gcp</artifactId>
- <version>0.9.0-SNAPSHOT</version>
+ <version>0.15.0-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImpl.java b/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImpl.java
index 2d0c77f76..31477a2a1 100644
--- a/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImpl.java
+++ b/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImpl.java
@@ -16,15 +16,12 @@ package org.opengroup.osdu.indexer.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
-import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
-import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.services.iam.v1.Iam;
-import com.google.api.services.iam.v1.IamScopes;
-import com.google.api.services.iam.v1.model.SignJwtRequest;
-import com.google.api.services.iam.v1.model.SignJwtResponse;
+import com.google.cloud.iam.credentials.v1.IamCredentialsClient;
+import com.google.cloud.iam.credentials.v1.ServiceAccountName;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import org.apache.http.HttpHeaders;
@@ -63,11 +60,11 @@ import java.util.Map;
public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient {
private static final String JWT_AUDIENCE = "https://www.googleapis.com/oauth2/v4/token";
- private static final String SERVICE_ACCOUNT_NAME_FORMAT = "projects/%s/serviceAccounts/%s";
+ private static final String SERVICE_ACCOUNT_NAME_FORMAT = "projects/-/serviceAccounts/%s";
private final JsonFactory jsonFactory = new JacksonFactory();
- private Iam iam;
+ private IamCredentialsClient iam;
@Inject
private ITenantFactory tenantInfoServiceProvider;
@@ -100,13 +97,17 @@ public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient
// Getting signed JWT
Map<String, Object> signJwtPayload = this.getJWTCreationPayload(tenant);
- SignJwtRequest signJwtRequest = new SignJwtRequest();
- signJwtRequest.setPayload(jsonFactory.toString(signJwtPayload));
-
- String serviceAccountName = String.format(SERVICE_ACCOUNT_NAME_FORMAT, tenant.getProjectId(), tenant.getServiceAccount());
-
- Iam.Projects.ServiceAccounts.SignJwt signJwt = this.getIam().projects().serviceAccounts().signJwt(serviceAccountName, signJwtRequest);
- SignJwtResponse signJwtResponse = signJwt.execute();
+ ServiceAccountName name = ServiceAccountName.parse(String.format(SERVICE_ACCOUNT_NAME_FORMAT,
+ tenant.getServiceAccount()));
+ List<String> delegates = new ArrayList<>();
+ delegates.add(tenant.getServiceAccount());
+
+ SignJwtRequest request = SignJwtRequest.newBuilder()
+ .setName(name.toString())
+ .addAllDelegates(delegates)
+ .setPayload(jsonFactory.toString(signJwtPayload))
+ .build();
+ SignJwtResponse signJwtResponse = this.getIamCredentialsClient().signJwt(request);
String signedJwt = signJwtResponse.getSignedJwt();
// Getting id token
@@ -143,26 +144,10 @@ public class ServiceAccountJwtGcpClientImpl implements IServiceAccountJwtClient
}
}
- public Iam getIam() throws Exception {
-
+ public IamCredentialsClient getIamCredentialsClient() throws Exception {
if (this.iam == null) {
- HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
-
- // Authenticate using Google Application Default Credentials.
- GoogleCredential credential = GoogleCredential.getApplicationDefault();
- if (credential.createScopedRequired()) {
- List<String> scopes = new ArrayList<>();
- // Enable full Cloud Platform scope.
- scopes.add(IamScopes.CLOUD_PLATFORM);
- credential = credential.createScoped(scopes);
- }
-
- // Create IAM API object associated with the authenticated transport.
- this.iam = new Iam.Builder(httpTransport, jsonFactory, credential)
- .setApplicationName(properties.getIndexerHost())
- .build();
+ this.iam = IamCredentialsClient.create();
}
-
return this.iam;
}
diff --git a/provider/indexer-gcp/src/test/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImplTest.java b/provider/indexer-gcp/src/test/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImplTest.java
index 1089d7dba..5a5446e66 100644
--- a/provider/indexer-gcp/src/test/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImplTest.java
+++ b/provider/indexer-gcp/src/test/java/org/opengroup/osdu/indexer/util/ServiceAccountJwtGcpClientImplTest.java
@@ -17,8 +17,11 @@ package org.opengroup.osdu.indexer.util;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
-import com.google.api.services.iam.v1.Iam;
-import com.google.api.services.iam.v1.model.SignJwtResponse;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.iam.credentials.v1.IamCredentialsClient;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStub;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.impl.client.CloseableHttpClient;
@@ -31,6 +34,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
+import org.mockito.Mockito;
import org.mockito.Spy;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.core.common.model.http.AppException;
@@ -40,6 +44,7 @@ import org.opengroup.osdu.core.common.model.search.IdToken;
import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
import org.opengroup.osdu.indexer.config.IndexerConfigurationProperties;
import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.reflect.Whitebox;
import org.springframework.test.context.junit4.SpringRunner;
import static org.junit.Assert.fail;
@@ -49,7 +54,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
@Ignore
@RunWith(SpringRunner.class)
-@PrepareForTest({GoogleNetHttpTransport.class, GoogleCredential.class, NetHttpTransport.class, SignJwtResponse.class, Iam.Builder.class, HttpClients.class, EntityUtils.class, IndexerConfigurationProperties.class})
+@PrepareForTest({GoogleNetHttpTransport.class, GoogleCredential.class, NetHttpTransport.class, SignJwtResponse.class, HttpClients.class, EntityUtils.class, IndexerConfigurationProperties.class})
public class ServiceAccountJwtGcpClientImplTest {
private static final String JWT_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1UVXlPREE0TXpFd09BPT0ifQ.eyJzdWIiOiJtemh1OUBzbGIuY29tIiwiaXNzIjoic2F1dGgtcHJldmlldy5zbGIuY29tIiwiYXVkIjoidGVzdC1zbGJkZXYtZGV2cG9ydGFsLnNsYmFwcC5jb20iLCJpYXQiOjE1MjgxNDg5MTUsImV4cCI6MTUyODIzNTMxNSwicHJvdmlkZXIiOiJzbGIuY29tIiwiY2xpZW50IjoidGVzdC1zbGJkZXYtZGV2cG9ydGFsLnNsYmFwcC5jb20iLCJ1c2VyaWQiOiJtemh1OUBzbGIuY29tIiwiZW1haWwiOiJtemh1OUBzbGIuY29tIiwiYXV0aHoiOiJ7XCJhY2NvdW50Q291bnRyeVwiOntcImNvZGVcIjpcInVzXCIsXCJpZFwiOjU3MTU5OTkxMDE4MTI3MzYsXCJuYW1lXCI6XCJVbml0ZWQgU3RhdGVzIG9mIEFtZXJpY2FcIn0sXCJhY2NvdW50SWRcIjo1NjkxODc4ODMzOTEzODU2LFwiYWNjb3VudE5hbWVcIjpcIlNJUyBJbnRlcm5hbCBIUVwiLFwiY3JlYXRlZFwiOlwiMjAxOC0wNS0wM1QxNzoyNTo1NS40NDNaXCIsXCJkZXBhcnRtZW50TWFuYWdlclwiOm51bGwsXCJzdWJzY3JpcHRpb25zXCI6W3tcImFjY291bnRJZFwiOjU2OTE4Nzg4MzM5MTM4NTYsXCJjb250cmFjdElkXCI6NTc1MTcwMDIxMjE1NDM2OCxcImNyZWF0ZWRcIjpcIjIwMTgtMDUtMDNUMTc6MzM6MDkuNTczWlwiLFwiY3JtQ29udHJhY3RJZFwiOlwiU0lTLUlOVEVSTkFMLUhRLVFBXCIsXCJjcm1Db250cmFjdEl0ZW1JZFwiOlwiZGV2bGlcIixcImV4cGlyYXRpb25cIjpcIjE5NzAtMDEtMDFUMDA6MDA6MDAuMDAwWlwiLFwiaWRcIjo1MDc5Mjg4NTA0MTIzMzkyLFwicHJvZHVjdFwiOntcImNvZGVcIjpcImRldmVsb3Blci1saWdodFwiLFwiY29tY2F0TmFtZVwiOlwiTm90IGluIENvbUNhdFwiLFwiZmVhdHVyZVNldHNcIjpbe1wiYXBwbGljYXRpb25cIjp7XCJjb2RlXCI6XCJhcGlkZXZlbG9wZXJwb3J0YWxcIixcImlkXCI6NTE2ODkzMDY5NTkzODA0OCxcIm5hbWVcIjpcIkFQSSBEZXZlbG9wZXIgUG9ydGFsXCIsXCJ0eXBlXCI6XCJXZWJBcHBcIn0sXCJjbGFpbXNcIjpudWxsLFwiaWRcIjo1MTkxNTcyMjg3MTI3NTUyLFwibmFtZVwiOlwiRGV2ZWxvcGVyXCIsXCJ0eXBlXCI6XCJCQVNFXCJ9XSxcImlkXCI6NTE1MDczMDE1MTI2NDI1NixcIm5hbWVcIjpcIkRldmVsb3BlciBQb3J0YWxcIixcInBhcnROdW1iZXJcIjpcIlNERUwtUEItU1VCVVwifX1dLFwidXNlckVtYWlsXCI6XCJtemh1OUBzbGIuY29tXCIsXCJ1c2VyTmFtZVwiOlwiTWluZ3lhbmcgWmh1XCJ9XG4iLCJsYXN0bmFtZSI6IlpodSIsImZpcnN0bmFtZSI6Ik1pbmd5YW5nIiwiY291bnRyeSI6IiIsImNvbXBhbnkiOiIiLCJqb2J0aXRsZSI6IiIsInN1YmlkIjoiNDE3YjczMjktYmMwNy00OTFmLWJiYzQtZTQ1YjRhMWFiYjVjLVd3U0c0dyIsImlkcCI6ImNvcnAyIiwiaGQiOiJzbGIuY29tIn0.WQfGr1Xu-6IdaXdoJ9Fwzx8O2el1UkFPWo1vk_ujiAfdOjAR46UG5SrBC7mzC7gYRyK3a4fimBmbv3uRVJjTNXdxXRLZDw0SvXUMIOqjUGLom491ESbrtka_Xz7vGO-tWyDcEQDTfFzQ91LaVN7XdzL18_EDTXZoPhKb-zquyk9WLQxP9Mw-3Yh-UrbvC9nl1-GRn1IVbzp568kqkpOVUFM9alYSGw-oMGDZNt1DIYOJnpGaw2RB5B3AKvNivZH_Xdac7ZTzQbsDOt8B8DL2BphuxcJ9jshCJkM2SHQ15uErv8sfnzMwdF08e_0QcC_30I8eX9l8yOu6TnwwqlXunw";
@@ -63,15 +68,11 @@ public class ServiceAccountJwtGcpClientImplTest {
@Mock
private NetHttpTransport httpTransport;
@Mock
- private SignJwtResponse signJwtResponse;
+ private IamCredentialsClient iam;
@Mock
- private Iam iam;
+ private IamCredentialsStub iamCredentialsStub;
@Mock
- private Iam.Projects iamProject;
- @Mock
- private Iam.Projects.ServiceAccounts iamProjectServiceAccounts;
- @Mock
- private Iam.Projects.ServiceAccounts.SignJwt signJwt;
+ private UnaryCallable<SignJwtRequest, SignJwtResponse> unaryCallable;
@Mock
private CloseableHttpClient httpClient;
@Mock
@@ -109,12 +110,15 @@ public class ServiceAccountJwtGcpClientImplTest {
tenantInfo.setServiceAccount("tenant");
// when(this.tenantInfoService.getTenantInfo()).thenReturn(tenantInfo);
- when(this.sut.getIam()).thenReturn(iam);
- when(this.iam.projects()).thenReturn(iamProject);
- when(this.iamProject.serviceAccounts()).thenReturn(iamProjectServiceAccounts);
- when(this.iamProjectServiceAccounts.signJwt(any(), any())).thenReturn(signJwt);
- when(this.signJwt.execute()).thenReturn(signJwtResponse);
- when(this.signJwtResponse.getSignedJwt()).thenReturn("testJwt");
+ when(this.sut.getIamCredentialsClient()).thenReturn(iam);
+ Whitebox.setInternalState(iam, "stub", iamCredentialsStub);
+
+ SignJwtResponse signJwtResponse = SignJwtResponse.getDefaultInstance();
+ SignJwtRequest signJwtRequest = SignJwtRequest.newBuilder().build();
+
+ when(iamCredentialsStub.signJwtCallable()).thenReturn(unaryCallable);
+ when(unaryCallable.call(any())).thenReturn(signJwtResponse);
+ when(iam.signJwt(signJwtRequest)).thenReturn(signJwtResponse);
}
--
GitLab