Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Application Default Credentials to get App/Compute Engine credentials #337

Merged
merged 8 commits into from
Nov 25, 2015
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add back AppEngineCredentials
Ajay Kannan committed Nov 24, 2015
commit 539ac61bfc31a544bb6ebf5a29d680bbaf618110
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -96,9 +96,9 @@ There are multiple ways to authenticate to use Google Cloud services.
`gcloud-java` looks for credentials in the following order, stopping once it finds credentials:

1. Credentials supplied when building the service options
2. Key file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
3. Google Cloud SDK credentials
4. App Engine credentials
2. App Engine credentials
3. Key file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
4. Google Cloud SDK credentials
5. Compute Engine credentials

Google Cloud Datastore
11 changes: 0 additions & 11 deletions gcloud-java-core/pom.xml
Original file line number Diff line number Diff line change
@@ -33,17 +33,6 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-appengine</artifactId>
<version>0.3.1</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava-jdk5</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client</artifactId>
Original file line number Diff line number Diff line change
@@ -19,6 +19,7 @@
import static com.google.common.base.Preconditions.checkNotNull;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.jackson.JacksonFactory;
@@ -38,6 +39,45 @@
*/
public abstract class AuthCredentials implements Restorable<AuthCredentials> {

private static class AppEngineAuthCredentials extends AuthCredentials {

private static final AuthCredentials INSTANCE = new AppEngineAuthCredentials();
private static final AppEngineAuthCredentialsState STATE =
new AppEngineAuthCredentialsState();

private static class AppEngineAuthCredentialsState
implements RestorableState<AuthCredentials>, Serializable {

private static final long serialVersionUID = 3558563960848658928L;

@Override
public AuthCredentials restore() {
return INSTANCE;
}

@Override
public int hashCode() {
return getClass().getName().hashCode();
}

@Override
public boolean equals(Object obj) {
return obj instanceof AppEngineAuthCredentialsState;
}
}

@Override
protected HttpRequestInitializer httpRequestInitializer(HttpTransport transport,
Set<String> scopes) {
return new AppIdentityCredential(scopes);
}

@Override
public RestorableState<AuthCredentials> capture() {
return STATE;
}
}

public static class ServiceAccountAuthCredentials extends AuthCredentials {

private final String account;
@@ -181,12 +221,16 @@ public RestorableState<AuthCredentials> capture() {
protected abstract HttpRequestInitializer httpRequestInitializer(HttpTransport transport,
Set<String> scopes);

public static AuthCredentials createForAppEngine() {
return AppEngineAuthCredentials.INSTANCE;
}

/**
* Returns the Application Default Credentials.
*
* <p>Returns the Application Default Credentials which are credentials that identify and
* authorize the whole application. This is the built-in service account if running on
* Google App/Compute Engine or the credentials file can be read from the path in the environment
* Google Compute Engine or the credentials file can be read from the path in the environment
* variable GOOGLE_APPLICATION_CREDENTIALS.
* </p>
*
Original file line number Diff line number Diff line change
@@ -356,6 +356,15 @@ protected boolean projectIdRequired() {
}

private static AuthCredentials defaultAuthCredentials() {
// Consider App Engine.
if (appEngineAppId() != null) {
try {
return AuthCredentials.createForAppEngine();
} catch (Exception ignore) {
// Maybe not on App Engine
}
}

try {
return AuthCredentials.createApplicationDefaults();
} catch (Exception ex) {
Original file line number Diff line number Diff line change
@@ -134,6 +134,7 @@ public class SerializationTest {
@Test
public void testServiceOptions() throws Exception {
DatastoreOptions options = DatastoreOptions.builder()
.authCredentials(AuthCredentials.createForAppEngine())
.normalizeDataset(false)
.projectId("ds1")
.build();
Original file line number Diff line number Diff line change
@@ -75,6 +75,7 @@ public class SerializationTest {
public void testServiceOptions() throws Exception {
StorageOptions options = StorageOptions.builder()
.projectId("p1")
.authCredentials(AuthCredentials.createForAppEngine())
.build();
StorageOptions serializedCopy = serializeAndDeserialize(options);
assertEquals(options, serializedCopy);