Allow ProjectId to be read from Service Account Configuration.

foxxtrot · neozwu · commit a0c42a4a75a1 · 2017-06-30T15:36:53.000-07:00
For Firebase, we are using the Service Account configuration file parsed by GoogleCredential to set many of the values needed. We wish to pull the ProjectId from the GoogleCredential, rather than requiring that developers supply it separately. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=121305912
diff --git a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java
@@ -271,6 +271,11 @@ public static GoogleCredential fromStream(InputStream credentialStream, HttpTran
    */
   private String serviceAccountId;
 
+  /**
+   * Service account Project ID or {@code null} if not using the service account flow.
+   */
+  private String serviceAccountProjectId;
+
   /**
    * Collection of OAuth scopes to use with the service account flow or {@code null} if not
    * using the service account flow.
@@ -318,6 +323,7 @@ protected GoogleCredential(Builder builder) {
           && builder.serviceAccountScopes == null && builder.serviceAccountUser == null);
     } else {
       serviceAccountId = Preconditions.checkNotNull(builder.serviceAccountId);
+      serviceAccountProjectId = builder.serviceAccountProjectId;
       serviceAccountScopes = Collections.unmodifiableCollection(builder.serviceAccountScopes);
       serviceAccountPrivateKey = builder.serviceAccountPrivateKey;
       serviceAccountPrivateKeyId = builder.serviceAccountPrivateKeyId;
@@ -397,6 +403,13 @@ public final String getServiceAccountId() {
     return serviceAccountId;
   }
 
+  /**
+   * Returns the service account Project ID or {@code null} if not using the service account flow.
+   */
+  public final String getServiceAccountProjectId() {
+    return serviceAccountProjectId;
+  }
+
   /**
    * Returns a collection of OAuth scopes to use with the service account flow or {@code null}
    * if not using the service account flow.
@@ -500,6 +513,9 @@ public static class Builder extends Credential.Builder {
     /** Id of the private key to use with the service account flow or {@code null} for none. */
     String serviceAccountPrivateKeyId;
 
+    /** Project Id associated with the Service Account */
+    String serviceAccountProjectId;
+
     /**
      * Email address of the user the application is trying to impersonate in the service account
      * flow or {@code null} for none.
@@ -582,6 +598,26 @@ public Builder setServiceAccountId(String serviceAccountId) {
       return this;
     }
 
+    /**
+     * Returns the service account Project ID or {@code null} for none.
+     */
+    public final String getServiceAccountProjectId() {
+      return serviceAccountProjectId;
+    }
+
+    /**
+     * Sets the service account Project ID or {@code null} for none.
+     *
+     * <p>
+     * Overriding is only supported for the purpose of calling the super implementation and changing
+     * the return type, but nothing else.
+     * </p>
+     */
+    public Builder setServiceAccountProjectId(String serviceAccountProjectId) {
+      this.serviceAccountProjectId = serviceAccountProjectId;
+      return this;
+    }
+
     /**
      * Returns a collection of OAuth scopes to use with the service account flow or {@code null}
      * for none.
@@ -777,12 +813,15 @@ private static GoogleCredential fromStreamUser(GenericJson fileContents, HttpTra
   private static GoogleCredential fromStreamServiceAccount(GenericJson fileContents,
       HttpTransport transport, JsonFactory jsonFactory) throws IOException {
     String clientId = (String) fileContents.get("client_id");
+    String projectId = (String) fileContents.get("project_id");
     String clientEmail = (String) fileContents.get("client_email");
     String privateKeyPem = (String) fileContents.get("private_key");
     String privateKeyId = (String) fileContents.get("private_key_id");
-    if (clientId == null || clientEmail == null || privateKeyPem == null || privateKeyId == null) {
+    if (clientId == null || projectId == null || clientEmail == null || privateKeyPem == null
+        || privateKeyId == null) {
       throw new IOException("Error reading service account credential from stream, "
-          + "expecting  'client_id', 'client_email', 'private_key' and 'private_key_id'.");
+          + "expecting  'client_id', 'project_id', 'client_email', 'private_key' and "
+          + "'private_key_id'.");
     }
 
     PrivateKey privateKey = privateKeyFromPkcs8(privateKeyPem);
diff --git a/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredentialTest.java b/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredentialTest.java
@@ -186,6 +186,7 @@ public void testFromStreamServiceAccount() throws IOException {
         "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
     final String serviceAccountEmail =
         "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     MockTokenServerTransport transport = new MockTokenServerTransport();
     transport.addServiceAccount(serviceAccountEmail, accessToken);
@@ -197,6 +198,7 @@ public void testFromStreamServiceAccount() throws IOException {
     serviceAccountContents.put("client_email", serviceAccountEmail);
     serviceAccountContents.put("private_key", SA_KEY_TEXT);
     serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     String json = serviceAccountContents.toPrettyString();
     InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
@@ -216,6 +218,7 @@ public void testFromStreamServiceAccountAlternateTokenUri() throws IOException {
         "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
     final String serviceAccountEmail =
         "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     final String tokenServerUrl = "http://another.auth.com/token";
     MockTokenServerTransport transport = new MockTokenServerTransport(tokenServerUrl);
@@ -228,6 +231,7 @@ public void testFromStreamServiceAccountAlternateTokenUri() throws IOException {
     serviceAccountContents.put("client_email", serviceAccountEmail);
     serviceAccountContents.put("private_key", SA_KEY_TEXT);
     serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     serviceAccountContents.put("token_uri", tokenServerUrl);
     String json = serviceAccountContents.toPrettyString();
@@ -247,6 +251,7 @@ public void testFromStreamServiceAccountAlternateTokenUri() throws IOException {
   public void testFromStreamServiceAccountMissingClientIdThrows() throws IOException {
     final String serviceAccountEmail =
         "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     MockHttpTransport transport = new MockTokenServerTransport();
 
@@ -256,6 +261,7 @@ public void testFromStreamServiceAccountMissingClientIdThrows() throws IOExcepti
     serviceAccountContents.put("client_email", serviceAccountEmail);
     serviceAccountContents.put("private_key", SA_KEY_TEXT);
     serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     String json = serviceAccountContents.toPrettyString();
     InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
@@ -271,6 +277,7 @@ public void testFromStreamServiceAccountMissingClientIdThrows() throws IOExcepti
   public void testFromStreamServiceAccountMissingClientEmailThrows() throws IOException {
     final String serviceAccountId =
         "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     MockHttpTransport transport = new MockTokenServerTransport();
 
@@ -280,6 +287,7 @@ public void testFromStreamServiceAccountMissingClientEmailThrows() throws IOExce
     serviceAccountContents.put("client_id", serviceAccountId);
     serviceAccountContents.put("private_key", SA_KEY_TEXT);
     serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     String json = serviceAccountContents.toPrettyString();
     InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
@@ -297,6 +305,7 @@ public void testFromStreamServiceAccountMissingPrivateKeyThrows() throws IOExcep
         "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
     final String serviceAccountEmail =
         "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     MockHttpTransport transport = new MockTokenServerTransport();
 
@@ -306,6 +315,7 @@ public void testFromStreamServiceAccountMissingPrivateKeyThrows() throws IOExcep
     serviceAccountContents.put("client_id", serviceAccountId);
     serviceAccountContents.put("client_email", serviceAccountEmail);
     serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     String json = serviceAccountContents.toPrettyString();
     InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
@@ -323,6 +333,7 @@ public void testFromStreamServiceAccountMissingPrivateKeyIdThrows() throws IOExc
         "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
     final String serviceAccountEmail =
         "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+    final String projectId = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr";
 
     MockHttpTransport transport = new MockTokenServerTransport();
 
@@ -332,6 +343,7 @@ public void testFromStreamServiceAccountMissingPrivateKeyIdThrows() throws IOExc
     serviceAccountContents.put("client_id", serviceAccountId);
     serviceAccountContents.put("client_email", serviceAccountEmail);
     serviceAccountContents.put("private_key", SA_KEY_TEXT);
+    serviceAccountContents.put("project_id", projectId);
     serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
     String json = serviceAccountContents.toPrettyString();
     InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
@@ -344,6 +356,33 @@ public void testFromStreamServiceAccountMissingPrivateKeyIdThrows() throws IOExc
     }
   }
 
+  public void testFromStreamServiceAccountMissingProjectIdThrows() throws IOException {
+    final String serviceAccountId =
+        "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
+    final String serviceAccountEmail =
+        "36680232662-vrd7ji19qgchd0ah2csanun6bnr@developer.gserviceaccount.com";
+
+    MockHttpTransport transport = new MockTokenServerTransport();
+
+    // Write out user file
+    GenericJson serviceAccountContents = new GenericJson();
+    serviceAccountContents.setFactory(JSON_FACTORY);
+    serviceAccountContents.put("client_id", serviceAccountId);
+    serviceAccountContents.put("client_email", serviceAccountEmail);
+    serviceAccountContents.put("private_key", SA_KEY_TEXT);
+    serviceAccountContents.put("private_key_id", SA_KEY_ID);
+    serviceAccountContents.put("type", GoogleCredential.SERVICE_ACCOUNT_FILE_TYPE);
+    String json = serviceAccountContents.toPrettyString();
+    InputStream serviceAccountStream = new ByteArrayInputStream(json.getBytes());
+
+    try {
+      GoogleCredential.fromStream(serviceAccountStream, transport, JSON_FACTORY);
+      fail();
+    } catch (IOException expected) {
+      assertTrue(expected.getMessage().contains("project_id"));
+    }
+  }
+
   public void testFromStreamUser() throws IOException {
     final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
     final String clientSecret = "jakuaL9YyieakhECKL2SwZcu";
