feat: ImpersonatedCredential supports universe domain.

Src/Support/Google.Apis.Auth.Tests/OAuth2/DefaultCredentialProviderTests.cs

@@ -273,7 +273,7 @@ public async Task GetDefaultCredential_ImpersonatedCredential_FromEnvironmentVar
 
             var impersonatedCredential = Assert.IsType<ImpersonatedCredential>(credential.UnderlyingCredential);
             Assert.Equal("service-account-email", impersonatedCredential.TargetPrincipal);
-            Assert.False(impersonatedCredential.HasCustomTokenUrl);
+            Assert.False(await impersonatedCredential.HasCustomTokenUrlCache.Value);
             Assert.Collection(impersonatedCredential.DelegateAccounts,
                 account => Assert.Equal("delegate-email-1", account),
                 account => Assert.Equal("delegate-email-2", account));

Src/Support/Google.Apis.Auth.Tests/OAuth2/ImpersonatedCredentialTests.cs

@@ -218,7 +218,7 @@ public async Task CreateWithCustomTokenUrl()
 
             Assert.Equal(customTokenUrl, impersonatedCredential.TokenServerUrl);
             Assert.Equal("principal", impersonatedCredential.TargetPrincipal);
-            Assert.True(impersonatedCredential.HasCustomTokenUrl);
+            Assert.True(await impersonatedCredential.HasCustomTokenUrlCache.Value);
 
             var success = await impersonatedCredential.RequestAccessTokenAsync(default);
             Assert.True(success);
@@ -237,7 +237,7 @@ public async Task CreateWithCustomTokenUrl_NullPrincipal()
 
             Assert.Equal(customTokenUrl, impersonatedCredential.TokenServerUrl);
             Assert.Null(impersonatedCredential.TargetPrincipal);
-            Assert.True(impersonatedCredential.HasCustomTokenUrl);
+            Assert.True(await impersonatedCredential.HasCustomTokenUrlCache.Value);
 
             var success = await impersonatedCredential.RequestAccessTokenAsync(default);
             Assert.True(success);
@@ -252,17 +252,111 @@ public async Task CreateWithCustomTokenUrl_NullPrincipal()
         public async Task CreateWithCustomTokenUrl_SameAsDefaultUrl()
         {
             string principal = "principal";
-            string customTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, principal);
+            string customTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, GoogleAuthConsts.DefaultUniverseDomain, principal);
             var impersonatedCredential = CreateImpersonatedCredentialWithAccessTokenResponse(customTokenUrl: customTokenUrl);
 
             Assert.Equal(customTokenUrl, impersonatedCredential.TokenServerUrl);
             Assert.Equal(principal, impersonatedCredential.TargetPrincipal);
-            Assert.False(impersonatedCredential.HasCustomTokenUrl);
+            Assert.False(await impersonatedCredential.HasCustomTokenUrlCache.Value);
 
             var success = await impersonatedCredential.RequestAccessTokenAsync(default);
             Assert.True(success);
             Assert.Equal(3600, impersonatedCredential.Token.ExpiresInSeconds);
             Assert.Equal("access_token", impersonatedCredential.Token.AccessToken);
         }
+
+        [Fact]
+        public async Task UniverseDomain_FromSourceCredential_Default()
+        {
+            string principal = "principal";
+
+            var credential = ImpersonatedCredential.Create(
+                CreateSourceCredential(),
+                new ImpersonatedCredential.Initializer(principal));
+            var googleCredential = credential as IGoogleCredential;
+
+            Assert.Equal(GoogleAuthConsts.DefaultUniverseDomain, await googleCredential.GetUniverseDomainAsync(default));
+            Assert.Equal(GoogleAuthConsts.DefaultUniverseDomain, googleCredential.GetUniverseDomain());
+
+            string expectedTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, GoogleAuthConsts.DefaultUniverseDomain, principal);
+
+            Assert.Null(credential.TokenServerUrl);
+            Assert.False(await credential.HasCustomTokenUrlCache.Value);
+            Assert.Equal(expectedTokenUrl, await credential.EffectiveTokenUrlCache.Value);
+        }
+
+        [Fact]
+        public async Task UniverseDomain_FromSourceCredential_Custom()
+        {
+            string principal = "principal";
+            string universeDomain = "universe.domain.com";
+
+            var sourceCredential = GoogleCredential.FromComputeCredential(new ComputeCredential(new ComputeCredential.Initializer()
+            {
+                UniverseDomain = universeDomain
+            }));
+
+            var credential = ImpersonatedCredential.Create(
+                sourceCredential,
+                new ImpersonatedCredential.Initializer(principal));
+            var googleCredential = credential as IGoogleCredential;
+
+            Assert.Equal(universeDomain, await googleCredential.GetUniverseDomainAsync(default));
+            Assert.Equal(universeDomain, googleCredential.GetUniverseDomain());
+
+            string expectedTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, universeDomain, principal);
+
+            Assert.Null(credential.TokenServerUrl);
+            Assert.False(await credential.HasCustomTokenUrlCache.Value);
+            Assert.Equal(expectedTokenUrl, await credential.EffectiveTokenUrlCache.Value);
+        }
+
+        [Fact]
+        public async Task WithUniverseDomain()
+        {
+            string principal = "principal";
+            string universeDomain1 = "universe1.domain.com";
+            string universeDomain2 = "universe2.domain.com";
+
+            var sourceCredential = GoogleCredential.FromComputeCredential(new ComputeCredential(new ComputeCredential.Initializer()
+            {
+                UniverseDomain = universeDomain1
+            }));
+
+            var credential = ImpersonatedCredential.Create(
+                sourceCredential,
+                new ImpersonatedCredential.Initializer(principal));
+            var googleCredential = credential as IGoogleCredential;
+
+            var newGoogleCredential = googleCredential.WithUniverseDomain(universeDomain2) ;
+
+            var newCredential = Assert.IsType<ImpersonatedCredential>(newGoogleCredential);
+            Assert.NotSame(credential, newCredential);
+
+            Assert.NotSame(credential.SourceCredential, newCredential.SourceCredential);
+            var newSourceCredential = Assert.IsType<GoogleCredential>(newCredential.SourceCredential);
+            Assert.IsType<ComputeCredential>(newSourceCredential.UnderlyingCredential);
+
+            Assert.Equal(universeDomain1, await credential.SourceCredential.GetUniverseDomainAsync(default));
+            Assert.Equal(universeDomain2, await newCredential.SourceCredential.GetUniverseDomainAsync(default));
+
+            Assert.Equal(universeDomain1, await googleCredential.GetUniverseDomainAsync(default));
+            Assert.Equal(universeDomain1, googleCredential.GetUniverseDomain());
+
+            Assert.Equal(universeDomain2, await newGoogleCredential.GetUniverseDomainAsync(default));
+            Assert.Equal(universeDomain2, newGoogleCredential.GetUniverseDomain());
+
+            string expectedTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, universeDomain1, principal);
+
+            Assert.Null(credential.TokenServerUrl);
+            Assert.False(await credential.HasCustomTokenUrlCache.Value);
+            Assert.Equal(expectedTokenUrl, await credential.EffectiveTokenUrlCache.Value);
+
+            string newExpectedTokenUrl = string.Format(GoogleAuthConsts.IamAccessTokenEndpointFormatString, universeDomain2, principal);
+
+            Assert.Null(newCredential.TokenServerUrl);
+            Assert.False(await newCredential.HasCustomTokenUrlCache.Value);
+            Assert.Equal(newExpectedTokenUrl, await newCredential.EffectiveTokenUrlCache.Value);
+        }
     }
 }