fix: Simplify call to directly retrieve the default service account from MDS

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -69,7 +69,6 @@
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
-import java.util.Map;
 import java.util.Objects;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -117,7 +116,7 @@
   private static final String LINUX = "linux";
 
   private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
   private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
   private static final long serialVersionUID = -4113476462526554235L;
 
   private final String transportFactoryClassName;
@@ -471,7 +470,7 @@
         requestMessage = "Sending request to refresh access token";
         responseMessage = "Received response for refresh access token";
       } else {
         // TODO: this includes get universe domain and get default sa.
         // refactor for more clear logging message.
         requestMessage = "Sending request for universe domain/default service account";
         responseMessage = "Received response for universe domain/default service account";
@@ -539,7 +538,7 @@
 
   @VisibleForTesting
   static boolean checkProductNameOnLinux(BufferedReader reader) throws IOException {
     String name = reader.readLine().trim();
     return name.startsWith(GOOGLE);
   }
 
@@ -632,6 +631,12 @@
         + "/computeMetadata/v1/instance/service-accounts/?recursive=true";
   }
 
+  /** Url to retrieve the default service account entry from the Metadata Server. */
+  static String getDefaultServiceAccountUrl() {
+    return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT)
+        + "/computeMetadata/v1/instance/service-accounts/default/email";
+  }
+
   public static String getIdentityDocumentUrl() {
     return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT)
         + "/computeMetadata/v1/instance/service-accounts/default/identity";
@@ -733,7 +738,7 @@
 
   private String getDefaultServiceAccount() throws IOException {
     HttpResponse response =
-        getMetadataResponse(getServiceAccountsUrl(), RequestType.UNTRACKED, false);
+        getMetadataResponse(getDefaultServiceAccountUrl(), RequestType.UNTRACKED, false);
     int statusCode = response.getStatusCode();
     if (statusCode == HttpStatusCodes.STATUS_CODE_NOT_FOUND) {
       throw new IOException(
@@ -756,12 +761,7 @@
       // Mock transports will have success code with empty content by default.
       throw new IOException(METADATA_RESPONSE_EMPTY_CONTENT_ERROR_MESSAGE);
     }
-    GenericData responseData = response.parseAs(GenericData.class);
-    LoggingUtils.logResponsePayload(
-        responseData, LOGGER_PROVIDER, "Received default service account payload");
-    Map<String, Object> defaultAccount =
-        OAuth2Utils.validateMap(responseData, "default", PARSE_ERROR_ACCOUNT);
-    return OAuth2Utils.validateString(defaultAccount, "email", PARSE_ERROR_ACCOUNT);
+    return response.parseAsString();
   }
 
   public static class Builder extends GoogleCredentials.Builder {

oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java

@@ -590,7 +590,7 @@
         new MockMetadataServerTransport() {
           @Override
           public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
-            if (isGetServiceAccountsUrl(url)) {
+            if (isGetDefaultServiceAccountsUrl(url)) {
               return new MockLowLevelHttpRequest(url) {
                 @Override
                 public LowLevelHttpResponse execute() throws IOException {
@@ -626,7 +626,7 @@
         new MockMetadataServerTransport() {
           @Override
           public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
-            if (isGetServiceAccountsUrl(url)) {
+            if (isGetDefaultServiceAccountsUrl(url)) {
               return new MockLowLevelHttpRequest(url) {
                 @Override
                 public LowLevelHttpResponse execute() throws IOException {
@@ -798,7 +798,7 @@
         ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
 
     IOException exception =
         Assert.assertThrows(IOException.class, () -> credentials.refreshAccessToken());
     assertTrue(exception.getCause().getMessage().contains("503"));
     assertTrue(exception instanceof GoogleAuthException);
     assertTrue(((GoogleAuthException) exception).isRetryable());
@@ -835,7 +835,7 @@
           ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
 
       IOException exception =
           Assert.assertThrows(IOException.class, () -> credentials.refreshAccessToken());
       assertFalse(exception instanceof GoogleAuthException);
     }
   }

oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java

@@ -129,8 +129,8 @@
     if (url.startsWith(ComputeEngineCredentials.getTokenServerEncodedUrl())) {
       this.request = getMockRequestForTokenEndpoint(url);
       return this.request;
-    } else if (isGetServiceAccountsUrl(url)) {
-      this.request = getMockRequestForServiceAccount(url);
+    } else if (isGetDefaultServiceAccountsUrl(url)) {
+      this.request = getMockRequestForDefaultServiceAccount(url);
       return this.request;
     } else if (isSignRequestUrl(url)) {
       this.request = getMockRequestForSign(url);
@@ -176,22 +176,13 @@
     };
   }
 
-  private MockLowLevelHttpRequest getMockRequestForServiceAccount(String url) {
+  private MockLowLevelHttpRequest getMockRequestForDefaultServiceAccount(String url) {
     return new MockLowLevelHttpRequest(url) {
       @Override
-      public LowLevelHttpResponse execute() throws IOException {
-        // Create the JSON response
-        GenericJson serviceAccountsContents = new GenericJson();
-        serviceAccountsContents.setFactory(OAuth2Utils.JSON_FACTORY);
-        GenericJson defaultAccount = new GenericJson();
-        defaultAccount.put("email", serviceAccountEmail);
-        serviceAccountsContents.put("default", defaultAccount);
-
-        String serviceAccounts = serviceAccountsContents.toPrettyString();
-
+      public LowLevelHttpResponse execute() {
         return new MockLowLevelHttpResponse()
             .setContentType(Json.MEDIA_TYPE)
-            .setContent(serviceAccounts);
+            .setContent(serviceAccountEmail);
       }
     };
   }
@@ -279,7 +270,7 @@
         if (queryPairs.containsKey("licenses")) {
           // The metadata server defaults to false and matches "on", "off" and ::absl::SimpleAtob.
           // See https://abseil.io/docs/cpp/guides/strings#numericConversion for more information.
           if (BOOL_PARAMETER_VALUE.matcher((String) queryPairs.get("licenses")).matches()) {
             return new MockLowLevelHttpRequest(url) {
               @Override
               public LowLevelHttpResponse execute() throws IOException {
@@ -341,8 +332,8 @@
     };
   }
 
-  protected boolean isGetServiceAccountsUrl(String url) {
-    return url.equals(ComputeEngineCredentials.getServiceAccountsUrl());
+  protected boolean isGetDefaultServiceAccountsUrl(String url) {
+    return url.equals(ComputeEngineCredentials.getDefaultServiceAccountUrl());
   }
 
   protected boolean isSignRequestUrl(String url) {