micronaut-projects · sdelamo · Jan 23, 2024 · Jan 11, 2024 · Jan 11, 2024 · Jan 11, 2024
diff --git a/gcp-common/src/main/java/io/micronaut/gcp/credentials/AuthenticationLoggingInterceptor.java b/gcp-common/src/main/java/io/micronaut/gcp/credentials/AuthenticationLoggingInterceptor.java
diff --git a/gcp-common/src/main/java/io/micronaut/gcp/credentials/GoogleCredentialsFactory.java b/gcp-common/src/main/java/io/micronaut/gcp/credentials/GoogleCredentialsFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 original authors
+ * Copyright 2017-2024 original authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -87,7 +87,6 @@ public GoogleCredentialsFactory(@NonNull GoogleCredentialsConfiguration configur
     @Requires(property = GoogleCredentialsConfiguration.PREFIX + ".enabled", value = StringUtils.TRUE, defaultValue = StringUtils.TRUE)
     @Primary
     @Singleton
-    @LogAuthenticationFailures
     protected GoogleCredentials defaultGoogleCredentials() throws IOException {
         final List<String> scopes = configuration.getScopes().stream()
                 .map(URI::toString).collect(Collectors.toList());

diff --git a/gcp-common/src/main/java/io/micronaut/gcp/credentials/LogAuthenticationFailures.java b/gcp-common/src/main/java/io/micronaut/gcp/credentials/LogAuthenticationFailures.java
diff --git a/gcp-common/src/test/groovy/io/micronaut/gcp/credentials/GoogleCredentialsFactorySpec.groovy b/gcp-common/src/test/groovy/io/micronaut/gcp/credentials/GoogleCredentialsFactorySpec.groovy
@@ -1,18 +1,18 @@
 package io.micronaut.gcp.credentials
 
-import com.google.auth.RequestMetadataCallback
+import com.google.api.client.util.GenericData
 import com.google.auth.oauth2.GoogleCredentials
 import com.google.auth.oauth2.ImpersonatedCredentials
 import com.google.auth.oauth2.ServiceAccountCredentials
 import com.google.auth.oauth2.UserCredentials
-import com.google.common.util.concurrent.MoreExecutors
 import io.micronaut.context.ApplicationContext
 import io.micronaut.context.annotation.Requires
 import io.micronaut.context.exceptions.BeanInstantiationException
 import io.micronaut.context.exceptions.ConfigurationException
 import io.micronaut.context.exceptions.NoSuchBeanException
 import io.micronaut.core.reflect.ReflectionUtils
 import io.micronaut.http.HttpResponse
+import io.micronaut.http.HttpStatus
 import io.micronaut.http.MediaType
 import io.micronaut.http.annotation.Controller
 import io.micronaut.http.annotation.Post
@@ -21,12 +21,12 @@ import org.spockframework.runtime.IStandardStreamsListener
 import org.spockframework.runtime.StandardStreamsCapturer
 import spock.lang.AutoCleanup
 import spock.lang.Specification
-import spock.util.concurrent.PollingConditions
 import uk.org.webcompere.systemstubs.environment.EnvironmentVariables
 import uk.org.webcompere.systemstubs.properties.SystemProperties
 import uk.org.webcompere.systemstubs.resource.Resources
 
 import java.security.PrivateKey
+import java.util.concurrent.atomic.AtomicInteger
 
 import static io.micronaut.gcp.credentials.fixture.ServiceAccountCredentialsTestHelper.*
 
@@ -37,8 +37,6 @@ class GoogleCredentialsFactorySpec extends Specification {
     @AutoCleanup("stop")
     StandardStreamsCapturer capturer = new StandardStreamsCapturer()
 
-    PollingConditions conditions = new PollingConditions(timeout: 30)
-
     void setup() {
         capturer.addStandardStreamsListener(captured)
         capturer.start()
@@ -67,6 +65,9 @@ class GoogleCredentialsFactorySpec extends Specification {
 
         then:
         thrown(NoSuchBeanException)
+
+        cleanup:
+        ctx.close()
     }
 
     void "configuring both credentials location and encoded-key throws an exception"() {
@@ -82,6 +83,9 @@ class GoogleCredentialsFactorySpec extends Specification {
         then:
         def ex = thrown(BeanInstantiationException)
         ex.getCause() instanceof ConfigurationException
+
+        cleanup:
+        ctx.close()
     }
 
     void "default configuration without GCP SDK installed fails"() {
@@ -191,7 +195,7 @@ class GoogleCredentialsFactorySpec extends Specification {
 
         then:
         gc != null
-        ImpersonatedCredentials ic = gc.$target
+        ImpersonatedCredentials ic = (ImpersonatedCredentials) gc
         UserCredentials uc = (UserCredentials) ic.getSourceCredentials()
         ic.getAccount() == "sa-test1@micronaut-gcp-testing.iam.gserviceaccount.com"
         with(uc) {
@@ -232,6 +236,9 @@ class GoogleCredentialsFactorySpec extends Specification {
 
         then:
         matchesJsonServiceAccountCredentials(pk, gc)
+
+        cleanup:
+        ctx.close()
     }
 
     void "service account credentials can be loaded via configured Base64-encoded key"() {
@@ -247,60 +254,52 @@ class GoogleCredentialsFactorySpec extends Specification {
 
         then:
         matchesJsonServiceAccountCredentials(pk, gc)
+
+        cleanup:
+        ctx.close()
     }
 
-    void "invalid credentials cause a warning to be logged when metadata is requested"(){
+    void "an access token should be able to be refreshed and retrieved"() {
         given:
         PrivateKey pk = generatePrivateKey()
-        String encodedServiceAccountCredentials = encodeServiceCredentials(pk)
+        File serviceAccountCredentials = writeServiceCredentialsToTempFile(pk)
+
+        when:
         EmbeddedServer gcp = ApplicationContext.run(EmbeddedServer, [
                 "spec.name" : "GoogleCredentialsFactorySpec",
                 "micronaut.server.port" : 8080
         ])
         def ctx = ApplicationContext.run([
-                (GoogleCredentialsConfiguration.PREFIX + ".encoded-key"): encodedServiceAccountCredentials
+                (GoogleCredentialsConfiguration.PREFIX + ".location"): serviceAccountCredentials.getPath()
         ])
         GoogleCredentials gc = ctx.getBean(GoogleCredentials)
 
-        when:
-        gc.getRequestMetadata(null, MoreExecutors.directExecutor(), new RequestMetadataCallback() {
-            @Override
-            void onSuccess(Map<String, List<String>> metadata) {
-
-            }
-
-            @Override
-            void onFailure(Throwable exception) {
+        then:
+        matchesJsonServiceAccountCredentials(pk, gc)
 
-            }
-        })
+        when:
+        gc.refreshIfExpired()
 
         then:
-        conditions.eventually {
-            captured.messages.any {
-                it.contains("WARN")
-                it.contains("A failure occurred while attempting to build credential metadata for a GCP API request. The GCP libraries treat this as " +
-                        "a retryable error, but misconfigured credentials can keep it from ever succeeding.")
-            }
-        }
+        gc.getAccessToken().getTokenValue() == "ThisIsAFreshToken"
 
         cleanup:
-        ctx.stop()
-        gcp.stop()
+        gcp.close()
+        ctx.close()
     }
 
     private void matchesJsonUserCredentials(GoogleCredentials gc) {
-        assert gc != null && gc.$target != null && gc.$target instanceof UserCredentials
-        UserCredentials uc = (UserCredentials) gc.$target
+        assert gc != null && gc instanceof UserCredentials
+        UserCredentials uc = (UserCredentials) gc
         assert uc.getClientId() == "client-id-1.apps.googleusercontent.com"
         assert uc.getClientSecret() == "client-secret-1"
         assert uc.getQuotaProjectId() == "micronaut-gcp-test"
         assert uc.getRefreshToken() == "refresh-token-1"
     }
 
     private void matchesJsonServiceAccountCredentials(PrivateKey pk, GoogleCredentials gc) {
-        assert gc != null && gc.$target != null && gc.$target instanceof ServiceAccountCredentials
-        ServiceAccountCredentials sc = (ServiceAccountCredentials) gc.$target
+        assert gc != null && gc instanceof ServiceAccountCredentials
+        ServiceAccountCredentials sc = (ServiceAccountCredentials) gc
         assert sc.getAccount() == "sa-test1@micronaut-gcp-testing.iam.gserviceaccount.com"
         assert sc.getClientId() == "client-id-1"
         assert sc.getProjectId() == "micronaut-gcp-testing"
@@ -313,9 +312,14 @@ class GoogleCredentialsFactorySpec extends Specification {
 @Controller
 class GoogleAuth {
 
-    @Post(value="/token", processes = MediaType.APPLICATION_FORM_URLENCODED)
-    HttpResponse<String> getToken() {
-        return HttpResponse.unauthorized()
+    AtomicInteger requestCount = new AtomicInteger(1)
+
+    @Post(value="/token", consumes = MediaType.APPLICATION_FORM_URLENCODED, produces = MediaType.APPLICATION_JSON)
+    HttpResponse<GenericData> getToken() {
+        if (requestCount.getAndAdd(1) == 2) {
+            return HttpResponse.ok(new GenericData().set("access_token", "ThisIsAFreshToken").set("expires_in", 3600))
+        }
+        return HttpResponse.status(HttpStatus.TOO_MANY_REQUESTS)
     }
 }