auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)

* Fixed mistaken method invocation for privateKeyId getter/setter. * Added test coverage to verify jwt credentials are applied to request metadata correctly. * No need to expose serviceUri method for testing.
2019-08-30 11:21:33 -07:00 · 2019-08-30 11:21:33 -07:00 · efc14bd299
parent c9177b2327
commit efc14bd299
2 changed files with 36 additions and 2 deletions
--- a/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java
+++ b/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java
@ -296,8 +296,8 @@ final class GoogleAuthLibraryCallCredentials extends io.grpc.CallCredentials2 {
        methodPairs.add(new MethodPair(getter, setter));
      }
      {
-        Method getter = serviceAccountClass.getMethod("getPrivateKey");
-        Method setter = builderClass.getMethod("setPrivateKey", getter.getReturnType());
+        Method getter = serviceAccountClass.getMethod("getPrivateKeyId");
+        Method setter = builderClass.getMethod("setPrivateKeyId", getter.getReturnType());
        methodPairs.add(new MethodPair(getter, setter));
      }
    }
--- a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
+++ b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
@ -34,6 +34,7 @@ import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.auth.oauth2.OAuth2Credentials;
 import com.google.auth.oauth2.ServiceAccountCredentials;
+import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.LinkedListMultimap;
 import com.google.common.collect.ListMultimap;
@ -41,6 +42,7 @@ import com.google.common.collect.Multimaps;
 import io.grpc.Attributes;
 import io.grpc.CallCredentials;
 import io.grpc.CallCredentials.MetadataApplier;
+import io.grpc.CallCredentials.RequestInfo;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.SecurityLevel;
@ -388,6 +390,38 @@ public class GoogleAuthLibraryCallCredentialsTest {
        Iterables.toArray(authorization, String.class));
  }

+  @Test
+  public void jwtAccessCredentialsInRequestMetadata() throws Exception {
+    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+    RequestInfo requestInfo = new RequestInfoImpl("example.com:123");
+
+    ServiceAccountJwtAccessCredentials jwtCreds =
+        ServiceAccountJwtAccessCredentials.newBuilder()
+            .setClientId("test-client")
+            .setClientEmail("test-email@example.com")
+            .setPrivateKey(pair.getPrivate())
+            .setPrivateKeyId("test-private-key-id")
+            .build();
+    List<String> expectedAuthMetadata = jwtCreds
+        .getRequestMetadata(new URI("https://example.com:123/a.service")).get("Authorization");
+
+    ServiceAccountCredentials credentials =
+        ServiceAccountCredentials.newBuilder()
+            .setClientId("test-client")
+            .setClientEmail("test-email@example.com")
+            .setPrivateKey(pair.getPrivate())
+            .setPrivateKeyId("test-private-key-id")
+            .build();
+    GoogleAuthLibraryCallCredentials callCredentials =
+        new GoogleAuthLibraryCallCredentials(credentials);
+    callCredentials.applyRequestMetadata(requestInfo, executor, applier);
+
+    verify(applier).apply(headersCaptor.capture());
+    Metadata headers = headersCaptor.getValue();
+    assertArrayEquals(Iterables.toArray(expectedAuthMetadata, String.class),
+        Iterables.toArray(headers.getAll(AUTHORIZATION), String.class));
+  }
+
  private int runPendingRunnables() {
    ArrayList<Runnable> savedPendingRunnables = pendingRunnables;
    pendingRunnables = new ArrayList<>();