diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index 48a6fbe6b..d36b5c3df 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -69,7 +69,6 @@ import java.util.Collections; import java.util.Date; import java.util.List; -import java.util.Map; import java.util.Objects; import java.util.logging.Level; import java.util.logging.Logger; @@ -632,6 +631,12 @@ public static String getServiceAccountsUrl() { + "/computeMetadata/v1/instance/service-accounts/?recursive=true"; } + /** Url to retrieve the default service account entry from the Metadata Server. */ + static String getDefaultServiceAccountUrl() { + return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + + "/computeMetadata/v1/instance/service-accounts/default/email"; + } + public static String getIdentityDocumentUrl() { return getMetadataServerUrl(DefaultCredentialsProvider.DEFAULT) + "/computeMetadata/v1/instance/service-accounts/default/identity"; @@ -733,7 +738,7 @@ public byte[] sign(byte[] toSign) { private String getDefaultServiceAccount() throws IOException { HttpResponse response = - getMetadataResponse(getServiceAccountsUrl(), RequestType.UNTRACKED, false); + getMetadataResponse(getDefaultServiceAccountUrl(), RequestType.UNTRACKED, false); int statusCode = response.getStatusCode(); if (statusCode == HttpStatusCodes.STATUS_CODE_NOT_FOUND) { throw new IOException( @@ -756,12 +761,7 @@ private String getDefaultServiceAccount() throws IOException { // Mock transports will have success code with empty content by default. throw new IOException(METADATA_RESPONSE_EMPTY_CONTENT_ERROR_MESSAGE); } - GenericData responseData = response.parseAs(GenericData.class); - LoggingUtils.logResponsePayload( - responseData, LOGGER_PROVIDER, "Received default service account payload"); - Map defaultAccount = - OAuth2Utils.validateMap(responseData, "default", PARSE_ERROR_ACCOUNT); - return OAuth2Utils.validateString(defaultAccount, "email", PARSE_ERROR_ACCOUNT); + return response.parseAsString(); } public static class Builder extends GoogleCredentials.Builder { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 4b1f9c1ca..a3df59e1a 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -590,7 +590,7 @@ public void getAccount_missing_throws() { new MockMetadataServerTransport() { @Override public LowLevelHttpRequest buildRequest(String method, String url) throws IOException { - if (isGetServiceAccountsUrl(url)) { + if (isGetDefaultServiceAccountsUrl(url)) { return new MockLowLevelHttpRequest(url) { @Override public LowLevelHttpResponse execute() throws IOException { @@ -626,7 +626,7 @@ public void getAccount_emptyContent_throws() { new MockMetadataServerTransport() { @Override public LowLevelHttpRequest buildRequest(String method, String url) throws IOException { - if (isGetServiceAccountsUrl(url)) { + if (isGetDefaultServiceAccountsUrl(url)) { return new MockLowLevelHttpRequest(url) { @Override public LowLevelHttpResponse execute() throws IOException { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java index e7ac6c09d..725a124fc 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java @@ -129,8 +129,8 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce if (url.startsWith(ComputeEngineCredentials.getTokenServerEncodedUrl())) { this.request = getMockRequestForTokenEndpoint(url); return this.request; - } else if (isGetServiceAccountsUrl(url)) { - this.request = getMockRequestForServiceAccount(url); + } else if (isGetDefaultServiceAccountsUrl(url)) { + this.request = getMockRequestForDefaultServiceAccount(url); return this.request; } else if (isSignRequestUrl(url)) { this.request = getMockRequestForSign(url); @@ -176,22 +176,13 @@ public LowLevelHttpResponse execute() throws IOException { }; } - private MockLowLevelHttpRequest getMockRequestForServiceAccount(String url) { + private MockLowLevelHttpRequest getMockRequestForDefaultServiceAccount(String url) { return new MockLowLevelHttpRequest(url) { @Override - public LowLevelHttpResponse execute() throws IOException { - // Create the JSON response - GenericJson serviceAccountsContents = new GenericJson(); - serviceAccountsContents.setFactory(OAuth2Utils.JSON_FACTORY); - GenericJson defaultAccount = new GenericJson(); - defaultAccount.put("email", serviceAccountEmail); - serviceAccountsContents.put("default", defaultAccount); - - String serviceAccounts = serviceAccountsContents.toPrettyString(); - + public LowLevelHttpResponse execute() { return new MockLowLevelHttpResponse() .setContentType(Json.MEDIA_TYPE) - .setContent(serviceAccounts); + .setContent(serviceAccountEmail); } }; } @@ -341,8 +332,8 @@ public LowLevelHttpResponse execute() throws IOException { }; } - protected boolean isGetServiceAccountsUrl(String url) { - return url.equals(ComputeEngineCredentials.getServiceAccountsUrl()); + protected boolean isGetDefaultServiceAccountsUrl(String url) { + return url.equals(ComputeEngineCredentials.getDefaultServiceAccountUrl()); } protected boolean isSignRequestUrl(String url) {