diff --git a/google/cloud/credentials.cc b/google/cloud/credentials.cc index bd7d2c2be7c8b..167c3156ef348 100644 --- a/google/cloud/credentials.cc +++ b/google/cloud/credentials.cc @@ -51,6 +51,12 @@ std::shared_ptr MakeServiceAccountCredentials( std::move(json_object), std::move(opts)); } +std::shared_ptr MakeServiceAccountCredentialsFromFile( + std::string const& file_path, Options opts) { + return std::make_shared("", file_path, + std::move(opts)); +} + std::shared_ptr MakeExternalAccountCredentials( std::string json_object, Options opts) { return std::make_shared( diff --git a/google/cloud/credentials.h b/google/cloud/credentials.h index 93166067d1974..0623476d2199a 100644 --- a/google/cloud/credentials.h +++ b/google/cloud/credentials.h @@ -301,6 +301,55 @@ std::shared_ptr MakeImpersonateServiceAccountCredentials( std::shared_ptr MakeServiceAccountCredentials( std::string json_object, Options opts = {}); +/** + * Creates service account credentials from a service account key contained in + * a file. + * + * A [service account] is an account for an application or compute workload + * instead of an individual end user. The recommended practice is to use + * Google Default Credentials, which relies on the configuration of the Google + * Cloud system hosting your application (GCE, GKE, Cloud Run) to authenticate + * your workload or application. But sometimes you may need to create and + * download a [service account key], for example, to use a service account + * when running your application on a system that is not part of Google Cloud. + * + * Service account credentials are used in this latter case. + * + * You can create multiple service account keys for a single service account. + * When you create a service account key, the key is returned as string, in the + * format described by [aip/4112]. This string contains an id for the service + * account, as well as the cryptographical materials (a RSA private key) + * required to authenticate the caller. + * + * Therefore, services account keys should be treated as any other secret + * with security implications. Think of them as unencrypted passwords. Do not + * store them where unauthorized persons or programs may read them. + * + * As stated above, most applications should probably use default credentials, + * maybe pointing them to a file with these contents. Using this function may be + * useful when the service account key is obtained from Cloud Secret Manager or + * a similar service. + * + * [aip/4112]: https://google.aip.dev/auth/4112 + * [service account]: https://cloud.google.com/iam/docs/overview#service_account + * [service account key]: + * https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-cpp + * + * @ingroup guac + * + * @note While JSON file formats are supported for both REST and gRPC transport, + * PKCS#12 is only supported for REST transport. + * + * @param file_path path to file containing the service account key + * Typically applications read this from a file, or download the contents from + * something like Google's secret manager service. + * @param opts optional configuration values. Note that the effect of these + * parameters depends on the underlying transport. For example, + * `LoggingComponentsOption` is ignored by gRPC-based services. + */ +std::shared_ptr MakeServiceAccountCredentialsFromFile( + std::string const& file_path, Options opts = {}); + /** * Creates credentials based on external accounts. * diff --git a/google/cloud/internal/credentials_impl.cc b/google/cloud/internal/credentials_impl.cc index e7c1fd2f82a90..25d03e39070b7 100644 --- a/google/cloud/internal/credentials_impl.cc +++ b/google/cloud/internal/credentials_impl.cc @@ -92,6 +92,12 @@ ServiceAccountConfig::ServiceAccountConfig(std::string json_object, : json_object_(std::move(json_object)), options_(PopulateAuthOptions(std::move(opts))) {} +ServiceAccountConfig::ServiceAccountConfig(std::string json_object, + std::string file_path, Options opts) + : json_object_(std::move(json_object)), + file_path_(std::move(file_path)), + options_(PopulateAuthOptions(std::move(opts))) {} + ExternalAccountConfig::ExternalAccountConfig(std::string json_object, Options options) : json_object_(std::move(json_object)), diff --git a/google/cloud/internal/credentials_impl.h b/google/cloud/internal/credentials_impl.h index 94af7f2e40b89..f651cb97158f0 100644 --- a/google/cloud/internal/credentials_impl.h +++ b/google/cloud/internal/credentials_impl.h @@ -145,14 +145,18 @@ class ImpersonateServiceAccountConfig : public Credentials { class ServiceAccountConfig : public Credentials { public: ServiceAccountConfig(std::string json_object, Options opts); + ServiceAccountConfig(std::string json_object, std::string file_path, + Options opts); std::string const& json_object() const { return json_object_; } + absl::optional const& file_path() const { return file_path_; } Options const& options() const { return options_; } private: void dispatch(CredentialsVisitor& v) const override { v.visit(*this); } std::string json_object_; + absl::optional file_path_ = absl::nullopt; Options options_; }; diff --git a/google/cloud/internal/curl_rest_client.cc b/google/cloud/internal/curl_rest_client.cc index d0abda63df0b9..90c4f584c3b93 100644 --- a/google/cloud/internal/curl_rest_client.cc +++ b/google/cloud/internal/curl_rest_client.cc @@ -112,7 +112,10 @@ CurlRestClient::CurlRestClient(std::string endpoint_address, : endpoint_address_(std::move(endpoint_address)), handle_factory_(std::move(factory)), options_(std::move(options)) { + std::cout << __PRETTY_FUNCTION__ << std::endl; if (options_.has()) { + std::cout << __PRETTY_FUNCTION__ << ": has UnifiedCredentialsOption" + << std::endl; credentials_ = MapCredentials(*options_.get()); } } @@ -124,6 +127,7 @@ StatusOr> CurlRestClient::CreateCurlImpl( auto impl = std::make_unique(std::move(handle), handle_factory_, options); if (credentials_) { + std::cout << __PRETTY_FUNCTION__ << ": has credentials_" << std::endl; auto auth_header = credentials_->AuthenticationHeader(std::chrono::system_clock::now()); if (!auth_header.ok()) return std::move(auth_header).status(); diff --git a/google/cloud/internal/oauth2_access_token_credentials.cc b/google/cloud/internal/oauth2_access_token_credentials.cc index dc29231f9849a..fe2037cd4a9ee 100644 --- a/google/cloud/internal/oauth2_access_token_credentials.cc +++ b/google/cloud/internal/oauth2_access_token_credentials.cc @@ -21,7 +21,9 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN AccessTokenCredentials::AccessTokenCredentials( google::cloud::AccessToken access_token) - : access_token_(std::move(access_token)) {} + : access_token_(std::move(access_token)) { + std::cout << __PRETTY_FUNCTION__ << std::endl; +} StatusOr AccessTokenCredentials::GetToken( std::chrono::system_clock::time_point /*tp*/) { diff --git a/google/cloud/internal/oauth2_authorized_user_credentials.cc b/google/cloud/internal/oauth2_authorized_user_credentials.cc index 4f5197a73a9ca..803a3a4d09727 100644 --- a/google/cloud/internal/oauth2_authorized_user_credentials.cc +++ b/google/cloud/internal/oauth2_authorized_user_credentials.cc @@ -92,10 +92,13 @@ AuthorizedUserCredentials::AuthorizedUserCredentials( HttpClientFactory client_factory) : info_(std::move(info)), options_(std::move(options)), - client_factory_(std::move(client_factory)) {} + client_factory_(std::move(client_factory)) { + std::cout << __PRETTY_FUNCTION__ << std::endl; +} StatusOr AuthorizedUserCredentials::GetToken( std::chrono::system_clock::time_point tp) { + std::cout << __PRETTY_FUNCTION__ << std::endl; rest_internal::RestRequest request; request.SetPath(info_.token_uri); request.AddHeader("content-type", "application/x-www-form-urlencoded"); diff --git a/google/cloud/internal/oauth2_cached_credentials.cc b/google/cloud/internal/oauth2_cached_credentials.cc index 8ae00341c43df..79b53393afd76 100644 --- a/google/cloud/internal/oauth2_cached_credentials.cc +++ b/google/cloud/internal/oauth2_cached_credentials.cc @@ -41,6 +41,7 @@ CachedCredentials::~CachedCredentials() = default; StatusOr CachedCredentials::GetToken( std::chrono::system_clock::time_point now) { std::lock_guard lk(mu_); + std::cout << __PRETTY_FUNCTION__ << std::endl; if (!ExpiringSoon(token_, now)) return token_; auto refreshed = impl_->GetToken(now); if (!refreshed) { diff --git a/google/cloud/internal/oauth2_compute_engine_credentials.cc b/google/cloud/internal/oauth2_compute_engine_credentials.cc index 624cc5216ed00..51617eb2328a2 100644 --- a/google/cloud/internal/oauth2_compute_engine_credentials.cc +++ b/google/cloud/internal/oauth2_compute_engine_credentials.cc @@ -194,7 +194,9 @@ ComputeEngineCredentials::ComputeEngineCredentials( HttpClientFactory client_factory) : options_(std::move(options)), client_factory_(std::move(client_factory)), - service_account_email_(std::move(service_account_email)) {} + service_account_email_(std::move(service_account_email)) { + std::cout << __PRETTY_FUNCTION__ << std::endl; +} StatusOr ComputeEngineCredentials::GetToken( std::chrono::system_clock::time_point tp) { diff --git a/google/cloud/internal/oauth2_credentials.cc b/google/cloud/internal/oauth2_credentials.cc index 42dd2e760328e..aff15e6648eab 100644 --- a/google/cloud/internal/oauth2_credentials.cc +++ b/google/cloud/internal/oauth2_credentials.cc @@ -48,6 +48,7 @@ StatusOr Credentials::project_id( StatusOr> Credentials::AuthenticationHeader( std::chrono::system_clock::time_point tp) { + std::cout << __PRETTY_FUNCTION__ << std::endl; auto token = GetToken(tp); if (!token) return std::move(token).status(); if (token->token.empty()) return std::make_pair(std::string{}, std::string{}); diff --git a/google/cloud/internal/oauth2_logging_credentials.cc b/google/cloud/internal/oauth2_logging_credentials.cc index f88b1efc89c73..1393c148dd56b 100644 --- a/google/cloud/internal/oauth2_logging_credentials.cc +++ b/google/cloud/internal/oauth2_logging_credentials.cc @@ -33,6 +33,7 @@ LoggingCredentials::~LoggingCredentials() = default; StatusOr LoggingCredentials::GetToken( std::chrono::system_clock::time_point now) { + std::cout << __PRETTY_FUNCTION__ << std::endl; auto token = impl_->GetToken(now); if (!token) { GCP_LOG(DEBUG) << __func__ << "(" << phase_ << ") failed " diff --git a/google/cloud/internal/oauth2_service_account_credentials.cc b/google/cloud/internal/oauth2_service_account_credentials.cc index d72e803e1d4d4..04a3935a14395 100644 --- a/google/cloud/internal/oauth2_service_account_credentials.cc +++ b/google/cloud/internal/oauth2_service_account_credentials.cc @@ -248,10 +248,13 @@ ServiceAccountCredentials::ServiceAccountCredentials( std::move(options), Options{}.set( info_.token_uri))), - client_factory_(std::move(client_factory)) {} + client_factory_(std::move(client_factory)) { + std::cout << __PRETTY_FUNCTION__ << std::endl; +} StatusOr ServiceAccountCredentials::GetToken( std::chrono::system_clock::time_point tp) { + std::cout << __PRETTY_FUNCTION__ << std::endl; if (UseOAuth()) return GetTokenOAuth(tp); return GetTokenSelfSigned(tp); } @@ -259,6 +262,7 @@ StatusOr ServiceAccountCredentials::GetToken( StatusOr> ServiceAccountCredentials::SignBlob( absl::optional const& signing_account, std::string const& blob) const { + std::cout << __PRETTY_FUNCTION__ << std::endl; if (signing_account.has_value() && signing_account.value() != info_.client_email) { return internal::InvalidArgumentError( diff --git a/google/cloud/internal/unified_grpc_credentials.cc b/google/cloud/internal/unified_grpc_credentials.cc index 36b42821c6fc0..5b62f6d862d82 100644 --- a/google/cloud/internal/unified_grpc_credentials.cc +++ b/google/cloud/internal/unified_grpc_credentials.cc @@ -115,8 +115,15 @@ std::shared_ptr CreateAuthenticationStrategy( std::move(options)); } void visit(ServiceAccountConfig const& cfg) override { - result = std::make_unique( - cfg.json_object(), std::move(options)); + if (cfg.file_path().has_value()) { + std::ifstream is(*cfg.file_path()); + std::string contents(std::istreambuf_iterator{is}, {}); + result = std::make_unique( + std::move(contents), std::move(options)); + } else { + result = std::make_unique( + cfg.json_object(), std::move(options)); + } } void visit(ExternalAccountConfig const& cfg) override { grpc::SslCredentialsOptions ssl_options; diff --git a/google/cloud/internal/unified_rest_credentials.cc b/google/cloud/internal/unified_rest_credentials.cc index 65f1d873e369c..2932dccaaa38c 100644 --- a/google/cloud/internal/unified_rest_credentials.cc +++ b/google/cloud/internal/unified_rest_credentials.cc @@ -25,6 +25,8 @@ #include "google/cloud/internal/oauth2_google_credentials.h" #include "google/cloud/internal/oauth2_impersonate_service_account_credentials.h" #include "google/cloud/internal/oauth2_service_account_credentials.h" +#include "google/cloud/internal/parse_service_account_p12_file.h" +#include namespace google { namespace cloud { @@ -49,25 +51,98 @@ std::shared_ptr MakeErrorCredentials( return std::make_shared(std::move(status)); } -std::shared_ptr +StatusOr> CreateServiceAccountCredentialsFromJsonContents( std::string const& contents, Options const& options, oauth2_internal::HttpClientFactory client_factory) { + std::cout << __PRETTY_FUNCTION__ << std::endl; auto info = oauth2_internal::ParseServiceAccountCredentials(contents, "memory"); - if (!info) return MakeErrorCredentials(std::move(info).status()); + if (!info) { + std::cout << __PRETTY_FUNCTION__ << ": parse error" << std::endl; + return info.status(); + } + std::cout << __PRETTY_FUNCTION__ << ": info->client_email='" + << info->client_email << "'" << std::endl; // Verify this is usable before returning it. auto const tp = std::chrono::system_clock::time_point{}; auto const components = AssertionComponentsFromInfo(*info, tp); auto jwt = internal::MakeJWTAssertionNoThrow( components.first, components.second, info->private_key); - if (!jwt) return MakeErrorCredentials(std::move(jwt).status()); + // if (!jwt) return MakeErrorCredentials(std::move(jwt).status()); + if (!jwt) return jwt.status(); + return StatusOr>( + std::make_shared( + *info, options, std::move(client_factory))); +} + +StatusOr> +CreateServiceAccountCredentialsFromJsonFilePath( + std::string const& path, absl::optional>, + absl::optional, Options const& options, + oauth2_internal::HttpClientFactory client_factory) { + std::cout << __PRETTY_FUNCTION__ << std::endl; + std::ifstream is(path); + std::string contents(std::istreambuf_iterator{is}, {}); + return CreateServiceAccountCredentialsFromJsonContents( + std::move(contents), options, std::move(client_factory)); +#if 0 + auto info = ParseServiceAccountCredentials(contents, path); + if (!info) { + return StatusOr>(info.status()); + } + // These are supplied as extra parameters to this method, not in the JSON + // file. + info->subject = std::move(subject); + info->scopes = std::move(scopes); + return StatusOr>( + std::make_shared>(*info, options)); +#endif +} + +std::shared_ptr +CreateServiceAccountCredentialsFromP12FilePath( + std::string const& path, absl::optional> scopes, + absl::optional subject, Options const& options, + oauth2_internal::HttpClientFactory client_factory) { + std::cout << __PRETTY_FUNCTION__ << std::endl; + auto info = oauth2_internal::ParseServiceAccountP12File(path); + if (!info) { + std::cout << __PRETTY_FUNCTION__ << ": return ErrorCredentials" + << std::endl; + return MakeErrorCredentials(std::move(info).status()); + // return StatusOr>(info.status()); + } + std::cout << __PRETTY_FUNCTION__ << ": info->client_email='" + << info->client_email << "'" << std::endl; + // These are supplied as extra parameters to this method, not in the P12 + // file. + info->subject = std::move(subject); + info->scopes = std::move(scopes); return std::make_shared( *info, options, std::move(client_factory)); } +std::shared_ptr +CreateServiceAccountCredentialsFromFilePath( + std::string const& path, absl::optional> scopes, + absl::optional subject, Options const& options, + oauth2_internal::HttpClientFactory client_factory) { + std::cout << __PRETTY_FUNCTION__ << std::endl; + auto credentials = CreateServiceAccountCredentialsFromJsonFilePath( + path, scopes, subject, options, client_factory); + if (credentials) { + std::cout << __PRETTY_FUNCTION__ << ": return JSON credentials" + << std::endl; + return *credentials; + } + return CreateServiceAccountCredentialsFromP12FilePath( + path, std::move(scopes), std::move(subject), options, + std::move(client_factory)); +} + } // namespace std::shared_ptr MapCredentials( @@ -88,15 +163,18 @@ std::shared_ptr MapCredentials( std::shared_ptr result; void visit(ErrorCredentialsConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = std::make_shared(cfg.status()); } void visit(InsecureCredentialsConfig const&) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = std::make_shared(); } void visit(GoogleDefaultCredentialsConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; auto credentials = google::cloud::oauth2_internal::GoogleDefaultCredentials( cfg.options(), std::move(client_factory_)); @@ -108,11 +186,13 @@ std::shared_ptr MapCredentials( } void visit(AccessTokenConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = std::make_shared( cfg.access_token()); } void visit(ImpersonateServiceAccountConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = std::make_shared< oauth2_internal::ImpersonateServiceAccountCredentials>( cfg, std::move(client_factory_)); @@ -120,13 +200,25 @@ std::shared_ptr MapCredentials( } void visit(ServiceAccountConfig const& cfg) override { - result = Decorate( - CreateServiceAccountCredentialsFromJsonContents( - cfg.json_object(), cfg.options(), std::move(client_factory_)), - cfg.options()); + std::cout << __PRETTY_FUNCTION__ << std::endl; + if (cfg.file_path().has_value()) { + result = Decorate(CreateServiceAccountCredentialsFromFilePath( + *cfg.file_path(), {}, {}, cfg.options(), + std::move(client_factory_)), + cfg.options()); + } else { + auto creds = CreateServiceAccountCredentialsFromJsonContents( + cfg.json_object(), cfg.options(), std::move(client_factory_)); + if (creds) { + result = Decorate(std::move(*creds), cfg.options()); + return; + } + result = MakeErrorCredentials(std::move(creds).status()); + } } void visit(ExternalAccountConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; auto const ec = internal::ErrorContext(); auto info = oauth2_internal::ParseExternalAccountConfiguration( cfg.json_object(), ec); @@ -141,11 +233,13 @@ std::shared_ptr MapCredentials( } void visit(ApiKeyConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = std::make_shared(cfg.api_key()); } void visit(ComputeEngineCredentialsConfig const& cfg) override { + std::cout << __PRETTY_FUNCTION__ << std::endl; result = Decorate( std::make_shared< google::cloud::oauth2_internal::ComputeEngineCredentials>( diff --git a/google/cloud/storage/benchmarks/throughput_experiment.cc b/google/cloud/storage/benchmarks/throughput_experiment.cc index 7599fc2a6c2d9..3150c6892e7a8 100644 --- a/google/cloud/storage/benchmarks/throughput_experiment.cc +++ b/google/cloud/storage/benchmarks/throughput_experiment.cc @@ -16,6 +16,7 @@ #include "google/cloud/storage/benchmarks/benchmark_utils.h" #include "google/cloud/storage/client.h" #include "google/cloud/internal/make_status.h" +#include "google/cloud/internal/unified_rest_credentials.h" #if GOOGLE_CLOUD_CPP_STORAGE_HAVE_GRPC #include "google/cloud/storage/internal/grpc/ctype_cord_workaround.h" #include "google/cloud/grpc_error_delegate.h" @@ -260,8 +261,9 @@ class DownloadObjectLibcurl : public ThroughputExperiment { : endpoint_(options.rest_options.get()), target_api_version_path_( options.rest_options.get()), - creds_(google::cloud::storage::oauth2::GoogleDefaultCredentials() - .value()) { + // creds_(google::cloud::storage::oauth2::GoogleDefaultCredentials() + // .value()) { + creds_(rest_internal::MapCredentials(*MakeGoogleDefaultCredentials())) { if (target_api_version_path_.empty()) { target_api_version_path_ = "v1"; } @@ -271,13 +273,14 @@ class DownloadObjectLibcurl : public ThroughputExperiment { ThroughputResult Run(std::string const& bucket_name, std::string const& object_name, ThroughputExperimentConfig const& config) override { - auto header = creds_->AuthorizationHeader(); - if (!header) return {}; + auto token = creds_->GetToken(std::chrono::system_clock::now()); + if (!token) return {}; + auto header = std::string{"Authorization: "} + token->token; auto const start = std::chrono::system_clock::now(); auto timer = Timer::PerThread(); struct curl_slist* slist1 = nullptr; - slist1 = curl_slist_append(slist1, header->c_str()); + slist1 = curl_slist_append(slist1, header.c_str()); auto* hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_BUFFERSIZE, 102400L); @@ -339,7 +342,8 @@ class DownloadObjectLibcurl : public ThroughputExperiment { private: std::string endpoint_; std::string target_api_version_path_; - std::shared_ptr creds_; + // std::shared_ptr creds_; + std::shared_ptr creds_; }; #if GOOGLE_CLOUD_CPP_STORAGE_HAVE_GRPC diff --git a/google/cloud/storage/client.cc b/google/cloud/storage/client.cc index 1758c361e5b70..9fd580acbc4f5 100644 --- a/google/cloud/storage/client.cc +++ b/google/cloud/storage/client.cc @@ -16,10 +16,10 @@ #include "google/cloud/storage/idempotency_policy.h" #include "google/cloud/storage/internal/base64.h" #include "google/cloud/storage/internal/connection_factory.h" -#include "google/cloud/storage/internal/unified_rest_credentials.h" -#include "google/cloud/storage/oauth2/credentials.h" -#include "google/cloud/storage/oauth2/google_credentials.h" -#include "google/cloud/storage/oauth2/service_account_credentials.h" +// #include "google/cloud/storage/internal/unified_rest_credentials.h" +// #include "google/cloud/storage/oauth2/credentials.h" +// #include "google/cloud/storage/oauth2/google_credentials.h" +// #include "google/cloud/storage/oauth2/service_account_credentials.h" #include "google/cloud/storage/options.h" #include "google/cloud/internal/absl_str_cat_quiet.h" #include "google/cloud/internal/absl_str_join_quiet.h" @@ -33,6 +33,8 @@ #include "google/cloud/internal/rest_options.h" #include "google/cloud/internal/rest_response.h" #include "google/cloud/internal/service_endpoint.h" +#include "google/cloud/internal/sha256_hash.h" +#include "google/cloud/internal/unified_rest_credentials.h" #include "google/cloud/log.h" #include "google/cloud/opentelemetry_options.h" #include "google/cloud/universe_domain_options.h" @@ -52,6 +54,34 @@ namespace cloud { namespace storage { GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN +namespace { +class WrapRestCredentials { + public: + explicit WrapRestCredentials( + std::shared_ptr impl) + : impl_(std::move(impl)) {} + + StatusOr AuthorizationHeader() { + std::cout << __PRETTY_FUNCTION__ << std::endl; + return oauth2_internal::AuthenticationHeaderJoined(*impl_); + } + + StatusOr> SignBlob( + SigningAccount const& signing_account, std::string const& blob) const { + std::cout << __PRETTY_FUNCTION__ << std::endl; + return impl_->SignBlob(signing_account.value_or(impl_->AccountEmail()), + blob); + } + + std::string AccountEmail() const { return impl_->AccountEmail(); } + std::string KeyId() const { return impl_->KeyId(); } + + private: + std::shared_ptr impl_; +}; + +} // namespace + using ::google::cloud::rest_internal::CurlHandle; static_assert(std::is_copy_constructible::value, @@ -249,19 +279,35 @@ std::string Client::SigningEmail(SigningAccount const& signing_account) const { if (signing_account.has_value()) { return signing_account.value(); } - return connection_->options().get()->AccountEmail(); + + auto credentials = WrapRestCredentials(rest_internal::MapCredentials( + *connection_->options().get())); + return credentials.AccountEmail(); + + // return + // connection_->options().get()->AccountEmail(); } StatusOr Client::SignBlobImpl( SigningAccount const& signing_account, std::string const& string_to_sign) { - auto credentials = connection_->options().get(); + std::cout << __func__ << ": signing_account 1=" << signing_account.name() + << std::endl; + + // auto credentials = connection_->options().get(); + assert(connection_->options().has()); + auto credentials = WrapRestCredentials(rest_internal::MapCredentials( + *connection_->options().get())); + std::cout << __func__ << ": signing_account 2=" << signing_account.name() + << std::endl; // First try to sign locally. - auto signed_blob = credentials->SignBlob(signing_account, string_to_sign); + auto signed_blob = credentials.SignBlob(signing_account, string_to_sign); if (signed_blob) { - return SignBlobResponseRaw{credentials->KeyId(), *std::move(signed_blob)}; + std::cout << __func__ << ": signed locally" << std::endl; + return SignBlobResponseRaw{credentials.KeyId(), *std::move(signed_blob)}; } + std::cout << __func__ << ": signed locally FAILED" << std::endl; // If signing locally fails that may be because the credentials do not // support signing, or because the signing account is different than the // credentials account. In either case, try to sign using the API. @@ -315,6 +361,8 @@ StatusOr Client::SignUrlV4(internal::V4SignUrlRequest request) { request.AddMissingRequiredHeaders(); SigningAccount const& signing_account = request.signing_account(); auto signing_email = SigningEmail(signing_account); + std::cout << __PRETTY_FUNCTION__ << ": signing_email=" << signing_email + << std::endl; auto string_to_sign = request.StringToSign(signing_email); auto signed_blob = SignBlobImpl(signing_account, string_to_sign); @@ -338,8 +386,12 @@ StatusOr Client::SignUrlV4(internal::V4SignUrlRequest request) { StatusOr Client::SignPolicyDocument( internal::PolicyDocumentRequest const& request) { + // std::cout << __func__ << std::endl; SigningAccount const& signing_account = request.signing_account(); + // std::cout << __func__ << ": signing_account.name()=" << + // signing_account.name() << std::endl; auto signing_email = SigningEmail(signing_account); + // std::cout << __func__ << ": signing_email=" << signing_email << std::endl; auto string_to_sign = request.StringToSign(); auto base64_policy = internal::Base64Encode(string_to_sign); @@ -480,8 +532,12 @@ Options ApplyPolicy(Options opts, IdempotencyPolicy const& p) { return opts; } -Options DefaultOptions(std::shared_ptr credentials, +Options DefaultOptions(std::shared_ptr, Options opts) { + return DefaultOptions(opts); +} + +Options DefaultOptions(Options opts) { auto ud = GetEnv("GOOGLE_CLOUD_UNIVERSE_DOMAIN"); if (ud && !ud->empty()) { opts.set(*std::move(ud)); @@ -491,38 +547,39 @@ Options DefaultOptions(std::shared_ptr credentials, auto iam_ep = absl::StrCat(google::cloud::internal::UniverseDomainEndpoint( "https://iamcredentials.googleapis.com", opts), "/v1"); - auto o = - Options{} - .set(std::move(credentials)) - .set(std::move(gcs_ep)) - .set(std::move(iam_ep)) - .set("v1") - .set(DefaultConnectionPoolSize()) - .set( - GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_DOWNLOAD_BUFFER_SIZE) - .set( - GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_UPLOAD_BUFFER_SIZE) - .set( - GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_MAXIMUM_SIMPLE_UPLOAD_SIZE) - .set(true) - .set(true) - .set(0) - .set(0) - .set(std::chrono::seconds( - GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_DOWNLOAD_STALL_TIMEOUT)) - .set(1) - .set(1) - .set( - LimitedTimeRetryPolicy( - STORAGE_CLIENT_DEFAULT_MAXIMUM_RETRY_PERIOD) - .clone()) - .set( - ExponentialBackoffPolicy( - STORAGE_CLIENT_DEFAULT_INITIAL_BACKOFF_DELAY, - STORAGE_CLIENT_DEFAULT_MAXIMUM_BACKOFF_DELAY, - STORAGE_CLIENT_DEFAULT_BACKOFF_SCALING) - .clone()) - .set(AlwaysRetryIdempotencyPolicy().clone()); + Options o; + if (!opts.has()) { + o.set(MakeGoogleDefaultCredentials()); + } + o + // .set(std::move(credentials)) + .set(std::move(gcs_ep)) + .set(std::move(iam_ep)) + .set("v1") + .set(DefaultConnectionPoolSize()) + .set( + GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_DOWNLOAD_BUFFER_SIZE) + .set( + GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_UPLOAD_BUFFER_SIZE) + .set( + GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_MAXIMUM_SIMPLE_UPLOAD_SIZE) + .set(true) + .set(true) + .set(0) + .set(0) + .set(std::chrono::seconds( + GOOGLE_CLOUD_CPP_STORAGE_DEFAULT_DOWNLOAD_STALL_TIMEOUT)) + .set(1) + .set(1) + .set( + LimitedTimeRetryPolicy(STORAGE_CLIENT_DEFAULT_MAXIMUM_RETRY_PERIOD) + .clone()) + .set( + ExponentialBackoffPolicy(STORAGE_CLIENT_DEFAULT_INITIAL_BACKOFF_DELAY, + STORAGE_CLIENT_DEFAULT_MAXIMUM_BACKOFF_DELAY, + STORAGE_CLIENT_DEFAULT_BACKOFF_SCALING) + .clone()) + .set(AlwaysRetryIdempotencyPolicy().clone()); o = google::cloud::internal::MergeOptions(std::move(opts), std::move(o)); // If the application did not set `DownloadStallTimeoutOption` then use the @@ -596,22 +653,24 @@ Options DefaultOptions(std::shared_ptr credentials, } Options DefaultOptionsWithCredentials(Options opts) { - if (opts.has()) { - auto credentials = opts.get(); - return internal::DefaultOptions(std::move(credentials), std::move(opts)); - } + // if (opts.has()) { + // auto credentials = opts.get(); + // return internal::DefaultOptions(std::move(credentials), std::move(opts)); + // } if (opts.has()) { auto credentials = - internal::MapCredentials(*opts.get()); + rest_internal::MapCredentials(*opts.get()); return internal::DefaultOptions(std::move(credentials), std::move(opts)); } if (GetEmulator().has_value()) { return internal::DefaultOptions( - internal::MapCredentials(*google::cloud::MakeInsecureCredentials()), + rest_internal::MapCredentials( + *google::cloud::MakeInsecureCredentials()), std::move(opts)); } - auto credentials = - internal::MapCredentials(*google::cloud::MakeGoogleDefaultCredentials( + std::cout << __func__ << ": MakeGoogleDefaultCredentials" << std::endl; + auto credentials = rest_internal::MapCredentials( + *google::cloud::MakeGoogleDefaultCredentials( google::cloud::internal::MakeAuthOptions(opts))); return internal::DefaultOptions(std::move(credentials), std::move(opts)); } diff --git a/google/cloud/storage/client.h b/google/cloud/storage/client.h index 6c8b8ec463d6f..60ddf2cec386a 100644 --- a/google/cloud/storage/client.h +++ b/google/cloud/storage/client.h @@ -35,6 +35,7 @@ #include "google/cloud/storage/upload_options.h" #include "google/cloud/storage/version.h" #include "google/cloud/internal/group_options.h" +#include "google/cloud/internal/oauth2_credentials.h" #include "google/cloud/internal/throw_delegate.h" #include "google/cloud/options.h" #include "google/cloud/status.h" @@ -67,8 +68,9 @@ Options ApplyPolicies(Options opts, P&& head, Policies&&... tail) { return ApplyPolicies(std::move(opts), std::forward(tail)...); } -Options DefaultOptions(std::shared_ptr credentials, - Options opts); +Options DefaultOptions( + std::shared_ptr credentials, Options opts); +Options DefaultOptions(Options opts = {}); Options DefaultOptionsWithCredentials(Options opts); } // namespace internal diff --git a/google/cloud/storage/client_test.cc b/google/cloud/storage/client_test.cc index f3dd8ae3a7310..5790267efd128 100644 --- a/google/cloud/storage/client_test.cc +++ b/google/cloud/storage/client_test.cc @@ -261,8 +261,7 @@ TEST_F(ClientTest, OTelDisableTracing) { TEST_F(ClientTest, EndpointsDefault) { testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_EMULATOR_ENDPOINT", {}); - auto options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto options = internal::DefaultOptions(); EXPECT_EQ("https://storage.googleapis.com", options.get()); EXPECT_EQ("https://iamcredentials.googleapis.com/v1", @@ -273,7 +272,7 @@ TEST_F(ClientTest, EndpointsOverride) { testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_EMULATOR_ENDPOINT", {}); auto options = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), + Options{}.set("http://127.0.0.1.nip.io:1234")); EXPECT_EQ("http://127.0.0.1.nip.io:1234", options.get()); EXPECT_EQ("https://iamcredentials.googleapis.com/v1", @@ -283,8 +282,7 @@ TEST_F(ClientTest, EndpointsOverride) { TEST_F(ClientTest, EndpointsEmulator) { testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_EMULATOR_ENDPOINT", "http://localhost:1234"); - auto options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto options = internal::DefaultOptions(); EXPECT_EQ("http://localhost:1234", options.get()); EXPECT_EQ("http://localhost:1234/iamapi", options.get()); } @@ -293,23 +291,21 @@ TEST_F(ClientTest, OldEndpointsEmulator) { google::cloud::testing_util::UnsetEnv("CLOUD_STORAGE_EMULATOR_ENDPOINT"); testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_TESTBENCH_ENDPOINT", "http://localhost:1234"); - auto options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto options = internal::DefaultOptions(); EXPECT_EQ("http://localhost:1234", options.get()); EXPECT_EQ("http://localhost:1234/iamapi", options.get()); } TEST_F(ClientTest, DefaultOptions) { - auto o = internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto o = internal::DefaultOptions(); EXPECT_EQ("https://storage.googleapis.com", o.get()); // Verify any set values are respected overridden. o = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set("https://private.googleapis.com")); EXPECT_EQ("https://private.googleapis.com", o.get()); - o = internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + o = internal::DefaultOptions(); EXPECT_EQ("https://storage.googleapis.com", o.get()); EXPECT_EQ("https://iamcredentials.googleapis.com/v1", o.get()); @@ -354,7 +350,6 @@ TEST_F(ClientTest, DefaultOptions) { TEST_F(ClientTest, IncorporatesUniverseDomain) { auto o = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set( "my-ud.net")); EXPECT_EQ(o.get(), "https://storage.my-ud.net"); @@ -365,7 +360,6 @@ TEST_F(ClientTest, IncorporatesUniverseDomainEnvVar) { ScopedEnvironment ud("GOOGLE_CLOUD_UNIVERSE_DOMAIN", "ud-env-var.net"); auto o = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set( "ud-option.net")); EXPECT_EQ(o.get(), "https://storage.ud-env-var.net"); @@ -377,7 +371,6 @@ TEST_F(ClientTest, CustomEndpointOverridesUniverseDomain) { ScopedEnvironment ud("GOOGLE_CLOUD_UNIVERSE_DOMAIN", "ud-env-var.net"); auto o = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{} .set("https://custom-storage.googleapis.com") .set( @@ -392,7 +385,6 @@ TEST_F(ClientTest, CustomEndpointOverridesUniverseDomain) { TEST_F(ClientTest, HttpVersion) { namespace rest = ::google::cloud::rest_internal; auto const options = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set("2.0")); EXPECT_EQ("2.0", options.get()); } @@ -400,7 +392,6 @@ TEST_F(ClientTest, HttpVersion) { TEST_F(ClientTest, CAPathOption) { namespace rest = ::google::cloud::rest_internal; auto const options = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set("test-only")); EXPECT_EQ("test-only", options.get()); } @@ -409,8 +400,7 @@ TEST_F(ClientTest, LoggingWithoutEnv) { ScopedEnvironment env_common("GOOGLE_CLOUD_CPP_ENABLE_TRACING", absl::nullopt); ScopedEnvironment env("CLOUD_STORAGE_ENABLE_TRACING", absl::nullopt); - auto const options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto const options = internal::DefaultOptions(); EXPECT_FALSE(options.has()); } @@ -418,8 +408,7 @@ TEST_F(ClientTest, LoggingWithEnv) { ScopedEnvironment env_common("GOOGLE_CLOUD_CPP_ENABLE_TRACING", absl::nullopt); ScopedEnvironment env("CLOUD_STORAGE_ENABLE_TRACING", "rpc,http"); - auto const options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto const options = internal::DefaultOptions(); EXPECT_THAT(options.get(), UnorderedElementsAre("rpc", "http")); } @@ -427,43 +416,37 @@ TEST_F(ClientTest, LoggingWithEnv) { TEST_F(ClientTest, TracingWithoutEnv) { ScopedEnvironment env("GOOGLE_CLOUD_CPP_OPENTELEMETRY_TRACING", absl::nullopt); - auto options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto options = internal::DefaultOptions(); EXPECT_FALSE(options.get()); options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), - Options{}.set(true)); + internal::DefaultOptions(Options{}.set(true)); EXPECT_TRUE(options.get()); } TEST_F(ClientTest, TracingWithEnv) { ScopedEnvironment env("GOOGLE_CLOUD_CPP_OPENTELEMETRY_TRACING", "ON"); auto const options = internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{}.set(false)); EXPECT_TRUE(options.get()); } TEST_F(ClientTest, ProjectIdWithoutEnv) { ScopedEnvironment env("GOOGLE_CLOUD_PROJECT", absl::nullopt); - auto const options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto const options = internal::DefaultOptions(); EXPECT_FALSE(options.has()); } TEST_F(ClientTest, ProjectIdtWithEnv) { ScopedEnvironment env("GOOGLE_CLOUD_PROJECT", "my-project"); - auto const options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), {}); + auto const options = internal::DefaultOptions(); EXPECT_EQ("my-project", options.get()); } TEST_F(ClientTest, OverrideWithRestInternal) { namespace rest = ::google::cloud::rest_internal; auto const options = - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), - Options{} + internal::DefaultOptions(Options{} .set(1234) .set(2345)); EXPECT_EQ(1234, options.get()); @@ -472,29 +455,24 @@ TEST_F(ClientTest, OverrideWithRestInternal) { TEST_F(ClientTest, Timeouts) { EXPECT_EQ(std::chrono::seconds(42), - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), - Options{}.set( + internal::DefaultOptions(Options{}.set( std::chrono::seconds(42))) .get()); EXPECT_EQ(std::chrono::seconds(7), internal::DefaultOptions( - oauth2::CreateAnonymousCredentials(), Options{} .set(std::chrono::seconds(42)) .set(std::chrono::seconds(7))) .get()); EXPECT_EQ(std::chrono::seconds(7), - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), - Options{}.set( + internal::DefaultOptions(Options{}.set( std::chrono::seconds(7))) .get()); - EXPECT_NE( - std::chrono::seconds(0), - internal::DefaultOptions(oauth2::CreateAnonymousCredentials(), Options{}) - .get()); + EXPECT_NE(std::chrono::seconds(0), + internal::DefaultOptions().get()); } } // namespace diff --git a/google/cloud/storage/internal/access_token_credentials.cc b/google/cloud/storage/internal/access_token_credentials.cc index f0315c76adb1a..378e66a509dfd 100644 --- a/google/cloud/storage/internal/access_token_credentials.cc +++ b/google/cloud/storage/internal/access_token_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/access_token_credentials.h" namespace google { @@ -33,3 +33,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/access_token_credentials.h b/google/cloud/storage/internal/access_token_credentials.h index 5e8920d3b93a0..f605ede03ab57 100644 --- a/google/cloud/storage/internal/access_token_credentials.h +++ b/google/cloud/storage/internal/access_token_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ACCESS_TOKEN_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ACCESS_TOKEN_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include "google/cloud/internal/credentials_impl.h" @@ -42,5 +42,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ACCESS_TOKEN_CREDENTIALS_H diff --git a/google/cloud/storage/internal/access_token_credentials_test.cc b/google/cloud/storage/internal/access_token_credentials_test.cc index b668d628d758f..c347d900dc24b 100644 --- a/google/cloud/storage/internal/access_token_credentials_test.cc +++ b/google/cloud/storage/internal/access_token_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/access_token_credentials.h" #include "google/cloud/testing_util/status_matchers.h" #include @@ -42,3 +42,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/error_credentials.cc b/google/cloud/storage/internal/error_credentials.cc index bea0279b63952..ffbc7d9ea6354 100644 --- a/google/cloud/storage/internal/error_credentials.cc +++ b/google/cloud/storage/internal/error_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/error_credentials.h" namespace google { @@ -29,3 +29,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/error_credentials.h b/google/cloud/storage/internal/error_credentials.h index 56a394d0be9a2..c294d4da59b6d 100644 --- a/google/cloud/storage/internal/error_credentials.h +++ b/google/cloud/storage/internal/error_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ERROR_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ERROR_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include @@ -61,5 +61,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_ERROR_CREDENTIALS_H diff --git a/google/cloud/storage/internal/grpc/default_options.cc b/google/cloud/storage/internal/grpc/default_options.cc index 77cfc1803f893..34e37697cfab8 100644 --- a/google/cloud/storage/internal/grpc/default_options.cc +++ b/google/cloud/storage/internal/grpc/default_options.cc @@ -72,18 +72,27 @@ Options DefaultOptionsGrpc( storage::internal::DefaultOptionsWithCredentials(std::move(options)); if (!options.has() && !options.has()) { + std::cout << __func__ + << ": !options.has() && " + "!options.has()" + << std::endl; options.set( google::cloud::MakeGoogleDefaultCredentials( google::cloud::internal::MakeAuthOptions(options))); } + auto const conformance = + GetEnv("GOOGLE_CLOUD_CPP_STORAGE_TEST_SIGNING_CONFORMANCE_FILENAME"); auto const testbench = GetEnv("CLOUD_STORAGE_EXPERIMENTAL_GRPC_TESTBENCH_ENDPOINT"); - if (testbench.has_value() && !testbench->empty()) { + if (testbench.has_value() && !testbench->empty() && + !conformance.has_value()) { options.set(*testbench); // The emulator does not support HTTPS or authentication, use insecure // (sometimes called "anonymous") credentials, which disable SSL. options.set(MakeInsecureCredentials()); + std::cout << __func__ << ": testbench detected forcing InsecureCredentials" + << std::endl; } // gRPC <= 1.64 may crash when metrics are enabled, so we don't enable them by diff --git a/google/cloud/storage/internal/impersonate_service_account_credentials.cc b/google/cloud/storage/internal/impersonate_service_account_credentials.cc index f63f325eedea9..578f74f86def4 100644 --- a/google/cloud/storage/internal/impersonate_service_account_credentials.cc +++ b/google/cloud/storage/internal/impersonate_service_account_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/impersonate_service_account_credentials.h" #include "google/cloud/internal/rest_client.h" #include "google/cloud/internal/unified_rest_credentials.h" @@ -76,3 +76,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/impersonate_service_account_credentials.h b/google/cloud/storage/internal/impersonate_service_account_credentials.h index 463868eab93f5..643d07a7ea20a 100644 --- a/google/cloud/storage/internal/impersonate_service_account_credentials.h +++ b/google/cloud/storage/internal/impersonate_service_account_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_IMPERSONATE_SERVICE_ACCOUNT_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_IMPERSONATE_SERVICE_ACCOUNT_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include "google/cloud/credentials.h" @@ -54,5 +54,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_IMPERSONATE_SERVICE_ACCOUNT_CREDENTIALS_H diff --git a/google/cloud/storage/internal/impersonate_service_account_credentials_test.cc b/google/cloud/storage/internal/impersonate_service_account_credentials_test.cc index e4009eafeea03..497fb1ba3a245 100644 --- a/google/cloud/storage/internal/impersonate_service_account_credentials_test.cc +++ b/google/cloud/storage/internal/impersonate_service_account_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/impersonate_service_account_credentials.h" #include "google/cloud/testing_util/status_matchers.h" #include @@ -78,3 +78,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/object_write_streambuf_test.cc b/google/cloud/storage/internal/object_write_streambuf_test.cc index 9b401ab4cd750..c25052961c9da 100644 --- a/google/cloud/storage/internal/object_write_streambuf_test.cc +++ b/google/cloud/storage/internal/object_write_streambuf_test.cc @@ -444,7 +444,7 @@ TEST(ObjectWriteStreambufTest, Regression8868) { auto retry = StorageConnectionImpl::Create(std::move(mock)); google::cloud::internal::OptionsSpan const span( Options{} - .set(oauth2::CreateAnonymousCredentials()) + .set(MakeInsecureCredentials()) .set(LimitedErrorCountRetryPolicy(3).clone()) .set( ExponentialBackoffPolicy(us(1), us(2), 2).clone()) diff --git a/google/cloud/storage/internal/rest/stub.cc b/google/cloud/storage/internal/rest/stub.cc index 62acc29fc847e..0534b41e31155 100644 --- a/google/cloud/storage/internal/rest/stub.cc +++ b/google/cloud/storage/internal/rest/stub.cc @@ -25,13 +25,16 @@ #include "google/cloud/storage/internal/rest/object_read_source.h" #include "google/cloud/storage/internal/rest/request_builder.h" #include "google/cloud/storage/internal/service_account_parser.h" +#include "google/cloud/storage/signed_url_options.h" #include "google/cloud/storage/version.h" #include "google/cloud/internal/absl_str_cat_quiet.h" #include "google/cloud/internal/auth_header_error.h" #include "google/cloud/internal/curl_wrappers.h" #include "google/cloud/internal/getenv.h" #include "google/cloud/internal/make_status.h" +#include "google/cloud/internal/oauth2_credentials.h" #include "google/cloud/internal/rest_options.h" +#include "google/cloud/internal/unified_rest_credentials.h" #include "google/cloud/internal/url_encode.h" #include "absl/strings/match.h" #include "absl/strings/strip.h" @@ -108,15 +111,45 @@ StatusOr CreateFromJson( return ReturnType::CreateFromJson(*payload); } -Status AddAuthorizationHeader(Options const& options, - RestRequestBuilder& builder) { +class WrapRestCredentials { + public: + explicit WrapRestCredentials( + std::shared_ptr impl) + : impl_(std::move(impl)) {} + + StatusOr AuthorizationHeader() { + std::cout << __PRETTY_FUNCTION__ << std::endl; + return oauth2_internal::AuthenticationHeaderJoined(*impl_); + } + + StatusOr> SignBlob( + SigningAccount const& signing_account, std::string const& blob) const { + return impl_->SignBlob(signing_account.value_or(impl_->AccountEmail()), + blob); + } + + std::string AccountEmail() const { return impl_->AccountEmail(); } + std::string KeyId() const { return impl_->KeyId(); } + + private: + std::shared_ptr impl_; +}; + +Status AddAuthorizationHeader(Options const&, RestRequestBuilder&) { + std::cout << __func__ << ": SKIPPED" << std::endl; +#if 0 // In tests this option may not be set. And over time we want to retire it. - if (!options.has()) return {}; - auto auth_header = - options.get()->AuthorizationHeader(); + if (!options.has()) { + std::cout << __func__ << ": no UnifiedCredentialsOption" << std::endl; + return {}; + } + auto creds = options.get(); + auto auth_header = WrapRestCredentials( + rest_internal::MapCredentials(*creds)).AuthorizationHeader(); if (!auth_header) return AuthHeaderError(std::move(auth_header).status()); builder.AddHeader("Authorization", std::string(absl::StripPrefix( *auth_header, "Authorization: "))); +#endif return {}; } diff --git a/google/cloud/storage/internal/unified_rest_credentials.cc b/google/cloud/storage/internal/unified_rest_credentials.cc index 88045788f734b..686c33a36addf 100644 --- a/google/cloud/storage/internal/unified_rest_credentials.cc +++ b/google/cloud/storage/internal/unified_rest_credentials.cc @@ -11,18 +11,20 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - -#include "google/cloud/storage/internal/unified_rest_credentials.h" -#include "google/cloud/storage/internal/access_token_credentials.h" -#include "google/cloud/storage/internal/error_credentials.h" -#include "google/cloud/storage/internal/impersonate_service_account_credentials.h" +#if 0 +// #include "google/cloud/storage/internal/unified_rest_credentials.h" +// #include "google/cloud/storage/internal/access_token_credentials.h" +// #include "google/cloud/storage/internal/error_credentials.h" +// #include "google/cloud/storage/internal/impersonate_service_account_credentials.h" #include "google/cloud/storage/oauth2/google_credentials.h" #include "google/cloud/storage/oauth2/service_account_credentials.h" #include "google/cloud/internal/getenv.h" #include "google/cloud/internal/oauth2_access_token_credentials.h" +#include "google/cloud/internal/oauth2_anonymous_credentials.h" #include "google/cloud/internal/oauth2_compute_engine_credentials.h" #include "google/cloud/internal/oauth2_credentials.h" #include "google/cloud/internal/oauth2_decorate_credentials.h" +#include "google/cloud/internal/oauth2_error_credentials.h" #include "google/cloud/internal/oauth2_external_account_credentials.h" #include "google/cloud/internal/oauth2_google_credentials.h" #include "google/cloud/internal/oauth2_service_account_credentials.h" @@ -50,8 +52,8 @@ using ::google::cloud::internal::InsecureCredentialsConfig; using ::google::cloud::internal::ServiceAccountConfig; using ::google::cloud::oauth2_internal::Decorate; -std::shared_ptr MakeErrorCredentials(Status status) { - return std::make_shared(std::move(status)); +std::shared_ptr MakeErrorCredentials(Status status) { + return std::make_shared(std::move(status)); } class WrapRestCredentials : public oauth2::Credentials { @@ -77,40 +79,39 @@ class WrapRestCredentials : public oauth2::Credentials { private: std::shared_ptr impl_; }; - } // namespace -std::shared_ptr MapCredentials( +std::shared_ptr MapCredentials( google::cloud::Credentials const& credentials) { class RestVisitor : public CredentialsVisitor { public: explicit RestVisitor(oauth2_internal::HttpClientFactory client_factory) : client_factory_(std::move(client_factory)) {} - std::shared_ptr result; + std::shared_ptr result; void visit(ErrorCredentialsConfig const& cfg) override { result = MakeErrorCredentials(cfg.status()); } void visit(InsecureCredentialsConfig const&) override { - result = google::cloud::storage::oauth2::CreateAnonymousCredentials(); + result = std::make_shared(); } void visit(GoogleDefaultCredentialsConfig const& cfg) override { auto credentials = oauth2_internal::GoogleDefaultCredentials( cfg.options(), std::move(client_factory_)); if (credentials) { - result = std::make_shared( - Decorate(*std::move(credentials), cfg.options())); + result = + Decorate(*std::move(credentials), cfg.options()); return; } result = MakeErrorCredentials(std::move(credentials).status()); } void visit(AccessTokenConfig const& cfg) override { - result = std::make_shared(cfg.access_token()); + result = std::make_shared(cfg.access_token()); } void visit(ImpersonateServiceAccountConfig const& config) override { - result = std::make_shared(config); + result = std::make_shared(config); } void visit(ServiceAccountConfig const& cfg) override { auto info = oauth2::ParseServiceAccountCredentials(cfg.json_object(), {}); @@ -168,3 +169,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/internal/unified_rest_credentials.h b/google/cloud/storage/internal/unified_rest_credentials.h index 480cfaddea161..4236956907c5b 100644 --- a/google/cloud/storage/internal/unified_rest_credentials.h +++ b/google/cloud/storage/internal/unified_rest_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_UNIFIED_REST_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_UNIFIED_REST_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include "google/cloud/credentials.h" @@ -34,5 +34,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_INTERNAL_UNIFIED_REST_CREDENTIALS_H diff --git a/google/cloud/storage/internal/unified_rest_credentials_test.cc b/google/cloud/storage/internal/unified_rest_credentials_test.cc index 237d7cacdb7d3..4449ef11e8eff 100644 --- a/google/cloud/storage/internal/unified_rest_credentials_test.cc +++ b/google/cloud/storage/internal/unified_rest_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/internal/unified_rest_credentials.h" #include "google/cloud/storage/testing/constants.h" #include "google/cloud/internal/credentials_impl.h" @@ -135,3 +135,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/anonymous_credentials.cc b/google/cloud/storage/oauth2/anonymous_credentials.cc index faaf664a95e18..4cd01fd7ec1fe 100644 --- a/google/cloud/storage/oauth2/anonymous_credentials.cc +++ b/google/cloud/storage/oauth2/anonymous_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/anonymous_credentials.h" namespace google { @@ -29,3 +29,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/anonymous_credentials.h b/google/cloud/storage/oauth2/anonymous_credentials.h index 21b54463f5b7b..9b71aee703304 100644 --- a/google/cloud/storage/oauth2/anonymous_credentials.h +++ b/google/cloud/storage/oauth2/anonymous_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_ANONYMOUS_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_ANONYMOUS_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include @@ -56,5 +56,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_ANONYMOUS_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/anonymous_credentials_test.cc b/google/cloud/storage/oauth2/anonymous_credentials_test.cc index 3404352fb6075..884aae0aad058 100644 --- a/google/cloud/storage/oauth2/anonymous_credentials_test.cc +++ b/google/cloud/storage/oauth2/anonymous_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/anonymous_credentials.h" #include "google/cloud/testing_util/status_matchers.h" #include @@ -39,3 +39,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/authorized_user_credentials.cc b/google/cloud/storage/oauth2/authorized_user_credentials.cc index 2aa7c4ba50bd7..6507484a318ff 100644 --- a/google/cloud/storage/oauth2/authorized_user_credentials.cc +++ b/google/cloud/storage/oauth2/authorized_user_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/authorized_user_credentials.h" #include #include @@ -101,3 +101,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/authorized_user_credentials.h b/google/cloud/storage/oauth2/authorized_user_credentials.h index 8393e73a5d4ce..fa3dcc651e0fe 100644 --- a/google/cloud/storage/oauth2/authorized_user_credentials.h +++ b/google/cloud/storage/oauth2/authorized_user_credentials.h @@ -14,7 +14,8 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_AUTHORIZED_USER_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_AUTHORIZED_USER_CREDENTIALS_H - +#if 0 +#include "google/cloud/storage/client_options.h" #include "google/cloud/storage/internal/curl/request_builder.h" #include "google/cloud/storage/internal/http_response.h" #include "google/cloud/storage/oauth2/credential_constants.h" @@ -192,5 +193,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_AUTHORIZED_USER_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/authorized_user_credentials_test.cc b/google/cloud/storage/oauth2/authorized_user_credentials_test.cc index 785f6e9ee7b92..601d6bd6d141a 100644 --- a/google/cloud/storage/oauth2/authorized_user_credentials_test.cc +++ b/google/cloud/storage/oauth2/authorized_user_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/authorized_user_credentials.h" #include "google/cloud/storage/oauth2/credential_constants.h" #include "google/cloud/storage/testing/mock_http_request.h" @@ -503,3 +503,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/compute_engine_credentials.cc b/google/cloud/storage/oauth2/compute_engine_credentials.cc index 088436bf8f074..6b5dd49607cd8 100644 --- a/google/cloud/storage/oauth2/compute_engine_credentials.cc +++ b/google/cloud/storage/oauth2/compute_engine_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/compute_engine_credentials.h" #include "google/cloud/internal/oauth2_cached_credentials.h" #include "google/cloud/internal/oauth2_compute_engine_credentials.h" @@ -84,3 +84,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/compute_engine_credentials.h b/google/cloud/storage/oauth2/compute_engine_credentials.h index 603fd331a4b06..bc3da451e999b 100644 --- a/google/cloud/storage/oauth2/compute_engine_credentials.h +++ b/google/cloud/storage/oauth2/compute_engine_credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_COMPUTE_ENGINE_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_COMPUTE_ENGINE_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/internal/base64.h" #include "google/cloud/storage/internal/compute_engine_util.h" #include "google/cloud/storage/internal/curl/request_builder.h" @@ -293,5 +293,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_COMPUTE_ENGINE_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/compute_engine_credentials_test.cc b/google/cloud/storage/oauth2/compute_engine_credentials_test.cc index c0116adbda333..52d7974c645db 100644 --- a/google/cloud/storage/oauth2/compute_engine_credentials_test.cc +++ b/google/cloud/storage/oauth2/compute_engine_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/compute_engine_credentials.h" #include "google/cloud/storage/internal/compute_engine_util.h" #include "google/cloud/storage/oauth2/credential_constants.h" @@ -504,3 +504,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/credential_constants.h b/google/cloud/storage/oauth2/credential_constants.h index b9081f9d3afa2..e0b5e0dd2a929 100644 --- a/google/cloud/storage/oauth2/credential_constants.h +++ b/google/cloud/storage/oauth2/credential_constants.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIAL_CONSTANTS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIAL_CONSTANTS_H - +#if 0 #include "google/cloud/storage/version.h" #include @@ -101,5 +101,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIAL_CONSTANTS_H diff --git a/google/cloud/storage/oauth2/credentials.cc b/google/cloud/storage/oauth2/credentials.cc index a2ce6d3a0629c..6fb7a6e35be8b 100644 --- a/google/cloud/storage/oauth2/credentials.cc +++ b/google/cloud/storage/oauth2/credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/internal/make_status.h" #include @@ -33,3 +33,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/credentials.h b/google/cloud/storage/oauth2/credentials.h index 1c8570dc6b895..dbc3f385fd32a 100644 --- a/google/cloud/storage/oauth2/credentials.h +++ b/google/cloud/storage/oauth2/credentials.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIALS_H - +#if 0 #include "google/cloud/storage/signed_url_options.h" #include "google/cloud/storage/version.h" #include "google/cloud/status.h" @@ -97,5 +97,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/google_application_default_credentials_file.cc b/google/cloud/storage/oauth2/google_application_default_credentials_file.cc index 2cf03f61b76c5..6f0623597595b 100644 --- a/google/cloud/storage/oauth2/google_application_default_credentials_file.cc +++ b/google/cloud/storage/oauth2/google_application_default_credentials_file.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/google_application_default_credentials_file.h" #include "google/cloud/internal/oauth2_google_application_default_credentials_file.h" @@ -46,3 +46,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/google_application_default_credentials_file.h b/google/cloud/storage/oauth2/google_application_default_credentials_file.h index 5c9b41d1c053c..d41abd474d7d7 100644 --- a/google/cloud/storage/oauth2/google_application_default_credentials_file.h +++ b/google/cloud/storage/oauth2/google_application_default_credentials_file.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_APPLICATION_DEFAULT_CREDENTIALS_FILE_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_APPLICATION_DEFAULT_CREDENTIALS_FILE_H - +#if 0 #include "google/cloud/storage/version.h" #include @@ -98,5 +98,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_APPLICATION_DEFAULT_CREDENTIALS_FILE_H diff --git a/google/cloud/storage/oauth2/google_application_default_credentials_file_test.cc b/google/cloud/storage/oauth2/google_application_default_credentials_file_test.cc index 02f01a7ba2f36..7a13fd1632a84 100644 --- a/google/cloud/storage/oauth2/google_application_default_credentials_file_test.cc +++ b/google/cloud/storage/oauth2/google_application_default_credentials_file_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google_application_default_credentials_file.h" #include "google/cloud/testing_util/scoped_environment.h" #include @@ -80,3 +80,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/google_credentials.cc b/google/cloud/storage/oauth2/google_credentials.cc index 357db5c71ac41..68440d8fa7dd6 100644 --- a/google/cloud/storage/oauth2/google_credentials.cc +++ b/google/cloud/storage/oauth2/google_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/google_credentials.h" #include "google/cloud/storage/internal/make_jwt_assertion.h" #include "google/cloud/storage/oauth2/anonymous_credentials.h" @@ -321,3 +321,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/google_credentials.h b/google/cloud/storage/oauth2/google_credentials.h index dd891ac1acad6..fe154a4a75d47 100644 --- a/google/cloud/storage/oauth2/google_credentials.h +++ b/google/cloud/storage/oauth2/google_credentials.h @@ -14,7 +14,8 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_CREDENTIALS_H - +#if 0 +#include "google/cloud/storage/client_options.h" #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/version.h" #include "google/cloud/optional.h" @@ -375,5 +376,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_GOOGLE_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/google_credentials_test.cc b/google/cloud/storage/oauth2/google_credentials_test.cc index 909fba2e3df7e..f58c69383796a 100644 --- a/google/cloud/storage/oauth2/google_credentials_test.cc +++ b/google/cloud/storage/oauth2/google_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/google_credentials.h" #include "google/cloud/storage/internal/compute_engine_util.h" #include "google/cloud/storage/oauth2/anonymous_credentials.h" @@ -560,3 +560,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/refreshing_credentials_wrapper.cc b/google/cloud/storage/oauth2/refreshing_credentials_wrapper.cc index ddb055c3512c5..67ee32e487076 100644 --- a/google/cloud/storage/oauth2/refreshing_credentials_wrapper.cc +++ b/google/cloud/storage/oauth2/refreshing_credentials_wrapper.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/refreshing_credentials_wrapper.h" #include "google/cloud/storage/oauth2/credential_constants.h" #include "google/cloud/internal/oauth2_refreshing_credentials_wrapper.h" @@ -51,3 +51,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/refreshing_credentials_wrapper.h b/google/cloud/storage/oauth2/refreshing_credentials_wrapper.h index 2f63398024904..8bf0835f06e0b 100644 --- a/google/cloud/storage/oauth2/refreshing_credentials_wrapper.h +++ b/google/cloud/storage/oauth2/refreshing_credentials_wrapper.h @@ -14,7 +14,7 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_REFRESHING_CREDENTIALS_WRAPPER_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_REFRESHING_CREDENTIALS_WRAPPER_H - +#if 0 #include "google/cloud/storage/version.h" #include "google/cloud/internal/oauth2_refreshing_credentials_wrapper.h" #include "google/cloud/status.h" @@ -102,5 +102,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_REFRESHING_CREDENTIALS_WRAPPER_H diff --git a/google/cloud/storage/oauth2/service_account_credentials.cc b/google/cloud/storage/oauth2/service_account_credentials.cc index 25a1bc4ce2f4e..a35fc21b86036 100644 --- a/google/cloud/storage/oauth2/service_account_credentials.cc +++ b/google/cloud/storage/oauth2/service_account_credentials.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/service_account_credentials.h" #include "google/cloud/storage/internal/base64.h" #include "google/cloud/storage/internal/make_jwt_assertion.h" @@ -156,3 +156,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/oauth2/service_account_credentials.h b/google/cloud/storage/oauth2/service_account_credentials.h index 9bc28128beee8..59796a8420ba7 100644 --- a/google/cloud/storage/oauth2/service_account_credentials.h +++ b/google/cloud/storage/oauth2/service_account_credentials.h @@ -14,7 +14,8 @@ #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_SERVICE_ACCOUNT_CREDENTIALS_H #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_SERVICE_ACCOUNT_CREDENTIALS_H - +#if 0 +#include "google/cloud/storage/client_options.h" #include "google/cloud/storage/internal/base64.h" #include "google/cloud/storage/internal/curl/request_builder.h" #include "google/cloud/storage/internal/http_response.h" @@ -392,5 +393,5 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google - +#endif #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OAUTH2_SERVICE_ACCOUNT_CREDENTIALS_H diff --git a/google/cloud/storage/oauth2/service_account_credentials_test.cc b/google/cloud/storage/oauth2/service_account_credentials_test.cc index 948095d24e30f..9570bed263bdb 100644 --- a/google/cloud/storage/oauth2/service_account_credentials_test.cc +++ b/google/cloud/storage/oauth2/service_account_credentials_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/service_account_credentials.h" #include "google/cloud/storage/oauth2/credential_constants.h" #include "google/cloud/storage/oauth2/google_credentials.h" @@ -884,3 +884,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/options.h b/google/cloud/storage/options.h index 4a5204e58dfb1..569b6e6d66790 100644 --- a/google/cloud/storage/options.h +++ b/google/cloud/storage/options.h @@ -16,7 +16,7 @@ #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_STORAGE_OPTIONS_H #include "google/cloud/storage/idempotency_policy.h" -#include "google/cloud/storage/oauth2/credentials.h" +// #include "google/cloud/storage/oauth2/credentials.h" #include "google/cloud/storage/retry_policy.h" #include "google/cloud/storage/version.h" #include "google/cloud/backoff_policy.h" @@ -97,9 +97,9 @@ struct IamEndpointOption { * @deprecated prefer using `google::cloud::UnifiedCredentialsOption` and the * unified credentials documented in @ref guac */ -struct Oauth2CredentialsOption { - using Type = std::shared_ptr; -}; +// struct Oauth2CredentialsOption { +// using Type = std::shared_ptr; +// }; /** * Set the Google Cloud Platform project id. @@ -332,7 +332,8 @@ struct IdempotencyPolicyOption { /// The complete list of options accepted by `storage::Client`. using ClientOptionList = ::google::cloud::OptionList< - RestEndpointOption, IamEndpointOption, Oauth2CredentialsOption, + RestEndpointOption, IamEndpointOption, + // Oauth2CredentialsOption, ProjectIdOption, ProjectIdOption, ConnectionPoolSizeOption, DownloadBufferSizeOption, UploadBufferSizeOption, EnableCurlSslLockingOption, EnableCurlSigpipeHandlerOption, diff --git a/google/cloud/storage/testing/mock_client.h b/google/cloud/storage/testing/mock_client.h index 0f63951d28920..9a4b31b13e916 100644 --- a/google/cloud/storage/testing/mock_client.h +++ b/google/cloud/storage/testing/mock_client.h @@ -176,9 +176,9 @@ class MockClient : public google::cloud::storage::internal::StorageConnection { (internal::GetNotificationRequest const&), (override)); MOCK_METHOD(StatusOr, DeleteNotification, (internal::DeleteNotificationRequest const&), (override)); - MOCK_METHOD( - StatusOr, AuthorizationHeader, - (std::shared_ptr const&)); + // MOCK_METHOD( + // StatusOr, AuthorizationHeader, + // (std::shared_ptr const&)); MOCK_METHOD(std::vector, InspectStackStructure, (), (const, override)); diff --git a/google/cloud/storage/tests/create_client_integration_test.cc b/google/cloud/storage/tests/create_client_integration_test.cc index fafdeedebd5fb..dc95d27f6eaa0 100644 --- a/google/cloud/storage/tests/create_client_integration_test.cc +++ b/google/cloud/storage/tests/create_client_integration_test.cc @@ -13,11 +13,12 @@ // limitations under the License. #include "google/cloud/storage/client.h" -#include "google/cloud/storage/internal/unified_rest_credentials.h" +// #include "google/cloud/internal/oauth2_credentials.h" #include "google/cloud/storage/testing/storage_integration_test.h" #include "google/cloud/storage/testing/temp_file.h" #include "google/cloud/credentials.h" #include "google/cloud/internal/getenv.h" +#include "google/cloud/internal/unified_rest_credentials.h" #include "google/cloud/testing_util/status_matchers.h" #include #include @@ -72,12 +73,14 @@ TEST_F(CreateClientIntegrationTest, DefaultWorks) { } TEST_F(CreateClientIntegrationTest, SettingPolicies) { - auto credentials = oauth2::CreateAnonymousCredentials(); +#if 0 + auto credentials = std::make_shared(); if (!UsingEmulator()) { auto c = oauth2::GoogleDefaultCredentials(); ASSERT_THAT(c, IsOk()); credentials = *std::move(c); } +#endif auto client = Client( Options{} .set( diff --git a/google/cloud/storage/tests/key_file_integration_test.cc b/google/cloud/storage/tests/key_file_integration_test.cc index fe7f8ee98f0b8..12872cf67fa40 100644 --- a/google/cloud/storage/tests/key_file_integration_test.cc +++ b/google/cloud/storage/tests/key_file_integration_test.cc @@ -19,6 +19,7 @@ #include "google/cloud/internal/rest_request.h" #include "google/cloud/testing_util/status_matchers.h" #include +#include #include namespace google { @@ -70,12 +71,17 @@ class KeyFileIntegrationTest TEST_P(KeyFileIntegrationTest, ObjectWriteSignAndReadDefaultAccount) { if (UsingGrpc()) GTEST_SKIP(); - auto credentials = - oauth2::CreateServiceAccountCredentialsFromFilePath(key_filename_); - ASSERT_STATUS_OK(credentials); + auto credentials = MakeServiceAccountCredentialsFromFile(key_filename_); + // auto is = std::ifstream(key_filename_); + // // is.exceptions(std::ios::badbit); // Minimal error handling in examples + // auto contents = std::string(std::istreambuf_iterator(is.rdbuf()), + // {}); + // + // auto credentials = MakeServiceAccountCredentials(contents); + // ASSERT_STATUS_OK(credentials); auto client = MakeIntegrationTestClient( - Options{}.set(*credentials)); + Options{}.set(credentials)); auto object_name = MakeRandomObjectName(); std::string expected = LoremIpsum(); @@ -98,12 +104,19 @@ TEST_P(KeyFileIntegrationTest, ObjectWriteSignAndReadDefaultAccount) { TEST_P(KeyFileIntegrationTest, ObjectWriteSignAndReadExplicitAccount) { if (UsingGrpc()) GTEST_SKIP(); - auto credentials = - oauth2::CreateServiceAccountCredentialsFromFilePath(key_filename_); - ASSERT_STATUS_OK(credentials); + auto credentials = MakeServiceAccountCredentialsFromFile(key_filename_); + // ASSERT_STATUS_OK(credentials); + + // auto is = std::ifstream(key_filename_); + // // is.exceptions(std::ios::badbit); // Minimal error handling in examples + // auto contents = std::string(std::istreambuf_iterator(is.rdbuf()), + // {}); + // + // auto credentials = MakeServiceAccountCredentials(contents); + // ASSERT_STATUS_OK(credentials); auto client = MakeIntegrationTestClient( - Options{}.set(*credentials)); + Options{}.set(credentials)); auto object_name = MakeRandomObjectName(); std::string expected = LoremIpsum(); diff --git a/google/cloud/storage/tests/service_account_credentials_integration_test.cc b/google/cloud/storage/tests/service_account_credentials_integration_test.cc index 5959030c32f29..8a4e88d6e0662 100644 --- a/google/cloud/storage/tests/service_account_credentials_integration_test.cc +++ b/google/cloud/storage/tests/service_account_credentials_integration_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/oauth2/google_credentials.h" #include "google/cloud/storage/testing/retry_http_request.h" #include "google/cloud/storage/testing/storage_integration_test.h" @@ -71,3 +71,4 @@ TEST_F(ServiceAccountCredentialsTest, UserInfoOAuth2) { } // namespace storage } // namespace cloud } // namespace google +#endif diff --git a/google/cloud/storage/tests/signed_url_conformance_test.cc b/google/cloud/storage/tests/signed_url_conformance_test.cc index d50dbb2014b08..e537e45c38f6c 100644 --- a/google/cloud/storage/tests/signed_url_conformance_test.cc +++ b/google/cloud/storage/tests/signed_url_conformance_test.cc @@ -21,6 +21,7 @@ #include "google/cloud/internal/format_time_point.h" #include "google/cloud/internal/getenv.h" #include "google/cloud/internal/time_utils.h" +#include "google/cloud/internal/unified_rest_credentials.h" #include "google/cloud/terminate_handler.h" #include "google/cloud/testing_util/scoped_environment.h" #include "google/cloud/testing_util/status_matchers.h" @@ -87,13 +88,30 @@ class V4PostPolicyConformanceTest : public V4SignedUrlConformanceTest {}; TEST_P(V4SignedUrlConformanceTest, V4SignJson) { testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_EMULATOR_ENDPOINT", absl::nullopt); - auto creds = oauth2::CreateServiceAccountCredentialsFromJsonFilePath( - service_account_key_filename_); - ASSERT_STATUS_OK(creds); + auto credentials = + MakeServiceAccountCredentialsFromFile(service_account_key_filename_); + + // auto creds = oauth2::CreateServiceAccountCredentialsFromJsonFilePath( + // service_account_key_filename_); + // ASSERT_STATUS_OK(creds); + + // auto is = std::ifstream(service_account_key_filename_); + // // is.exceptions(std::ios::badbit); // Minimal error handling in examples + // auto contents = std::string(std::istreambuf_iterator(is.rdbuf()), + // {}); auto creds = MakeServiceAccountCredentials(contents); + auto sa_creds = rest_internal::MapCredentials(*credentials); + + // std::string account_email = (*creds)->AccountEmail(); + std::string account_email = sa_creds->AccountEmail(); + std::cout << __func__ << "*************************************" << std::endl; + std::cout << __func__ << ": account_email=" << account_email << std::endl; + std::cout << __func__ << "*************************************" << std::endl; + + // auto client = + // MakeIntegrationTestClient(Options{}.set(*creds)); + auto client = MakeIntegrationTestClient( + Options{}.set(credentials)); - std::string account_email = (*creds)->AccountEmail(); - auto client = - MakeIntegrationTestClient(Options{}.set(*creds)); std::string actual_canonical_request; std::string actual_string_to_sign; @@ -191,13 +209,28 @@ INSTANTIATE_TEST_SUITE_P( TEST_P(V4PostPolicyConformanceTest, V4PostPolicy) { testing_util::ScopedEnvironment endpoint("CLOUD_STORAGE_EMULATOR_ENDPOINT", absl::nullopt); - auto creds = oauth2::CreateServiceAccountCredentialsFromJsonFilePath( - service_account_key_filename_); - ASSERT_STATUS_OK(creds); - - std::string account_email = (*creds)->AccountEmail(); - auto client = - MakeIntegrationTestClient(Options{}.set(*creds)); + // auto creds = oauth2::CreateServiceAccountCredentialsFromJsonFilePath( + // service_account_key_filename_); + // ASSERT_STATUS_OK(creds); + std::cout << __func__ << ": service_account_key_filename_=" + << service_account_key_filename_ << std::endl; + auto credentials = + MakeServiceAccountCredentialsFromFile(service_account_key_filename_); + + // auto is = std::ifstream(service_account_key_filename_); + // // is.exceptions(std::ios::badbit); // Minimal error handling in examples + // auto contents = std::string(std::istreambuf_iterator(is.rdbuf()), + // {}); auto creds = MakeServiceAccountCredentials(contents); + auto sa_creds = rest_internal::MapCredentials(*credentials); + + // std::string account_email = (*creds)->AccountEmail(); + std::string account_email = sa_creds->AccountEmail(); + std::cout << __func__ << "*************************************" << std::endl; + std::cout << __func__ << ": account_email=" << account_email << std::endl; + std::cout << __func__ << "*************************************" << std::endl; + + auto client = MakeIntegrationTestClient( + Options{}.set(credentials)); auto const& test_params = (*post_policy_tests)[GetParam()]; auto const& input = test_params.policyinput(); @@ -277,6 +310,7 @@ TEST_P(V4PostPolicyConformanceTest, V4PostPolicy) { EXPECT_EQ(expected_signature, doc_res->signature); EXPECT_EQ((std::map(fields.begin(), fields.end())), doc_res->required_form_fields); + EXPECT_TRUE(false); } INSTANTIATE_TEST_SUITE_P( diff --git a/google/cloud/storage/tests/unified_credentials_integration_test.cc b/google/cloud/storage/tests/unified_credentials_integration_test.cc index 68e6edf086954..5967cae11e9e4 100644 --- a/google/cloud/storage/tests/unified_credentials_integration_test.cc +++ b/google/cloud/storage/tests/unified_credentials_integration_test.cc @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +#if 0 #include "google/cloud/storage/client.h" #include "google/cloud/storage/internal/unified_rest_credentials.h" #include "google/cloud/storage/testing/storage_integration_test.h" @@ -527,3 +527,4 @@ GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END } // namespace storage } // namespace cloud } // namespace google +#endif