Skip to content

Commit

Permalink
Add support for signUrl when default credentials are used
Browse files Browse the repository at this point in the history
- Add a method to convert ApplicationDefaultCredentials to ServiceAccountAuthCredentials
- Add type check and conversion to Storage.signUrl
  • Loading branch information
mziccard committed Nov 17, 2015
1 parent 4106fc6 commit 9e273b4
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.ServiceAccountCredentials;

import java.io.IOException;
import java.io.InputStream;
Expand Down Expand Up @@ -212,7 +213,7 @@ public RestorableState<AuthCredentials> capture() {
}
}

private static class ApplicationDefaultAuthCredentials extends AuthCredentials {
public static class ApplicationDefaultAuthCredentials extends AuthCredentials {

private GoogleCredentials googleCredentials;

Expand Down Expand Up @@ -255,6 +256,15 @@ protected HttpRequestInitializer httpRequestInitializer(HttpTransport transport,
return new HttpCredentialsAdapter(googleCredentials.createScoped(scopes));
}

public ServiceAccountAuthCredentials toServiceAccountCredentials() {
if (googleCredentials instanceof ServiceAccountCredentials) {
ServiceAccountCredentials credentials = (ServiceAccountCredentials) googleCredentials;
return new ServiceAccountAuthCredentials(credentials.getClientEmail(),
credentials.getPrivateKey());
}
return null;
}

@Override
public RestorableState<AuthCredentials> capture() {
return STATE;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import com.google.common.primitives.Ints;
import com.google.gcloud.AuthCredentials;
import com.google.gcloud.AuthCredentials.ApplicationDefaultAuthCredentials;
import com.google.gcloud.AuthCredentials.ServiceAccountAuthCredentials;
import com.google.gcloud.PageImpl;
import com.google.gcloud.BaseService;
Expand Down Expand Up @@ -584,9 +586,15 @@ public URL signUrl(BlobInfo blobInfo, long duration, TimeUnit unit, SignUrlOptio
ServiceAccountAuthCredentials cred =
(ServiceAccountAuthCredentials) optionMap.get(SignUrlOption.Option.SERVICE_ACCOUNT_CRED);
if (cred == null) {
checkArgument(options().authCredentials() instanceof ServiceAccountAuthCredentials,
"Signing key was not provided and could not be derived");
cred = (ServiceAccountAuthCredentials) this.options().authCredentials();
AuthCredentials serviceCred = this.options().authCredentials();
if (serviceCred instanceof ServiceAccountAuthCredentials) {
cred = (ServiceAccountAuthCredentials) serviceCred;
} else {
if (serviceCred instanceof ApplicationDefaultAuthCredentials) {
cred = ((ApplicationDefaultAuthCredentials) serviceCred).toServiceAccountCredentials();
}
}
checkArgument(cred != null, "Signing key was not provided and could not be derived");
}
// construct signature - see https://cloud.google.com/storage/docs/access-control#Signed-URLs
StringBuilder stBuilder = new StringBuilder();
Expand Down

0 comments on commit 9e273b4

Please sign in to comment.