diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69a5f3322..e2fd82aab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
# Changelog
+### [0.25.2](https://www.github.com/googleapis/google-auth-library-java/compare/v0.25.1...v0.25.2) (2021-03-18)
+
+
+### Bug Fixes
+
+* follow up fix service account credentials createScopedRequired ([#605](https://www.github.com/googleapis/google-auth-library-java/issues/605)) ([7ddac43](https://www.github.com/googleapis/google-auth-library-java/commit/7ddac43c418bb8b0cc3fd8d4f9d8752ad65bd842))
+* support AWS_DEFAULT_REGION env var ([#599](https://www.github.com/googleapis/google-auth-library-java/issues/599)) ([3d066ee](https://www.github.com/googleapis/google-auth-library-java/commit/3d066ee4755c20e2bd44b234dff71df1c4815aec))
+
### [0.25.1](https://www.github.com/googleapis/google-auth-library-java/compare/v0.25.0...v0.25.1) (2021-03-18)
diff --git a/README.md b/README.md
index 1ed73ece9..263ec5847 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ If you are using Maven, add this to your pom.xml file (notice that you can repla
com.google.auth
google-auth-library-oauth2-http
- 0.25.1
+ 0.25.2
```
[//]: # ({x-version-update-end})
@@ -42,7 +42,7 @@ If you are using Gradle, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Groovy
-compile 'com.google.auth:google-auth-library-oauth2-http:0.25.1'
+compile 'com.google.auth:google-auth-library-oauth2-http:0.25.2'
```
[//]: # ({x-version-update-end})
@@ -50,7 +50,7 @@ If you are using SBT, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Scala
-libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "0.25.1"
+libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "0.25.2"
```
[//]: # ({x-version-update-end})
diff --git a/appengine/pom.xml b/appengine/pom.xml
index a94c4136d..3033f216d 100644
--- a/appengine/pom.xml
+++ b/appengine/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 0.25.1
+ 0.25.2
../pom.xml
diff --git a/bom/pom.xml b/bom/pom.xml
index d0fc50ab9..f60d0fdf1 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-bom
- 0.25.1
+ 0.25.2
pom
Google Auth Library for Java BOM
diff --git a/credentials/pom.xml b/credentials/pom.xml
index 16cc45664..1733011f0 100644
--- a/credentials/pom.xml
+++ b/credentials/pom.xml
@@ -4,7 +4,7 @@
com.google.auth
google-auth-library-parent
- 0.25.1
+ 0.25.2
../pom.xml
diff --git a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
index f96cf096a..4f00517bc 100644
--- a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
@@ -243,13 +243,19 @@ private String buildSubjectToken(AwsRequestSignature signature)
return URLEncoder.encode(token.toString(), "UTF-8");
}
- private String getAwsRegion() throws IOException {
+ @VisibleForTesting
+ String getAwsRegion() throws IOException {
// For AWS Lambda, the region is retrieved through the AWS_REGION environment variable.
String region = getEnvironmentProvider().getEnv("AWS_REGION");
if (region != null) {
return region;
}
+ String defaultRegion = getEnvironmentProvider().getEnv("AWS_DEFAULT_REGION");
+ if (defaultRegion != null) {
+ return defaultRegion;
+ }
+
if (awsCredentialSource.regionUrl == null || awsCredentialSource.regionUrl.isEmpty()) {
throw new IOException(
"Unable to determine the AWS region. The credential source does not contain the region URL.");
diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
index 741a4b27d..c0b3cab98 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
@@ -564,7 +564,7 @@ public static ServiceAccountCredentials fromStream(
/** Returns whether the scopes are empty, meaning createScoped must be called before use. */
@Override
public boolean createScopedRequired() {
- return scopes.isEmpty();
+ return scopes.isEmpty() && defaultScopes.isEmpty();
}
/**
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
index 7537c3098..1721fc5c1 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
@@ -345,6 +345,73 @@ public void getAwsSecurityCredentials_fromMetadataServer_noUrlProvided() {
}
}
+ @Test
+ public void getAwsRegion_awsRegionEnvironmentVariable() throws IOException {
+ TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider();
+ environmentProvider.setEnv("AWS_REGION", "region");
+ environmentProvider.setEnv("AWS_DEFAULT_REGION", "defaultRegion");
+
+ MockExternalAccountCredentialsTransportFactory transportFactory =
+ new MockExternalAccountCredentialsTransportFactory();
+ AwsCredentials awsCredentials =
+ (AwsCredentials)
+ AwsCredentials.newBuilder(AWS_CREDENTIAL)
+ .setHttpTransportFactory(transportFactory)
+ .setCredentialSource(buildAwsCredentialSource(transportFactory))
+ .setEnvironmentProvider(environmentProvider)
+ .build();
+
+ String region = awsCredentials.getAwsRegion();
+
+ // Should attempt to retrieve the region from AWS_REGION env var first.
+ // Metadata server would return us-east-1b.
+ assertEquals("region", region);
+ }
+
+ @Test
+ public void getAwsRegion_awsDefaultRegionEnvironmentVariable() throws IOException {
+ TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider();
+ environmentProvider.setEnv("AWS_DEFAULT_REGION", "defaultRegion");
+
+ MockExternalAccountCredentialsTransportFactory transportFactory =
+ new MockExternalAccountCredentialsTransportFactory();
+ AwsCredentials awsCredentials =
+ (AwsCredentials)
+ AwsCredentials.newBuilder(AWS_CREDENTIAL)
+ .setHttpTransportFactory(transportFactory)
+ .setCredentialSource(buildAwsCredentialSource(transportFactory))
+ .setEnvironmentProvider(environmentProvider)
+ .build();
+
+ String region = awsCredentials.getAwsRegion();
+
+ // Should attempt to retrieve the region from DEFAULT_AWS_REGION before calling the metadata
+ // server. Metadata server would return us-east-1b.
+ assertEquals("defaultRegion", region);
+ }
+
+ @Test
+ public void getAwsRegion_metadataServer() throws IOException {
+ MockExternalAccountCredentialsTransportFactory transportFactory =
+ new MockExternalAccountCredentialsTransportFactory();
+ AwsCredentials awsCredentials =
+ (AwsCredentials)
+ AwsCredentials.newBuilder(AWS_CREDENTIAL)
+ .setHttpTransportFactory(transportFactory)
+ .setCredentialSource(buildAwsCredentialSource(transportFactory))
+ .build();
+
+ String region = awsCredentials.getAwsRegion();
+
+ // Should retrieve the region from the Metadata server.
+ String expectedRegion =
+ transportFactory
+ .transport
+ .getAwsRegion()
+ .substring(0, transportFactory.transport.getAwsRegion().length() - 1);
+ assertEquals(expectedRegion, region);
+ }
+
@Test
public void createdScoped_clonedCredentialWithAddedScopes() {
AwsCredentials credentials =
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
index fc7e0cdb9..49e2b88be 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java
@@ -74,6 +74,7 @@ public class MockExternalAccountCredentialsTransport extends MockHttpTransport {
private static final String TOKEN_TYPE = "Bearer";
private static final String ACCESS_TOKEN = "accessToken";
private static final String SERVICE_ACCOUNT_ACCESS_TOKEN = "serviceAccountAccessToken";
+ private static final String AWS_REGION = "us-east-1b";
private static final Long EXPIRES_IN = 3600L;
private static final JsonFactory JSON_FACTORY = new GsonFactory();
@@ -120,7 +121,7 @@ public LowLevelHttpResponse execute() throws IOException {
if (AWS_REGION_URL.equals(url)) {
return new MockLowLevelHttpResponse()
.setContentType("text/html")
- .setContent("us-east-1b");
+ .setContent(AWS_REGION);
}
if (AWS_CREDENTIALS_URL.equals(url)) {
return new MockLowLevelHttpResponse()
@@ -245,6 +246,10 @@ public String getAwsRegionUrl() {
return AWS_REGION_URL;
}
+ public String getAwsRegion() {
+ return AWS_REGION;
+ }
+
public String getStsUrl() {
return STS_URL;
}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
index 604f68c60..e75a70257 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
@@ -488,7 +488,7 @@ public void createScopedRequired_emptyScopes() throws IOException {
}
@Test
- public void createScopedRequired_nonEmptyScopes_false() throws IOException {
+ public void createScopedRequired_nonEmptyScopes() throws IOException {
GoogleCredentials credentials =
ServiceAccountCredentials.fromPkcs8(
CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, SCOPES);
@@ -496,6 +496,15 @@ public void createScopedRequired_nonEmptyScopes_false() throws IOException {
assertFalse(credentials.createScopedRequired());
}
+ @Test
+ public void createScopedRequired_nonEmptyDefaultScopes() throws IOException {
+ GoogleCredentials credentials =
+ ServiceAccountCredentials.fromPkcs8(
+ CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, null, SCOPES);
+
+ assertFalse(credentials.createScopedRequired());
+ }
+
@Test
public void fromJSON_getProjectId() throws IOException {
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml
index 8e3fa8ff2..d345b1dbe 100644
--- a/oauth2_http/pom.xml
+++ b/oauth2_http/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 0.25.1
+ 0.25.2
../pom.xml
diff --git a/pom.xml b/pom.xml
index 6b48cf952..b5ce64e3d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-parent
- 0.25.1
+ 0.25.2
pom
Google Auth Library for Java
Client libraries providing authentication and
diff --git a/versions.txt b/versions.txt
index fcb8e9d22..52f18bfa0 100644
--- a/versions.txt
+++ b/versions.txt
@@ -1,9 +1,9 @@
# Format:
# module:released-version:current-version
-google-auth-library:0.25.1:0.25.1
-google-auth-library-bom:0.25.1:0.25.1
-google-auth-library-parent:0.25.1:0.25.1
-google-auth-library-appengine:0.25.1:0.25.1
-google-auth-library-credentials:0.25.1:0.25.1
-google-auth-library-oauth2-http:0.25.1:0.25.1
+google-auth-library:0.25.2:0.25.2
+google-auth-library-bom:0.25.2:0.25.2
+google-auth-library-parent:0.25.2:0.25.2
+google-auth-library-appengine:0.25.2:0.25.2
+google-auth-library-credentials:0.25.2:0.25.2
+google-auth-library-oauth2-http:0.25.2:0.25.2