chore: disable universe domain check for MDS (#575)

googleapis · Aug 5, 2024 · a47a469 · a47a469
1 parent 28aa3e9
commit a47a469
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/src/CredentialsWrapper.php b/src/CredentialsWrapper.php
@@ -42,6 +42,7 @@
 use Google\Auth\FetchAuthTokenInterface;
 use Google\Auth\GetQuotaProjectInterface;
 use Google\Auth\GetUniverseDomainInterface;
+use Google\Auth\Credentials\GCECredentials;
 use Google\Auth\HttpHandler\Guzzle6HttpHandler;
 use Google\Auth\HttpHandler\Guzzle7HttpHandler;
 use Google\Auth\HttpHandler\HttpHandlerFactory;
@@ -273,7 +274,7 @@ public function getAuthorizationHeaderCallback($audience = null)
      */
     public function checkUniverseDomain()
     {
-        if (false === $this->hasCheckedUniverse) {
+        if (false === $this->hasCheckedUniverse && $this->shouldCheckUniverseDomain()) {
             $credentialsUniverse = $this->credentialsFetcher instanceof GetUniverseDomainInterface
                 ? $this->credentialsFetcher->getUniverseDomain()
                 : GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN;
@@ -288,6 +289,24 @@ public function checkUniverseDomain()
         }
     }
 
+    /**
+     * Skip universe domain check for Metadata server (e.g. GCE) credentials.
+     *
+     * @return bool
+     */
+    private function shouldCheckUniverseDomain(): bool
+    {
+        $fetcher = $this->credentialsFetcher instanceof FetchAuthTokenCache
+            ? $this->credentialsFetcher->getFetcher()
+            : $this->credentialsFetcher;
+
+        if ($fetcher instanceof GCECredentials) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * @param array $scopes
      * @param callable $authHttpHandler

diff --git a/tests/Tests/Unit/CredentialsWrapperTest.php b/tests/Tests/Unit/CredentialsWrapperTest.php
@@ -303,6 +303,19 @@ public function provideCheckUniverseDomainPasses()
         ];
     }
 
+    public function testCheckUniverseDomainOnGceCredentialsDoesNotCheck()
+    {
+        $fetcher = $this->prophesize(GCECredentials::class);
+        $fetcher->getUniverseDomain()->shouldNotBeCalled();
+        $credentialsWrapper = new CredentialsWrapper(
+            $fetcher->reveal(),
+            null,
+            'some-random-universe-domain'
+        );
+
+        $credentialsWrapper->checkUniverseDomain();
+    }
+
     /**
      * @dataProvider getBearerStringData
      */