Skip to content

Commit

Permalink
remove universe domain support in GCECredentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@bshaffer
bshaffer committed Sep 20, 2023
1 parent 569c4fe commit 1d3ec01
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 145 deletions.
50 changes: 0 additions & 50 deletions src/Credentials/GCECredentials.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,56 +526,6 @@ public function getProjectId(callable $httpHandler = null)
return $this->projectId;
}

/**
* Fetch the default universe domain from the metadata server.
*
* Returns null if called outside GCE.
*
* @param callable $httpHandler Callback which delivers psr7 request
* @return string
*/
public function getUniverseDomain(callable $httpHandler = null): string
{
if ($this->universeDomain) {
return $this->universeDomain;
}

$httpHandler = $httpHandler
?: HttpHandlerFactory::build(HttpClientCache::getHttpClient());

if (!$this->hasCheckedOnGce) {
$this->isOnGce = self::onGce($httpHandler);
$this->hasCheckedOnGce = true;
}

if (!$this->isOnGce) {
return self::DEFAULT_UNIVERSE_DOMAIN;
}

try {
$this->universeDomain = $this->getFromMetadata(
$httpHandler,
self::getUniverseDomainUri()
);
} catch (ClientException $e) {
// If the metadata server exists, but returns a 404 for the universe domain, the auth
// libraries should safely assume this is an older metadata server running in GCU, and
// should return the default universe domain.
if (!$e->hasResponse() || 404 != $e->getResponse()->getStatusCode()) {
throw $e;
}
$this->universeDomain = self::DEFAULT_UNIVERSE_DOMAIN;
}

// We expect in some cases the metadata server will return an empty string for the universe
// domain. In this case, the auth library MUST return the default universe domain.
if ('' === $this->universeDomain) {
$this->universeDomain = self::DEFAULT_UNIVERSE_DOMAIN;
}

return $this->universeDomain;
}

/**
* Fetch the value of a GCE metadata server URI.
*
Expand Down
40 changes: 0 additions & 40 deletions tests/ApplicationDefaultCredentialsTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -828,44 +828,4 @@ public function testUniverseDomainInKeyFile()
);
$this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds3->getUniverseDomain());
}

/** @runInSeparateProcess */
public function testUniverseDomainInGceCredentials()
{
putenv('HOME');

$expectedUniverseDomain = 'example-universe.com';
$creds = ApplicationDefaultCredentials::getCredentials(
null, // $scope
$httpHandler = getHandler([
new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']),
new Response(200, [], Utils::streamFor($expectedUniverseDomain)),
]) // $httpHandler
);
$this->assertEquals('example-universe.com', $creds->getUniverseDomain($httpHandler));

// test passing in a different universe domain overrides metadata server
$creds2 = ApplicationDefaultCredentials::getCredentials(
null, // $scope
$httpHandler = getHandler([
new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']),
]), // $httpHandler
null, // $cacheConfig
null, // $cache
null, // $quotaProject
null, // $defaultScope
'example-universe2.com' // $universeDomain
);
$this->assertEquals('example-universe2.com', $creds2->getUniverseDomain($httpHandler));

// test error response returns default universe domain
$creds2 = ApplicationDefaultCredentials::getCredentials(
null, // $scope
$httpHandler = getHandler([
new Response(200, [GCECredentials::FLAVOR_HEADER => 'Google']),
new Response(404),
]), // $httpHandler
);
$this->assertEquals(CredentialsLoader::DEFAULT_UNIVERSE_DOMAIN, $creds2->getUniverseDomain($httpHandler));
}
}
57 changes: 2 additions & 55 deletions tests/Credentials/GCECredentialsTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,60 +517,7 @@ public function testGetUniverseDomain()
{
$creds = new GCECredentials();

// If we are not on GCE, this should return the default
$creds->setIsOnGce(false);
$this->assertEquals(
GCECredentials::DEFAULT_UNIVERSE_DOMAIN,
$creds->getUniverseDomain()
);

// Pretend we are on GCE and mock the http handler.
$expected = 'example-universe.com';
$timesCalled = 0;
$httpHandler = function ($request) use (&$timesCalled, $expected) {
$timesCalled++;
$this->assertEquals(
'/computeMetadata/v1/universe/universe_domain',
$request->getUri()->getPath()
);
$this->assertEquals(1, $timesCalled, 'should only be called once');
return new Psr7\Response(200, [], Utils::streamFor($expected));
};

$creds->setIsOnGce(true);

// Assert correct universe domain.
$this->assertEquals($expected, $creds->getUniverseDomain($httpHandler));

// Assert the result is cached for subsequent calls.
$this->assertEquals($expected, $creds->getUniverseDomain($httpHandler));
}

public function testGetUniverseDomainEmptyStringReturnsDefault()
{
$creds = new GCECredentials();
$creds->setIsOnGce(true);

// Pretend we are on GCE and mock the MDS returning an empty string for the universe domain.
$httpHandler = function ($request) {
$this->assertEquals(
'/computeMetadata/v1/universe/universe_domain',
$request->getUri()->getPath()
);
return new Psr7\Response(200, [], Utils::streamFor(''));
};

// Assert the default universe domain is returned instead of the empty string.
$this->assertEquals(
GCECredentials::DEFAULT_UNIVERSE_DOMAIN,
$creds->getUniverseDomain($httpHandler)
);
}

public function testExplicitUniverseDomain()
{
$expected = 'example-universe.com';
$creds = new GCECredentials(null, null, null, null, null, $expected);
$this->assertEquals($expected, $creds->getUniverseDomain());
// Universe domain should always be the default
$this->assertEquals(GCECredentials::DEFAULT_UNIVERSE_DOMAIN, $creds->getUniverseDomain());
}
}

0 comments on commit 1d3ec01

Please sign in to comment.