diff --git a/src/Credentials/ExternalAccountCredentials.php b/src/Credentials/ExternalAccountCredentials.php index b2716bfaa..d108737bc 100644 --- a/src/Credentials/ExternalAccountCredentials.php +++ b/src/Credentials/ExternalAccountCredentials.php @@ -23,6 +23,7 @@ use Google\Auth\ExternalAccountCredentialSourceInterface; use Google\Auth\FetchAuthTokenInterface; use Google\Auth\GetQuotaProjectInterface; +use Google\Auth\GetUniverseDomainInterface; use Google\Auth\HttpHandler\HttpClientCache; use Google\Auth\HttpHandler\HttpHandlerFactory; use Google\Auth\OAuth2; @@ -31,7 +32,11 @@ use GuzzleHttp\Psr7\Request; use InvalidArgumentException; -class ExternalAccountCredentials implements FetchAuthTokenInterface, UpdateMetadataInterface, GetQuotaProjectInterface +class ExternalAccountCredentials implements + FetchAuthTokenInterface, + UpdateMetadataInterface, + GetQuotaProjectInterface, + GetUniverseDomainInterface { use UpdateMetadataTrait; @@ -40,6 +45,7 @@ class ExternalAccountCredentials implements FetchAuthTokenInterface, UpdateMetad private OAuth2 $auth; private ?string $quotaProject; private ?string $serviceAccountImpersonationUrl; + private string $universeDomain; /** * @param string|string[] $scope The scope of the access request, expressed either as an array @@ -90,6 +96,7 @@ public function __construct( } $this->quotaProject = $jsonKey['quota_project_id'] ?? null; + $this->universeDomain = $jsonKey['universe_domain'] ?? GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN; $this->auth = new OAuth2([ 'tokenCredentialUri' => $jsonKey['token_url'], @@ -238,4 +245,14 @@ public function getQuotaProject() { return $this->quotaProject; } + + /** + * Get the universe domain used for this API request + * + * @return string + */ + public function getUniverseDomain(): string + { + return $this->universeDomain; + } } diff --git a/tests/Credentials/ExternalAccountCredentialsTest.php b/tests/Credentials/ExternalAccountCredentialsTest.php index 39fe46045..81ac8c3d0 100644 --- a/tests/Credentials/ExternalAccountCredentialsTest.php +++ b/tests/Credentials/ExternalAccountCredentialsTest.php @@ -21,6 +21,7 @@ use Google\Auth\CredentialSource\AwsNativeSource; use Google\Auth\CredentialSource\FileSource; use Google\Auth\CredentialSource\UrlSource; +use Google\Auth\GetUniverseDomainInterface; use Google\Auth\OAuth2; use InvalidArgumentException; use PHPUnit\Framework\TestCase; @@ -337,4 +338,35 @@ public function testGetQuotaProject() $creds = new ExternalAccountCredentials('a-scope', $jsonCreds); $this->assertEquals('test_quota_project', $creds->getQuotaProject()); } + + public function testGetUniverseDomain() + { + // no universe domain is the default "googleapis.com" + $jsonCreds = [ + 'type' => 'external_account', + 'token_url' => 'token-url.com', + 'audience' => '', + 'subject_token_type' => '', + 'credential_source' => ['url' => 'sts-url.com'], + ]; + $creds = new ExternalAccountCredentials('a-scope', $jsonCreds); + $this->assertEquals( + GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN, + $creds->getUniverseDomain() + ); + + // universe domain in credentials is used if supplied + $universeDomain = 'example-universe.com'; + $jsonCreds = [ + 'type' => 'external_account', + 'token_url' => 'token-url.com', + 'audience' => '', + 'subject_token_type' => '', + 'credential_source' => ['url' => 'sts-url.com'], + 'universe_domain' => $universeDomain, + ]; + + $creds = new ExternalAccountCredentials('a-scope', $jsonCreds); + $this->assertEquals($universeDomain, $creds->getUniverseDomain()); + } }