diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConstantCredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConstantCredentialFactory.java index f3ed1e5b..1fdb7646 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConstantCredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConstantCredentialFactory.java @@ -18,13 +18,18 @@ import com.google.api.gax.core.FixedCredentialsProvider; import com.google.auth.oauth2.GoogleCredentials; +import java.util.Arrays; class ConstantCredentialFactory implements CredentialFactory { private final GoogleCredentials credentials; public ConstantCredentialFactory(GoogleCredentials credentials) { - this.credentials = credentials; + if (credentials.createScopedRequired()) { + this.credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM)); + } else { + this.credentials = credentials; + } } @Override diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/CredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/CredentialFactory.java index cd8712e0..96e07486 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/CredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/CredentialFactory.java @@ -20,6 +20,8 @@ import com.google.auth.oauth2.GoogleCredentials; interface CredentialFactory { + static final String SCOPE_CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform"; + default FixedCredentialsProvider create() { return FixedCredentialsProvider.create(getCredentials()); } diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/DefaultCredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/DefaultCredentialFactory.java index dd382cbe..e8f1274f 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/DefaultCredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/DefaultCredentialFactory.java @@ -18,14 +18,22 @@ import com.google.auth.oauth2.GoogleCredentials; import java.io.IOException; +import java.util.Arrays; class DefaultCredentialFactory implements CredentialFactory { @Override public GoogleCredentials getCredentials() { + GoogleCredentials credentials; try { - return GoogleCredentials.getApplicationDefault(); + credentials = GoogleCredentials.getApplicationDefault(); } catch (IOException e) { throw new RuntimeException("failed to retrieve OAuth2 access token", e); } + + if (credentials.createScopedRequired()) { + credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM)); + } + + return credentials; } } diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/FileCredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/FileCredentialFactory.java index 70554053..c79af49a 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/FileCredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/FileCredentialFactory.java @@ -19,6 +19,7 @@ import com.google.auth.oauth2.GoogleCredentials; import java.io.FileInputStream; import java.io.IOException; +import java.util.Arrays; class FileCredentialFactory implements CredentialFactory { private final String path; @@ -29,10 +30,17 @@ class FileCredentialFactory implements CredentialFactory { @Override public GoogleCredentials getCredentials() { + GoogleCredentials credentials; try { - return GoogleCredentials.fromStream(new FileInputStream(path)); + credentials = GoogleCredentials.fromStream(new FileInputStream(path)); } catch (IOException e) { throw new IllegalStateException("Unable to load GoogleCredentials from file " + path, e); } + + if (credentials.createScopedRequired()) { + credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM)); + } + + return credentials; } } diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ServiceAccountImpersonatingCredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ServiceAccountImpersonatingCredentialFactory.java index 802e8b9b..5a92612b 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ServiceAccountImpersonatingCredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ServiceAccountImpersonatingCredentialFactory.java @@ -38,8 +38,6 @@ */ class ServiceAccountImpersonatingCredentialFactory implements CredentialFactory { - private static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform"; - private static final String ALLOYDB_LOGIN = "https://www.googleapis.com/auth/alloydb.login"; private final CredentialFactory source; private final List delegates; private final String targetPrincipal; @@ -70,7 +68,7 @@ public GoogleCredentials getCredentials() { .setSourceCredentials(credentials) .setTargetPrincipal(targetPrincipal) .setDelegates(this.delegates) - .setScopes(Arrays.asList(ALLOYDB_LOGIN, CLOUD_PLATFORM)) + .setScopes(Arrays.asList(SCOPE_CLOUD_PLATFORM)) .build(); return credentials; } diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/SupplierCredentialFactory.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/SupplierCredentialFactory.java index 04b5ab80..a001a756 100644 --- a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/SupplierCredentialFactory.java +++ b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/SupplierCredentialFactory.java @@ -17,6 +17,7 @@ package com.google.cloud.alloydb; import com.google.auth.oauth2.GoogleCredentials; +import java.util.Arrays; import java.util.function.Supplier; class SupplierCredentialFactory implements CredentialFactory { @@ -29,6 +30,12 @@ public SupplierCredentialFactory(Supplier supplier) { @Override public GoogleCredentials getCredentials() { - return supplier.get(); + GoogleCredentials credentials = supplier.get(); + + if (credentials.createScopedRequired()) { + credentials = credentials.createScoped(Arrays.asList(SCOPE_CLOUD_PLATFORM)); + } + + return credentials; } }