fix: don't set keyFile when credentialsFetcher is given (#8657)

Author: jeromegamez

Core/src/ClientTrait.php

@@ -19,6 +19,8 @@
 
 use Google\Auth\Credentials\GCECredentials;
 use Google\Auth\CredentialsLoader;
+use Google\Auth\FetchAuthTokenInterface;
+use Google\Auth\ProjectIdProviderInterface;
 use Google\Cloud\Core\Compute\Metadata;
 use Google\Cloud\Core\Exception\GoogleException;
 
@@ -93,7 +95,12 @@ private function getGrpcInstallationMessage()
      */
     private function configureAuthentication(array $config)
     {
-        $config['keyFile'] = $this->getKeyFile($config);
+        $credentialsFetcher = $config['credentialsFetcher'] ?? null;
+
+        if (!($credentialsFetcher instanceof FetchAuthTokenInterface)) {
+            $config['keyFile'] = $this->getKeyFile($config);
+        }
+
         $this->projectId = $this->detectProjectId($config);
 
         return $config;
@@ -170,6 +177,7 @@ private function getKeyFile(array $config = [])
     private function detectProjectId(array $config)
     {
         $config += [
+            'credentialsFetcher' => null,
             'httpHandler' => null,
             'projectId' => null,
             'projectIdRequired' => false,
@@ -186,6 +194,10 @@ private function detectProjectId(array $config)
             return 'emulator-project';
         }
 
+        if ($config['credentialsFetcher'] instanceof ProjectIdProviderInterface) {
+            return $config['credentialsFetcher']->getProjectId();
+        }
+
         if (isset($config['keyFile'])) {
             if (isset($config['keyFile']['project_id'])) {
                 return $config['keyFile']['project_id'];

Core/tests/Unit/ClientTraitTest.php

@@ -18,6 +18,7 @@
 namespace Google\Cloud\Core\Tests\Unit;
 
 use Exception;
+use Google\Auth\Credentials\ServiceAccountCredentials;
 use Google\Cloud\Core\ClientTrait;
 use Google\Cloud\Core\Compute\Metadata;
 use Google\Cloud\Core\Exception\GoogleException;
@@ -165,6 +166,28 @@ public function testConfigureAuthenticationWithKeyFilePath()
         $this->assertEquals('example_project', $this->impl->___getProperty('projectId'));
     }
 
+    public function testIgnoreKeyFileWhenUsingCredentialsFetcher()
+    {
+        $credentials = new ServiceAccountCredentials([], Fixtures::SERVICE_ACCOUNT_FIXTURE());
+
+        $conf = $this->impl->call('configureAuthentication', [[
+            'credentialsFetcher' => $credentials,
+        ]]);
+
+        $this->assertArrayNotHasKey('keyFile', $conf);
+    }
+
+    public function testGetProjectIdFromCredentialsFetcher()
+    {
+        $credentials = new ServiceAccountCredentials([], Fixtures::SERVICE_ACCOUNT_FIXTURE());
+
+        $this->impl->call('configureAuthentication', [[
+            'credentialsFetcher' => $credentials,
+        ]]);
+
+        $this->assertEquals('example-project-12345', $this->impl->___getProperty('projectId'));
+    }
+
     public function testConfigureAuthenticationWithInvalidKeyFilePath()
     {
         $this->expectException(GoogleException::class);

Core/tests/Unit/Fixtures.php

@@ -25,6 +25,11 @@ public static function JSON_KEY_FIXTURE()
         return __DIR__ . '/fixtures/json-key-fixture.json';
     }
 
+    public static function SERVICE_ACCOUNT_FIXTURE()
+    {
+        return __DIR__ . '/fixtures/service-account-fixture.json';
+    }
+
     public static function SERVICE_FIXTURE()
     {
         return __DIR__ . '/fixtures/service-fixture.json';

Core/tests/Unit/fixtures/service-account-fixture.json

@@ -0,0 +1,12 @@
+{
+  "type": "service_account",
+  "project_id": "example-project-12345",
+  "private_key_id": "1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4ziPSL1C/RTMN\nEUen4AyKlQf/W/X4XOtdOP0kBtrhwvFnCdWIc1mb4UjTE/vCCI94VHnDaktuQoFx\nQbMV3USDKYLtIf0wfEtBkucDBZLBDdBAhNCC5aWZWLAXJKw1lPofe8W5088WWjVs\n8Wl4Q6YooZeEYt1DNMnIqEAes4ftBW4V0WUf26YVye9z2p8R7tsI51Z0x0O3fb33\n4oqxmlyP2L/qeyjofFFFNHn25sbENUgO/2r5/qbIWZvlSK3UeHrBbfC3yBuq2wp+\nhHTVwKAgXVt0W5sJ9nw9tVvzoo1NjtSz/Suw83/0/lp1WnY6/qdnXSNXnAqKeP5Y\nMXZS7pM1AgMBAAECggEAL/dBEOK7AIoDcBbWFFpwpt97jenec7IaXL3X5ivpT8N7\nSJUi2SGnVnAoqLB9HaV/J2o1mGTUYy/bzPuScdBWYfy6QLYbsyPvnHt2fjBKINVn\nAff27qKQUrbULY2VLOsX6GgFr++rxk9vonEeQNq+G7mlS/UlHLZs0SnqSo2qb/gR\n1d7Q8lSa3U/5lEQkm7sSUmTUBSkFGSO1I9/1/TjbZ7RTirl3HHNlvdRsu0CiesRx\nPt0utn028cvkJYB0DvDNDqoRIfI6rgf1UPu4UtvFBiubv+eAr8qWc2+Abv0Gobow\nh9SsEJGgBUhiE/lvkilUBeHINUEdwmz/vpCKU15PmQKBgQDiH7HCQbDoZP9FTAOw\nF0gNttFyl/jfr/VR4gB00dPBa2s+SCcTakzw6US57ozQ5CsDpLYEzRvvPYm0z+zh\nuKKxvQsvVwVbyZFDXRn/fMit8eWt4A3yDeMd7Gn/PaiAnMRoOTeY8XgjB74ES9bR\nNDjTIvxbr1rmrb+APBr2B8/IbwKBgQDROOfRkNEdj2Xv1Vb+36/UyyFSY8I5+jdy\n/BIoN5/ywTju4Y2jNGcHPq1H8E+j5FSdKQYKtODURcASKmOwqq0uMOqwlP5l7/9Z\nu7FLQlT8mNTHQwt2IFtk2VEVRrxKSzidoennyq8JJRxYvtE4Ehte1DqFgxdYmqyE\nWNNGSs9ImwKBgQCgn3TskS8yFTQDLHjeJ9uF6lwjM3KUqm/vZ0N9t+LcXQqD5krj\njrny0zB/hsU+SSWI5AJrrKrwKV1dM+mHeVkQOkHssbrbtXXbTRH/mssOTGsjNKmT\nTGwNQHcW2NyN503Y3vPwT25QK9q9QIXqe1b2G774/bnrbHZAh/F63JerPwKBgD59\n58gRoFRa+5CaQWTZfVRq4+YPA/l7Qkqm/eljS/QfQJkhZ8PiqA9i6jD9l1wVnCxh\nD3vtMOZWexsx7Brdr+KHG+JobmAWQkgUJs2a33WfVJa78NV0rre9rVlUinMKaruy\nnAHu6T8rBX+AZ09/IQu/CkfMsxF1CahyO5DYUXeXAoGASocxulMRKaa3NbcsDl0t\nRK89ZgBxii6SgwvARpODTmsnGex5pNI6XVNCPcevyAhuWpoXPeEeg9Qj3FpyGTtz\nZUfKfFtFAAb3TU2C5PF0mTn+4vEL55YBXD4tfeimXzMhg/t2d6FP38g7wN2ejJPr\nBbFaAE9VZFi2OcxtIysoxek=\n-----END PRIVATE KEY-----\n",
+  "client_email": "test-service-account@example-project-12345.iam.gserviceaccount.com",
+  "client_id": "123456789012345678901",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test-service-account%40example-project-12345.iam.gserviceaccount.com"
+}