From 773f1d315dea93e262f8916cab9db080f548bda4 Mon Sep 17 00:00:00 2001 From: Neenu1995 Date: Fri, 17 Apr 2026 15:43:43 -0400 Subject: [PATCH 1/4] Add Google Drive readonly scope to all auth mechanisms --- .../jdbc/BigQueryJdbcOAuthUtility.java | 133 +++++++++++++----- 1 file changed, 94 insertions(+), 39 deletions(-) diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java index f7be358dde18..6fdf8a8ade51 100644 --- a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java +++ b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java @@ -117,6 +117,17 @@ static Map parseOAuthProperties(DataSource ds, String callerClas throw new IllegalArgumentException(OAUTH_TYPE_ERROR_MESSAGE); } oauthProperties.put(BigQueryJdbcUrlUtility.OAUTH_TYPE_PROPERTY_NAME, String.valueOf(authType)); + + Integer reqGoogleDriveScope = ds.getRequestGoogleDriveScope(); + if( reqGoogleDriveScope != null){ + Boolean reqGoogleDriveScopeBool = BigQueryJdbcUrlUtility.convertIntToBoolean(String.valueOf(reqGoogleDriveScope), BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME); + oauthProperties.put( + BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME, + String.valueOf(reqGoogleDriveScopeBool)); + LOG.fine("RequestGoogleDriveScope parsed."); + } + + switch (authType) { case GOOGLE_SERVICE_ACCOUNT: // For using a Google Service Account (OAuth Type 0) @@ -144,11 +155,6 @@ static Map parseOAuthProperties(DataSource ds, String callerClas BigQueryJdbcUrlUtility.OAUTH_CLIENT_ID_PROPERTY_NAME, ds.getOAuthClientId()); oauthProperties.put( BigQueryJdbcUrlUtility.OAUTH_CLIENT_SECRET_PROPERTY_NAME, ds.getOAuthClientSecret()); - int reqGoogleDriveScope = ds.getRequestGoogleDriveScope(); - oauthProperties.put( - BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME, - String.valueOf(reqGoogleDriveScope)); - LOG.fine("RequestGoogleDriveScope parsed."); break; case PRE_GENERATED_TOKEN: String refreshToken = ds.getOAuthRefreshToken(); @@ -280,7 +286,7 @@ static GoogleCredentials getCredentials( break; case APPLICATION_DEFAULT_CREDENTIALS: // This auth method doesn't support service account impersonation - return getApplicationDefaultCredentials(callerClassName); + return getApplicationDefaultCredentials(authProperties, callerClassName); case EXTERNAL_ACCOUNT_AUTH: // This auth method doesn't support service account impersonation return getExternalAccountAuthCredentials(authProperties, callerClassName); @@ -373,6 +379,13 @@ private static GoogleCredentials getGoogleServiceAccountCredentials( builder.setUniverseDomain( overrideProperties.get(BigQueryJdbcUrlUtility.UNIVERSE_DOMAIN_OVERRIDE_PROPERTY_NAME)); } + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))){ + builder.setScopes( + Arrays.asList( + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/drive.readonly")); + LOG.fine("Added Google Drive read-only scope to Service Account builder."); + } } catch (URISyntaxException | IOException e) { LOG.severe("Validation failure for Service Account credentials."); throw new BigQueryJdbcRuntimeException(e); @@ -388,28 +401,6 @@ static UserAuthorizer getUserAuthorizer( String callerClassName) throws URISyntaxException { LOG.finest("++enter++\t" + callerClassName); - List scopes = new ArrayList<>(); - scopes.add("https://www.googleapis.com/auth/bigquery"); - - // Add Google Drive scope conditionally - if (authProperties.containsKey( - BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)) { - try { - int driveScopeValue = - Integer.parseInt( - authProperties.get( - BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); - if (driveScopeValue == 1) { - scopes.add("https://www.googleapis.com/auth/drive.readonly"); - LOG.fine("Added Google Drive read-only scope. Caller: " + callerClassName); - } - } catch (NumberFormatException e) { - LOG.severe( - "Invalid value for RequestGoogleDriveScope, defaulting to not request Drive scope." - + " Caller: " - + callerClassName); - } - } List responseTypes = new ArrayList<>(); responseTypes.add("code"); @@ -421,13 +412,21 @@ static UserAuthorizer getUserAuthorizer( UserAuthorizer.Builder userAuthorizerBuilder = UserAuthorizer.newBuilder() .setClientId(clientId) - .setScopes(scopes) .setCallbackUri(URI.create("http://localhost:" + port)); if (overrideProperties.containsKey(BigQueryJdbcUrlUtility.OAUTH2_TOKEN_URI_PROPERTY_NAME)) { userAuthorizerBuilder.setTokenServerUri( new URI(overrideProperties.get(BigQueryJdbcUrlUtility.OAUTH2_TOKEN_URI_PROPERTY_NAME))); } + List scopes = new ArrayList<>(); + scopes.add("https://www.googleapis.com/auth/bigquery"); + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + scopes.add("https://www.googleapis.com/auth/drive.readonly"); + LOG.fine("Added Google Drive read-only scope to User Account builder."); + } + + userAuthorizerBuilder.setScopes(scopes); return userAuthorizerBuilder.build(); } @@ -500,14 +499,27 @@ private static GoogleCredentials getPreGeneratedAccessTokenCredentials( builder.setUniverseDomain( overrideProperties.get(BigQueryJdbcUrlUtility.UNIVERSE_DOMAIN_OVERRIDE_PROPERTY_NAME)); } + LOG.info("Connection established. Auth Method: Pre-generated Access Token."); - return builder + GoogleCredentials credentials = builder .setAccessToken( AccessToken.newBuilder() .setTokenValue( authProperties.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME)) .build()) .build(); + + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + credentials = credentials.createScoped( + Arrays.asList( + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/drive.readonly" + ) + ); + } + + return credentials; } static GoogleCredentials getPreGeneratedTokensCredentials( @@ -552,11 +564,22 @@ static UserCredentials getPreGeneratedRefreshTokenCredentials( userCredentialsBuilder.setUniverseDomain( overrideProperties.get(BigQueryJdbcUrlUtility.UNIVERSE_DOMAIN_OVERRIDE_PROPERTY_NAME)); } + + UserCredentials userCredentials = userCredentialsBuilder.build(); + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + userCredentials = (UserCredentials) userCredentials.createScoped( + Arrays.asList( + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/drive.readonly" + ) + ); + } LOG.info("Connection established. Auth Method: Pre-generated Refresh Token."); - return userCredentialsBuilder.build(); + return userCredentials; } - private static GoogleCredentials getApplicationDefaultCredentials(String callerClassName) { + private static GoogleCredentials getApplicationDefaultCredentials(Map authProperties, String callerClassName) { LOG.finest("++enter++\t" + callerClassName); try { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault(); @@ -571,6 +594,17 @@ private static GoogleCredentials getApplicationDefaultCredentials(String callerC LOG.info( "Connection established. Auth Method: Application Default Credentials, Principal: %s.", principal); + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + credentials = credentials.createScoped( + Arrays.asList( + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/drive.readonly" + ) + ); + LOG.fine("Added Google Drive read-only scope to ADC credentials."); + } + return credentials; } catch (IOException exception) { // TODO throw exception @@ -616,16 +650,29 @@ private static GoogleCredentials getExternalAccountAuthCredentials( } } + GoogleCredentials credentials; if (credentialsPath != null) { - return ExternalAccountCredentials.fromStream( + credentials = ExternalAccountCredentials.fromStream( Files.newInputStream(Paths.get(credentialsPath))); } else if (jsonObject != null) { - return ExternalAccountCredentials.fromStream( + credentials = ExternalAccountCredentials.fromStream( new ByteArrayInputStream(jsonObject.toString().getBytes())); } else { throw new IllegalArgumentException( "Insufficient info provided for external authentication"); } + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + credentials = credentials.createScoped( + Arrays.asList( + "https://www.googleapis.com/auth/bigquery", + "https://www.googleapis.com/auth/drive.readonly" + ) + ); + LOG.fine("Added Google Drive read-only scope to External Account credentials."); + } + + return credentials; } catch (IOException e) { throw new BigQueryJdbcRuntimeException(e); } @@ -634,7 +681,7 @@ private static GoogleCredentials getExternalAccountAuthCredentials( // This function checks if connection string contains configuration for // credentials impersonation. If not, it returns regular credentials object. // If impersonated service account is provided, returns Credentials object - // accomodating this information. + // accommodating this information. private static GoogleCredentials getServiceAccountImpersonatedCredentials( GoogleCredentials credentials, Map authProperties) { @@ -653,10 +700,18 @@ private static GoogleCredentials getServiceAccountImpersonatedCredentials( // Scopes has a default value, so it should never be null List impersonationScopes = - Arrays.asList( - authProperties - .get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME) - .split(",")); + new java.util.ArrayList<>( + Arrays.asList( + authProperties + .get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME) + .split(","))); + + if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + if (!impersonationScopes.contains("https://www.googleapis.com/auth/drive.readonly")) { + impersonationScopes.add("https://www.googleapis.com/auth/drive.readonly"); + LOG.fine("Added Google Drive read-only scope to impersonation scopes."); + } + } // Token lifetime has a default value, so it should never be null String impersonationLifetime = From a3db96bad1a7fe35cbbcf61385ac1d2c49b00182 Mon Sep 17 00:00:00 2001 From: Neenu1995 Date: Fri, 17 Apr 2026 15:47:20 -0400 Subject: [PATCH 2/4] add unit tests --- .../jdbc/BigQueryJdbcOAuthUtilityTest.java | 37 +++++++++++++++++-- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java index ac2a7a8661e0..2761874449ed 100644 --- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java +++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java @@ -356,7 +356,7 @@ public void testParseOAuthProperties_UserAccount_RequestDriveScopeEnabled() { "redactedClientSecret", properties.get(BigQueryJdbcUrlUtility.OAUTH_CLIENT_SECRET_PROPERTY_NAME)); assertEquals( - "1", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); + "true", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); } @Test @@ -369,7 +369,7 @@ public void testParseOAuthProperties_UserAccount_RequestDriveScopeDisabled() { BigQueryJdbcOAuthUtility.parseOAuthProperties( DataSource.fromUrl(url), this.getClass().getName()); assertEquals( - "0", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); + "false", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); } @Test @@ -381,7 +381,7 @@ public void testParseOAuthProperties_UserAccount_RequestDriveScopeDefault() { BigQueryJdbcOAuthUtility.parseOAuthProperties( DataSource.fromUrl(url), this.getClass().getName()); assertEquals( - String.valueOf(BigQueryJdbcUrlUtility.DEFAULT_REQUEST_GOOGLE_DRIVE_SCOPE_VALUE), + "false", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); } @@ -391,7 +391,7 @@ public void testGetUserAuthorizer_WithDriveScope() throws URISyntaxException { authProperties.put(BigQueryJdbcUrlUtility.OAUTH_CLIENT_ID_PROPERTY_NAME, "redactedClientId"); authProperties.put( BigQueryJdbcUrlUtility.OAUTH_CLIENT_SECRET_PROPERTY_NAME, "redactedClientSecret"); - authProperties.put(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME, "1"); + authProperties.put(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME, "true"); UserAuthorizer authorizer = BigQueryJdbcOAuthUtility.getUserAuthorizer( @@ -432,6 +432,35 @@ public void testGetUserAuthorizer_InvalidDriveScopeValue() throws URISyntaxExcep assertFalse(authorizer.getScopes().contains("https://www.googleapis.com/auth/drive.readonly")); } + @Test + public void testParseOAuthProperties_ServiceAccount_RequestDriveScopeEnabled() { + String url = + "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;" + + "OAuthType=0;OAuthServiceAcctEmail=dummy@email.com;OAuthPvtKey=key;" + + "RequestGoogleDriveScope=1;"; + Map properties = + BigQueryJdbcOAuthUtility.parseOAuthProperties( + DataSource.fromUrl(url), this.getClass().getName()); + assertEquals( + "true", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); + } + + @Test + public void testGetCredentialsForPreGeneratedToken_WithDriveScope() { + Map authProperties = + BigQueryJdbcOAuthUtility.parseOAuthProperties( + DataSource.fromUrl( + "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;" + + "OAuthType=2;ProjectId=MyBigQueryProject;" + + "OAuthAccessToken=RedactedToken;" + + "RequestGoogleDriveScope=1;"), + null); + + GoogleCredentials credentials = + BigQueryJdbcOAuthUtility.getCredentials(authProperties, Collections.EMPTY_MAP, null); + assertThat(credentials).isNotNull(); + } + @Test public void testParseUserImpersonationDefault() { String connectionUri = From 313371bfeb629296ff5dbb4b9a196429ec59b47e Mon Sep 17 00:00:00 2001 From: cloud-java-bot Date: Fri, 17 Apr 2026 23:31:24 +0000 Subject: [PATCH 3/4] chore: generate libraries at Fri Apr 17 23:29:25 UTC 2026 --- java-iam/.repo-metadata.json | 1 - java-iam/README.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/java-iam/.repo-metadata.json b/java-iam/.repo-metadata.json index fa9ab8c76a75..d35667f774d9 100644 --- a/java-iam/.repo-metadata.json +++ b/java-iam/.repo-metadata.json @@ -10,7 +10,6 @@ "repo": "googleapis/google-cloud-java", "repo_short": "java-iam", "distribution_name": "com.google.cloud:google-iam-policy", - "api_id": "iam.googleapis.com", "library_type": "GAPIC_AUTO", "requires_billing": true, "excluded_dependencies": "google-iam-policy", diff --git a/java-iam/README.md b/java-iam/README.md index a31d56fecfdc..b5f33684f9cf 100644 --- a/java-iam/README.md +++ b/java-iam/README.md @@ -188,7 +188,7 @@ Java is a registered trademark of Oracle and/or its affiliates. [code-of-conduct]: https://github.com/googleapis/google-cloud-java/blob/main/CODE_OF_CONDUCT.md#contributor-code-of-conduct [license]: https://github.com/googleapis/google-cloud-java/blob/main/LICENSE [enable-billing]: https://cloud.google.com/apis/docs/getting-started#enabling_billing -[enable-api]: https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com + [libraries-bom]: https://github.com/GoogleCloudPlatform/cloud-opensource-java/wiki/The-Google-Cloud-Platform-Libraries-BOM [shell_img]: https://gstatic.com/cloudssh/images/open-btn.png From c1bed227bd56e06c3d58d98b6e84e2898f435fca Mon Sep 17 00:00:00 2001 From: Neenu1995 Date: Fri, 17 Apr 2026 19:41:28 -0400 Subject: [PATCH 4/4] avoid duplication of hardcoded OAuth scopes --- .../jdbc/BigQueryJdbcOAuthUtility.java | 119 +++++++++--------- .../bigquery/jdbc/BigQueryJdbcUrlUtility.java | 5 +- .../jdbc/BigQueryJdbcOAuthUtilityTest.java | 5 +- 3 files changed, 64 insertions(+), 65 deletions(-) diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java index 6fdf8a8ade51..50f86b327db1 100644 --- a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java +++ b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java @@ -80,6 +80,12 @@ final class BigQueryJdbcOAuthUtility { + "Thank you for using JDBC Driver for Google BigQuery!\n" + "You may now close the window."; + static final String BIGQUERY_SCOPE = "https://www.googleapis.com/auth/bigquery"; + static final String DRIVE_READONLY_SCOPE = "https://www.googleapis.com/auth/drive.readonly"; + + static final List DEFAULT_SCOPES = Arrays.asList(BIGQUERY_SCOPE); + static final List DRIVE_SCOPES = Arrays.asList(BIGQUERY_SCOPE, DRIVE_READONLY_SCOPE); + private static final int USER_AUTH_TIMEOUT_MS = 120000; private static final BigQueryJdbcCustomLogger LOG = new BigQueryJdbcCustomLogger(BigQueryJdbcOAuthUtility.class.getName()); @@ -119,15 +125,17 @@ static Map parseOAuthProperties(DataSource ds, String callerClas oauthProperties.put(BigQueryJdbcUrlUtility.OAUTH_TYPE_PROPERTY_NAME, String.valueOf(authType)); Integer reqGoogleDriveScope = ds.getRequestGoogleDriveScope(); - if( reqGoogleDriveScope != null){ - Boolean reqGoogleDriveScopeBool = BigQueryJdbcUrlUtility.convertIntToBoolean(String.valueOf(reqGoogleDriveScope), BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME); + if (reqGoogleDriveScope != null) { + Boolean reqGoogleDriveScopeBool = + BigQueryJdbcUrlUtility.convertIntToBoolean( + String.valueOf(reqGoogleDriveScope), + BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME); oauthProperties.put( BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME, String.valueOf(reqGoogleDriveScopeBool)); LOG.fine("RequestGoogleDriveScope parsed."); } - switch (authType) { case GOOGLE_SERVICE_ACCOUNT: // For using a Google Service Account (OAuth Type 0) @@ -245,7 +253,7 @@ static Map parseOAuthProperties(DataSource ds, String callerClas BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME, ds.getOAuthSAImpersonationScopes() != null ? ds.getOAuthSAImpersonationScopes() - : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE); + : BIGQUERY_SCOPE); oauthProperties.put( BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME, ds.getOAuthSAImpersonationTokenLifetime() != null @@ -379,11 +387,11 @@ private static GoogleCredentials getGoogleServiceAccountCredentials( builder.setUniverseDomain( overrideProperties.get(BigQueryJdbcUrlUtility.UNIVERSE_DOMAIN_OVERRIDE_PROPERTY_NAME)); } - if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))){ - builder.setScopes( - Arrays.asList( - "https://www.googleapis.com/auth/bigquery", - "https://www.googleapis.com/auth/drive.readonly")); + if ("true" + .equals( + authProperties.get( + BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + builder.setScopes(DRIVE_SCOPES); LOG.fine("Added Google Drive read-only scope to Service Account builder."); } } catch (URISyntaxException | IOException e) { @@ -418,11 +426,12 @@ static UserAuthorizer getUserAuthorizer( userAuthorizerBuilder.setTokenServerUri( new URI(overrideProperties.get(BigQueryJdbcUrlUtility.OAUTH2_TOKEN_URI_PROPERTY_NAME))); } - List scopes = new ArrayList<>(); - scopes.add("https://www.googleapis.com/auth/bigquery"); + List scopes = new java.util.ArrayList<>(DEFAULT_SCOPES); - if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { - scopes.add("https://www.googleapis.com/auth/drive.readonly"); + if ("true" + .equals( + authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + scopes.add(DRIVE_READONLY_SCOPE); LOG.fine("Added Google Drive read-only scope to User Account builder."); } @@ -501,22 +510,19 @@ private static GoogleCredentials getPreGeneratedAccessTokenCredentials( } LOG.info("Connection established. Auth Method: Pre-generated Access Token."); - GoogleCredentials credentials = builder - .setAccessToken( - AccessToken.newBuilder() - .setTokenValue( - authProperties.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME)) - .build()) - .build(); - - - if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { - credentials = credentials.createScoped( - Arrays.asList( - "https://www.googleapis.com/auth/bigquery", - "https://www.googleapis.com/auth/drive.readonly" - ) - ); + GoogleCredentials credentials = + builder + .setAccessToken( + AccessToken.newBuilder() + .setTokenValue( + authProperties.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME)) + .build()) + .build(); + + if ("true" + .equals( + authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + credentials = credentials.createScoped(DRIVE_SCOPES); } return credentials; @@ -567,19 +573,17 @@ static UserCredentials getPreGeneratedRefreshTokenCredentials( UserCredentials userCredentials = userCredentialsBuilder.build(); - if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { - userCredentials = (UserCredentials) userCredentials.createScoped( - Arrays.asList( - "https://www.googleapis.com/auth/bigquery", - "https://www.googleapis.com/auth/drive.readonly" - ) - ); + if ("true" + .equals( + authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) { + userCredentials = (UserCredentials) userCredentials.createScoped(DRIVE_SCOPES); } LOG.info("Connection established. Auth Method: Pre-generated Refresh Token."); return userCredentials; } - private static GoogleCredentials getApplicationDefaultCredentials(Map authProperties, String callerClassName) { + private static GoogleCredentials getApplicationDefaultCredentials( + Map authProperties, String callerClassName) { LOG.finest("++enter++\t" + callerClassName); try { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault(); @@ -595,13 +599,11 @@ private static GoogleCredentials getApplicationDefaultCredentials(Map> eldes static final String HTAPI_ACTIVATION_RATIO_PROPERTY_NAME = "HighThroughputActivationRatio"; static final String KMS_KEY_NAME_PROPERTY_NAME = "KMSKeyName"; static final String QUERY_PROPERTIES_NAME = "QueryProperties"; - static final int DEFAULT_HTAPI_ACTIVATION_RATIO_VALUE = - 2; // TODO: to adjust this value before private preview based on performance testing. + static final int DEFAULT_HTAPI_ACTIVATION_RATIO_VALUE = 2; static final String HTAPI_MIN_TABLE_SIZE_PROPERTY_NAME = "HighThroughputMinTableSize"; static final int DEFAULT_HTAPI_MIN_TABLE_SIZE_VALUE = 100; static final int DEFAULT_OAUTH_TYPE_VALUE = -1; @@ -86,8 +85,6 @@ protected boolean removeEldestEntry(Map.Entry> eldes static final String DEFAULT_OAUTH_SA_IMPERSONATION_CHAIN_VALUE = null; static final String OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME = "ServiceAccountImpersonationScopes"; - static final String DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE = - "https://www.googleapis.com/auth/bigquery"; static final String OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME = "ServiceAccountImpersonationTokenLifetime"; static final String DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE = "3600"; diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java index 2761874449ed..92ff47d19293 100644 --- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java +++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java @@ -381,8 +381,7 @@ public void testParseOAuthProperties_UserAccount_RequestDriveScopeDefault() { BigQueryJdbcOAuthUtility.parseOAuthProperties( DataSource.fromUrl(url), this.getClass().getName()); assertEquals( - "false", - properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); + "false", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME)); } @Test @@ -473,7 +472,7 @@ public void testParseUserImpersonationDefault() { "impersonated", result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME)); assertEquals( - BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE, + BigQueryJdbcOAuthUtility.BIGQUERY_SCOPE, result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME)); assertEquals( BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE,