local review of tests

plugins/repository-gcs/src/main/java/org/opensearch/repositories/gcs/GoogleApplicationDefaultCredentials.java

@@ -0,0 +1,29 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.repositories.gcs;
+
+import com.google.auth.oauth2.GoogleCredentials;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import java.io.IOException;
+
+public class GoogleApplicationDefaultCredentials {
+    private static final Logger logger = LogManager.getLogger(GoogleApplicationDefaultCredentials.class);
+
+    public GoogleCredentials getApplicationDefaultCredentials() {
+        GoogleCredentials credentials = null;
+        try {
+            credentials = SocketAccess.doPrivilegedIOException(GoogleCredentials::getApplicationDefault);
+        } catch (IOException e) {
+            logger.error("Failed to retrieve \"Application Default Credentials\"");
+        }
+        return credentials;
+    }
+}

plugins/repository-gcs/src/main/java/org/opensearch/repositories/gcs/GoogleCloudStorageService.java

@@ -71,6 +71,16 @@ public class GoogleCloudStorageService {
      */
     private volatile Map<String, Storage> clientCache = emptyMap();
 
+    final private GoogleApplicationDefaultCredentials googleApplicationDefaultCredentials;
+
+
+    public GoogleCloudStorageService() {
+        this.googleApplicationDefaultCredentials = new GoogleApplicationDefaultCredentials();
+    }
+    public GoogleCloudStorageService(GoogleApplicationDefaultCredentials googleApplicationDefaultCredentials) {
+        this.googleApplicationDefaultCredentials = googleApplicationDefaultCredentials;
+    }
+
     /**
      * Refreshes the client settings and clears the client cache. Subsequent calls to
      * {@code GoogleCloudStorageService#client} will return new clients constructed
@@ -215,12 +225,8 @@ StorageOptions createStorageOptions(
         }
         if (clientSettings.getCredential() == null) {
             logger.info("\"Application Default Credentials\" will be in use");
-            try {
-                final GoogleCredentials credentials = SocketAccess.doPrivilegedIOException(() -> GoogleCredentials.getApplicationDefault());
-                storageOptionsBuilder.setCredentials(credentials);
-            } catch (IOException e) {
-                logger.error("Failed to retrieve \"Application Default Credentials\"");
-            }
+            final GoogleCredentials credentials = googleApplicationDefaultCredentials.getApplicationDefaultCredentials();
+            storageOptionsBuilder.setCredentials(credentials);
         } else {
             ServiceAccountCredentials serviceAccountCredentials = clientSettings.getCredential();
             // override token server URI

plugins/repository-gcs/src/test/java/org/opensearch/repositories/gcs/GoogleCloudStorageServiceTests.java

@@ -33,8 +33,11 @@
 package org.opensearch.repositories.gcs;
 
 import com.google.auth.Credentials;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.http.HttpTransportOptions;
 import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+import org.mockito.Mockito;
 import org.opensearch.common.settings.MockSecureSettings;
 import org.opensearch.common.settings.Setting;
 import org.opensearch.common.settings.Settings;
@@ -44,6 +47,9 @@
 import org.opensearch.test.OpenSearchTestCase;
 import org.hamcrest.Matchers;
 
+import java.net.Proxy;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.util.Base64;
@@ -82,7 +88,11 @@ public void testClientInitializer() throws Exception {
             .put(GoogleCloudStorageClientSettings.ENDPOINT_SETTING.getConcreteSettingForNamespace(clientName).getKey(), endpoint)
             .put(GoogleCloudStorageClientSettings.PROJECT_ID_SETTING.getConcreteSettingForNamespace(clientName).getKey(), projectIdName)
             .build();
-        final GoogleCloudStorageService service = new GoogleCloudStorageService();
+        GoogleCredentials mockGoogleCredentials = Mockito.mock(GoogleCredentials.class);
+        GoogleApplicationDefaultCredentials mockDefaultCredentials = Mockito.mock(GoogleApplicationDefaultCredentials.class);
+        Mockito.when(mockDefaultCredentials.getApplicationDefaultCredentials()).thenReturn(mockGoogleCredentials);
+
+        final GoogleCloudStorageService service = new GoogleCloudStorageService(mockDefaultCredentials);
         service.refreshAndClearCache(GoogleCloudStorageClientSettings.load(settings));
         GoogleCloudStorageOperationsStats statsCollector = new GoogleCloudStorageOperationsStats("bucket");
         final IllegalArgumentException e = expectThrows(
@@ -106,7 +116,7 @@ public void testClientInitializer() throws Exception {
             ((HttpTransportOptions) storage.getOptions().getTransportOptions()).getReadTimeout(),
             Matchers.is((int) readTimeValue.millis())
         );
-        assertThat(storage.getOptions().getCredentials(), Matchers.nullValue(Credentials.class));
+        assertThat(storage.getOptions().getCredentials(), Matchers.instanceOf(Credentials.class));
     }
 
     public void testReinitClientSettings() throws Exception {
@@ -193,4 +203,40 @@ public void testToTimeout() {
         assertEquals(-1, GoogleCloudStorageService.toTimeout(TimeValue.ZERO).intValue());
         assertEquals(0, GoogleCloudStorageService.toTimeout(TimeValue.MINUS_ONE).intValue());
     }
+    /*
+    The following methods test the Google Application Default Credential instead of
+    service account file.
+    Considered use of Junit Mocking due to static method GoogleCredentials.getApplicationDefault
+    and avoiding environment variables to set which later use GCE.
+     */
+    public void testApplicationDefaultCredential() throws Exception {
+        GoogleCloudStorageClientSettings settings = getGoogleCloudStorageClientSettings();
+        GoogleCredentials mockGoogleCredentials = Mockito.mock(GoogleCredentials.class);
+        HttpTransportOptions mockHttpTransportOptions = Mockito.mock(HttpTransportOptions.class);
+        GoogleApplicationDefaultCredentials mockDefaultCredentials = Mockito.mock(GoogleApplicationDefaultCredentials.class);
+        Mockito.when(mockDefaultCredentials.getApplicationDefaultCredentials()).thenReturn(mockGoogleCredentials);
+
+        GoogleCloudStorageService service = new GoogleCloudStorageService(mockDefaultCredentials);
+        StorageOptions storageOptions = service.createStorageOptions(settings,mockHttpTransportOptions);
+        assertNotNull(storageOptions);
+        assertEquals(storageOptions.getCredentials().toString(),mockGoogleCredentials.toString());
+
+    }
+    private static GoogleCloudStorageClientSettings getGoogleCloudStorageClientSettings() throws URISyntaxException {
+        final TimeValue connectTimeValue = TimeValue.timeValueNanos(randomIntBetween(0, 2000000));
+        final TimeValue readTimeValue = TimeValue.timeValueNanos(randomIntBetween(0, 2000000));
+        final String applicationName = randomAlphaOfLength(randomIntBetween(1, 10)).toLowerCase(Locale.ROOT);
+        final String endpoint = randomFrom("http://", "https://")
+            + randomFrom("www.opensearch.org", "www.googleapis.com", "localhost/api", "google.com/oauth")
+            + ":"
+            + randomIntBetween(1, 65535);
+        final String projectIdName = randomAlphaOfLength(randomIntBetween(1, 10)).toLowerCase(Locale.ROOT);
+
+        return new GoogleCloudStorageClientSettings(
+            null,endpoint,projectIdName,
+            connectTimeValue,readTimeValue,applicationName,
+            new URI(""),
+            new ProxySettings(Proxy.Type.DIRECT, null, 0, null, null));
+    }
+
 }