Skip to content

feat: GCP Auth Login #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

feat: GCP Auth Login #11

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0a407c5
Added GCP Auth Login feature
PrathameshBhagat Oct 9, 2025
85f39e7
Added Integration test for GCP Auth login feature
PrathameshBhagat Oct 12, 2025
f63e3c4
fix typo
PrathameshBhagat Oct 12, 2025
f14a599
fix greptile issues
PrathameshBhagat Oct 12, 2025
94aed32
Greptile fixes
PrathameshBhagat Oct 13, 2025
341046d
fix typo
PrathameshBhagat Oct 13, 2025
9e7465e
Fix typos
PrathameshBhagat Oct 13, 2025
6440704
Complete reset
PrathameshBhagat Oct 13, 2025
a3ede1c
Refresh the changes
PrathameshBhagat Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,14 @@
<version>2.34.8</version>
<optional>true</optional>
</dependency>

<!-- GCP dependencies-->
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
<version>1.20.0</version> <!-- or latest -->
</dependency>

<!-- Testing dependencies-->
<dependency>
<groupId>org.junit.jupiter</groupId>
Expand Down
44 changes: 44 additions & 0 deletions src/main/java/com/infisical/sdk/auth/GCPAuthProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package com.infisical.sdk.auth;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;

import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import com.google.auth.oauth2.IdTokenProvider.Option;

public class GCPAuthProvider {

public static HashMap<String,String> getGCPAuthInput(String identityId){
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Missing null check for identityId parameter could cause NullPointerException during token creation

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/main/java/com/infisical/sdk/auth/GCPAuthProvider.java
Line: 14:14

Comment:
**logic:** Missing null check for identityId parameter could cause NullPointerException during token creation

How can I resolve this? If you propose a fix, please make it concise.


try{

// This will fetch credentials from environment variable named GOOGLE_APPLICATION_CREDENTIALS or
// or if it's running in a GCP instance it will get them from the instance itself (GCP service account attached)
GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault();

IdTokenCredentials idTokenCredentials =
IdTokenCredentials.newBuilder()
.setIdTokenProvider((IdTokenProvider) googleCredentials)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Unsafe cast to IdTokenProvider without type checking - could throw ClassCastException if GoogleCredentials doesn't implement IdTokenProvider

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/main/java/com/infisical/sdk/auth/GCPAuthProvider.java
Line: 24:24

Comment:
**logic:** Unsafe cast to IdTokenProvider without type checking - could throw ClassCastException if GoogleCredentials doesn't implement IdTokenProvider

How can I resolve this? If you propose a fix, please make it concise.

.setTargetAudience(identityId)
.setOptions(Arrays.asList(Option.FORMAT_FULL, Option.LICENSES_TRUE))
.build();

// Get the ID token.
String idToken = idTokenCredentials.refreshAccessToken().getTokenValue();

// Body cannot be a string so... HashMap can use bulider, POJO etc
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

syntax: Typo in comment: 'bulider' should be 'builder'

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/main/java/com/infisical/sdk/auth/GCPAuthProvider.java
Line: 32:32

Comment:
**syntax:** Typo in comment: 'bulider' should be 'builder'

How can I resolve this? If you propose a fix, please make it concise.

HashMap<String, String> body = new HashMap<>();
body.put("identityId", identityId);
body.put("jwt", idToken);

return body;

} catch (IOException e){
throw new RuntimeException(e);
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Converting IOException to RuntimeException may hide important credential configuration issues. Consider providing more specific error messages or allowing IOException to propagate with better context.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/main/java/com/infisical/sdk/auth/GCPAuthProvider.java
Line: 39:41

Comment:
**style:** Converting IOException to RuntimeException may hide important credential configuration issues. Consider providing more specific error messages or allowing IOException to propagate with better context.

How can I resolve this? If you propose a fix, please make it concise.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw this in AWSAuthProvider.java the same did this in here, hence did it, let me know if I need to change this.
https://github.com/Infisical/java-sdk/blob/main/src/main/java/com/infisical/sdk/auth/AwsAuthProvider.java#L104


}
}
9 changes: 9 additions & 0 deletions src/main/java/com/infisical/sdk/resources/AuthClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import com.infisical.sdk.api.ApiClient;
import com.infisical.sdk.auth.AwsAuthProvider;
import com.infisical.sdk.auth.GCPAuthProvider;
import com.infisical.sdk.models.AwsAuthLoginInput;
import com.infisical.sdk.models.LdapAuthLoginInput;
import com.infisical.sdk.models.MachineIdentityCredential;
Expand Down Expand Up @@ -56,6 +57,14 @@ public void AwsAuthLogin(AwsAuthLoginInput input) throws InfisicalException {
this.onAuthenticate.accept(credential.getAccessToken());
}

public void GCPAuthLogin(String identityId) throws InfisicalException {
var url = String.format("%s%s", this.apiClient.GetBaseUrl(), "/api/v1/auth/gcp-auth/login");

var input = GCPAuthProvider.getGCPAuthInput(identityId);
var credential = this.apiClient.post(url, input ,MachineIdentityCredential.class);
this.onAuthenticate.accept(credential.getAccessToken());
}

public void SetAccessToken(String accessToken) {
this.onAuthenticate.accept(accessToken);
}
Expand Down
63 changes: 63 additions & 0 deletions src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package com.infisical.sdk.auth;

import com.infisical.sdk.InfisicalSdk;
import com.infisical.sdk.config.SdkConfig;
import com.infisical.sdk.util.EnvironmentVariables;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static org.junit.jupiter.api.Assertions.*;

public class GCPAuthIntegrationTest{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

syntax: Missing space before opening brace - should be GCPAuthIntegrationTest {

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
Line: 12:12

Comment:
**syntax:** Missing space before opening brace - should be `GCPAuthIntegrationTest {`

How can I resolve this? If you propose a fix, please make it concise.


private static final Logger logger = LoggerFactory.getLogger(GCPAuthIntegrationTest.class);
@Test
public void testGCPAuthAndFetchSecrets() throws Exception {

// Load env variables
var envVars = new EnvironmentVariables();

// Get Machine Identity Id
String machineIdentityId = System.getenv("INFISICAL_MACHINE_IDENTITY_ID");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider using envVars.getMachineIdentityId() if this method exists, for consistency with other environment variable access patterns in the codebase

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
Line: 22:22

Comment:
**style:** Consider using envVars.getMachineIdentityId() if this method exists, for consistency with other environment variable access patterns in the codebase

How can I resolve this? If you propose a fix, please make it concise.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't wanted to update existing code hence did this, let me know if I need to change this.



// Check if env variable machine identity is set others are already tested via env tests
assertNotNull(machineIdentityId, "INFISICAL_MACHINE_IDENTITY_ID env variable must be set");


// Create SDK instance
var sdk = new InfisicalSdk(new SdkConfig.Builder()
.withSiteUrl(envVars.getSiteUrl())
.build()
);

// Authenticate using GCP Auth
assertDoesNotThrow(() -> {
sdk.Auth().GCPAuthLogin(machineIdentityId);
});



try {

// Test if we have correctly logged in and we can list the secrets
var secrets = sdk.Secrets().ListSecrets(
envVars.getProjectId(),
"dev",
"/",
null,
null,
null);

assertNotNull(secrets, "Secrets list should not be null");
assertFalse(secrets.isEmpty(), "Secrets list should not be empty");
Comment on lines +53 to +54
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Test assumes secrets exist in the 'dev' environment. Consider adding a comment explaining this prerequisite or making the test more robust by checking if no secrets exist.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
Line: 53:54

Comment:
**style:** Test assumes secrets exist in the 'dev' environment. Consider adding a comment explaining this prerequisite or making the test more robust by checking if no secrets exist.

How can I resolve this? If you propose a fix, please make it concise.


logger.info("TestGCPAuth Successful");
logger.info("Secrets length : {}", secrets.size());

} catch (Exception e) {
throw new AssertionError(e);
}
}
}