fix: ensure cache is used for calls to ADC::onGCE (#441)

composer.json

@@ -7,7 +7,7 @@
     "license": "BSD-3-Clause",
     "require": {
         "php": ">=7.0",
-        "google/auth": "^1.18.0",
+        "google/auth": "1.19.1||^1.25.0",
         "google/grpc-gcp": "^0.2",
         "grpc/grpc": "^1.13",
         "google/protobuf": "^3.21.4",

src/CredentialsWrapper.php

@@ -122,18 +122,22 @@ public static function build(array $args = [])
             'defaultScopes'     => null,
             'useJwtAccessWithScope' => true,
         ];
+
         $keyFile = $args['keyFile'];
         $authHttpHandler = $args['authHttpHandler'] ?: self::buildHttpHandlerFactory();
 
         if (is_null($keyFile)) {
             $loader = self::buildApplicationDefaultCredentials(
                 $args['scopes'],
                 $authHttpHandler,
-                null,
-                null,
+                $args['authCacheOptions'],
+                $args['authCache'],
                 $args['quotaProject'],
                 $args['defaultScopes']
             );
+            if ($loader instanceof FetchAuthTokenCache) {
+                $loader = $loader->getFetcher();
+            }
         } else {
             if (is_string($keyFile)) {
                 if (!file_exists($keyFile)) {

tests/Tests/Unit/CredentialsWrapperTest.php

@@ -33,10 +33,14 @@
 namespace Google\ApiCore\Tests\Unit;
 
 use Google\ApiCore\CredentialsWrapper;
+use Google\ApiCore\ValidationException;
 use Google\Auth\ApplicationDefaultCredentials;
 use Google\Auth\Cache\MemoryCacheItemPool;
 use Google\Auth\Cache\SysVCacheItemPool;
+use Google\Auth\GCECache;
 use Google\Auth\CredentialsLoader;
+use Google\Auth\Credentials\GCECredentials;
+use Google\Auth\Credentials\ServiceAccountCredentials;
 use Google\Auth\FetchAuthTokenCache;
 use Google\Auth\FetchAuthTokenInterface;
 use Google\Auth\HttpHandler\HttpHandlerFactory;
@@ -314,4 +318,94 @@ public function getAuthorizationHeaderCallbackData()
             [$customFetcher->reveal(), ['authorization' => ['Bearer 123']]],
         ];
     }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testApplicationDefaultCredentialsWithOnGCECacheTrue()
+    {
+        putenv('HOME=' . __DIR__ . '/not_exist_fixtures');
+        putenv(ServiceAccountCredentials::ENV_VAR);  // removes it from the environment
+
+        $mockCacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
+        $mockCacheItem->isHit()
+            ->willReturn(true);
+        // mock being on GCE
+        $mockCacheItem->get()
+            ->shouldBeCalledTimes(1)
+            ->willReturn(true);
+
+        $mockCache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
+        $mockCache->getItem(GCECache::GCE_CACHE_KEY)
+            ->shouldBeCalledTimes(1)
+            ->willReturn($mockCacheItem->reveal());
+
+        $wrapper = CredentialsWrapper::build([
+            'authCache' => $mockCache->reveal(),
+        ]);
+        $reflectionClass = new \ReflectionClass($wrapper);
+        $reflectionProperty = $reflectionClass->getProperty('credentialsFetcher');
+        $reflectionProperty->setAccessible(true);
+        $this->assertInstanceOf(GCECredentials::class, $reflectionProperty->getValue($wrapper)->getFetcher());
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testApplicationDefaultCredentialsWithOnGCECacheFalse()
+    {
+        putenv('HOME=' . __DIR__ . '/not_exist_fixtures');
+        putenv(ServiceAccountCredentials::ENV_VAR);  // removes it from the environment
+
+        $this->expectException(ValidationException::class);
+        $this->expectExceptionMessage('Could not construct ApplicationDefaultCredentials');
+
+        $mockCacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
+        $mockCacheItem->isHit()
+            ->willReturn(true);
+        // mock not being on GCE
+        $mockCacheItem->get()
+            ->shouldBeCalledTimes(1)
+            ->willReturn(false);
+
+        $mockCache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
+        $mockCache->getItem(GCECache::GCE_CACHE_KEY)
+            ->shouldBeCalledTimes(1)
+            ->willReturn($mockCacheItem->reveal());
+
+        $wrapper = CredentialsWrapper::build([
+            'authCache' => $mockCache->reveal(),
+        ]);
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testApplicationDefaultCredentialsWithOnGCECacheOptions()
+    {
+        putenv('HOME=' . __DIR__ . '/not_exist_fixtures');
+        putenv(ServiceAccountCredentials::ENV_VAR);  // removes it from the environment
+
+        $mockCacheItem = $this->prophesize('Psr\Cache\CacheItemInterface');
+        $mockCacheItem->isHit()
+            ->willReturn(true);
+        // mock being on GCE
+        $mockCacheItem->get()
+            ->shouldBeCalledTimes(1)
+            ->willReturn(true);
+
+        $mockCache = $this->prophesize('Psr\Cache\CacheItemPoolInterface');
+        $mockCache->getItem('prefix_' . GCECache::GCE_CACHE_KEY)
+            ->shouldBeCalledTimes(1)
+            ->willReturn($mockCacheItem->reveal());
+
+        $wrapper = CredentialsWrapper::build([
+            'authCache' => $mockCache->reveal(),
+            'authCacheOptions' => ['gce_prefix' => 'prefix_'],
+        ]);
+        $reflectionClass = new \ReflectionClass($wrapper);
+        $reflectionProperty = $reflectionClass->getProperty('credentialsFetcher');
+        $reflectionProperty->setAccessible(true);
+        $this->assertInstanceOf(GCECredentials::class, $reflectionProperty->getValue($wrapper)->getFetcher());
+    }
 }