feat: add universe domain support

composer.json

@@ -7,8 +7,8 @@
     "license": "Apache-2.0",
     "require": {
         "php": "^7.4|^8.0",
-        "google/auth": "^1.33",
-        "google/apiclient-services": "~0.200",
+        "google/auth": "^1.37",
+        "google/apiclient-services": "dev-universe-domain as 0.340",
         "firebase/php-jwt": "~6.0",
         "monolog/monolog": "^2.9||^3.0",
         "phpseclib/phpseclib": "^3.0.34",

src/Client.php

@@ -27,6 +27,7 @@
 use Google\Auth\Credentials\UserRefreshCredentials;
 use Google\Auth\CredentialsLoader;
 use Google\Auth\FetchAuthTokenCache;
+use Google\Auth\GetUniverseDomainInterface;
 use Google\Auth\HttpHandler\HttpHandlerFactory;
 use Google\Auth\OAuth2;
 use Google\AuthHandler\AuthHandlerFactory;
@@ -176,7 +177,10 @@ public function __construct(array $config = [])
 
             // Setting api_format_v2 will return more detailed error messages
             // from certain APIs.
-            'api_format_v2' => false
+            'api_format_v2' => false,
+
+            // Setting the universe domain will change the
+            'universe_domain' => GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN,
         ], $config);
 
         if (!is_null($this->config['credentials'])) {
@@ -428,6 +432,7 @@ public function authorize(ClientInterface $http = null)
         //   3b. If access token exists but is expired, try to refresh it
         //   4.  Check for API Key
         if ($this->credentials) {
+            $this->checkUniverseDomain($this->credentials);
             return $authHandler->attachCredentials(
                 $http,
                 $this->credentials,
@@ -437,6 +442,7 @@ public function authorize(ClientInterface $http = null)
 
         if ($this->isUsingApplicationDefaultCredentials()) {
             $credentials = $this->createApplicationDefaultCredentials();
+            $this->checkUniverseDomain($credentials);
             return $authHandler->attachCredentialsCache(
                 $http,
                 $credentials,
@@ -452,6 +458,7 @@ public function authorize(ClientInterface $http = null)
                     $scopes,
                     $token['refresh_token']
                 );
+                $this->checkUniverseDomain($credentials);
                 return $authHandler->attachCredentials(
                     $http,
                     $credentials,
@@ -1297,4 +1304,23 @@ private function createUserRefreshCredentials($scope, $refreshToken)
 
         return new UserRefreshCredentials($scope, $creds);
     }
+
+    private function checkUniverseDomain($credentials)
+    {
+        $credentialsUniverse = $credentials instanceof GetUniverseDomainInterface
+            ? $credentials->getUniverseDomain()
+            : GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN;
+        if ($credentialsUniverse !== $this->getUniverseDomain()) {
+            throw new DomainException(sprintf(
+                'The configured universe domain (%s) does not match the credential universe domain (%s)',
+                $this->getUniverseDomain(),
+                $credentialsUniverse
+            ));
+        }
+    }
+
+    public function getUniverseDomain()
+    {
+        return $this->config['universe_domain'];
+    }
 }

src/Service.php

@@ -23,7 +23,11 @@
 class Service
 {
     public $batchPath;
+    /**
+     * @deprecated use $rootUrlTemplate instead
+     */
     public $rootUrl;
+    public $rootUrlTemplate;
     public $version;
     public $servicePath;
     public $serviceName;

src/Service/Resource.php

@@ -45,8 +45,8 @@ class Resource
         'prettyPrint' => ['type' => 'string', 'location' => 'query'],
     ];
 
-    /** @var string $rootUrl */
-    private $rootUrl;
+    /** @var string $rootUrlTemplate */
+    private $rootUrlTemplate;
 
     /** @var \Google\Client $client */
     private $client;
@@ -65,7 +65,7 @@ class Resource
 
     public function __construct($service, $serviceName, $resourceName, $resource)
     {
-        $this->rootUrl = $service->rootUrl;
+        $this->rootUrlTemplate = $service->rootUrlTemplate ?? $service->rootUrl;
         $this->client = $service->getClient();
         $this->servicePath = $service->servicePath;
         $this->serviceName = $serviceName;
@@ -268,12 +268,14 @@ public function createRequestUri($restPath, $params)
             $requestUrl = $this->servicePath . $restPath;
         }
 
-        // code for leading slash
-        if ($this->rootUrl) {
-            if ('/' !== substr($this->rootUrl, -1) && '/' !== substr($requestUrl, 0, 1)) {
+        if ($this->rootUrlTemplate) {
+            // code for universe domain
+            $rootUrl = str_replace('UNIVERSE_DOMAIN', $this->client->getUniverseDomain(), $this->rootUrlTemplate);
+            // code for leading slash
+            if ('/' !== substr($rootUrl, -1) && '/' !== substr($requestUrl, 0, 1)) {
                 $requestUrl = '/' . $requestUrl;
             }
-            $requestUrl = $this->rootUrl . $requestUrl;
+            $requestUrl = $rootUrl . $requestUrl;
         }
         $uriTemplateVars = [];
         $queryVars = [];

tests/Google/ClientTest.php

@@ -24,7 +24,9 @@
 use Google\Service\Drive;
 use Google\AuthHandler\AuthHandlerFactory;
 use Google\Auth\FetchAuthTokenCache;
+use Google\Auth\CredentialsLoader;
 use Google\Auth\GCECache;
+use Google\Auth\Credentials\GCECredentials;
 use GuzzleHttp\Client as GuzzleClient;
 use GuzzleHttp\Psr7\Request;
 use GuzzleHttp\Psr7\Response;
@@ -37,6 +39,7 @@
 use ReflectionMethod;
 use InvalidArgumentException;
 use Exception;
+use DomainException;
 
 class ClientTest extends BaseTest
 {
@@ -689,11 +692,20 @@ public function testOnGceCacheAndCacheOptions()
         $mockCacheItem->get()
             ->shouldBeCalledTimes(1)
             ->willReturn(true);
+        $mockUniverseDomainCacheItem = $this->prophesize(CacheItemInterface::class);
+        $mockUniverseDomainCacheItem->isHit()
+                ->willReturn(true);
+        $mockUniverseDomainCacheItem->get()
+            ->shouldBeCalledTimes(1)
+            ->willReturn('googleapis.com');
 
         $mockCache = $this->prophesize(CacheItemPoolInterface::class);
         $mockCache->getItem($prefix . GCECache::GCE_CACHE_KEY)
             ->shouldBeCalledTimes(1)
             ->willReturn($mockCacheItem->reveal());
+        $mockCache->getItem(GCECredentials::cacheKey . 'universe_domain')
+            ->shouldBeCalledTimes(1)
+            ->willReturn($mockUniverseDomainCacheItem->reveal());
 
         $client = new Client(['cache_config' => $cacheConfig]);
         $client->setCache($mockCache->reveal());
@@ -849,6 +861,8 @@ public function testCredentialsOptionWithCredentialsLoader()
         $credentials = $this->prophesize('Google\Auth\CredentialsLoader');
         $credentials->getCacheKey()
             ->willReturn('cache-key');
+        $credentials->getUniverseDomain()
+            ->willReturn('googleapis.com');
 
         // Ensure the access token provided by our credentials loader is used
         $credentials->updateMetadata([], null, Argument::any())
@@ -913,4 +927,21 @@ public function testQueryParamsForAuthUrl()
         ]);
         $this->assertStringContainsString('&enable_serial_consent=true', $authUrl1);
     }
+    public function testUniverseDomainMismatch()
+    {
+        $this->expectException(DomainException::class);
+        $this->expectExceptionMessage(
+            'The configured universe domain (example.com) does not match the credential universe domain (foo.com)'
+        );
+
+        $credentials = $this->prophesize(CredentialsLoader::class);
+        $credentials->getUniverseDomain()
+            ->shouldBeCalledOnce()
+            ->willReturn('foo.com');
+        $client = new Client([
+            'universe_domain' => 'example.com',
+            'credentials' => $credentials->reveal(),
+        ]);
+        $client->authorize();
+    }
 }

tests/Google/Service/ResourceTest.php

@@ -35,10 +35,11 @@
 
 class TestService extends \Google\Service
 {
-    public function __construct(Client $client)
+    public function __construct(Client $client, $rootUrl = null)
     {
         parent::__construct($client);
-        $this->rootUrl = "https://test.example.com";
+        $this->rootUrl = $rootUrl ?: "https://test.example.com";
+        $this->rootUrlTemplate = $rootUrl ?: "https://test.UNIVERSE_DOMAIN";
         $this->servicePath = "";
         $this->version = "v1beta1";
         $this->serviceName = "test";
@@ -59,6 +60,7 @@ public function setUp(): void
         $this->client->getLogger()->willReturn($logger->reveal());
         $this->client->shouldDefer()->willReturn(true);
         $this->client->getHttpClient()->willReturn(new GuzzleClient());
+        $this->client->getUniverseDomain()->willReturn('example.com');
 
         $this->service = new TestService($this->client->reveal());
     }
@@ -106,6 +108,37 @@ public function testCall()
         $this->assertFalse($request->hasHeader('Content-Type'));
     }
 
+    public function testCallWithUniverseDomainTemplate()
+    {
+        $client = $this->prophesize(Client::class);
+        $logger = $this->prophesize("Monolog\Logger");
+        $this->client->getLogger()->willReturn($logger->reveal());
+        $this->client->shouldDefer()->willReturn(true);
+        $this->client->getHttpClient()->willReturn(new GuzzleClient());
+        $this->client->getUniverseDomain()->willReturn('example-universe-domain.com');
+
+        $this->service = new TestService($this->client->reveal());
+
+        $resource = new GoogleResource(
+            $this->service,
+            "test",
+            "testResource",
+            [
+                "methods" => [
+                    "testMethod" => [
+                        "parameters" => [],
+                        "path" => "method/path",
+                        "httpMethod" => "POST",
+                    ]
+                ]
+            ]
+        );
+        $request = $resource->call("testMethod", [[]]);
+        $this->assertEquals("https://test.example-universe-domain.com/method/path", (string) $request->getUri());
+        $this->assertEquals("POST", $request->getMethod());
+        $this->assertFalse($request->hasHeader('Content-Type'));
+    }
+
     public function testCallWithPostBody()
     {
         $resource = new GoogleResource(
@@ -130,9 +163,9 @@ public function testCallWithPostBody()
 
     public function testCallServiceDefinedRoot()
     {
-        $this->service->rootUrl = "https://sample.example.com";
+        $service = new TestService($this->client->reveal(), "https://sample.example.com");
         $resource = new GoogleResource(
-            $this->service,
+            $service,
             "test",
             "testResource",
             [