address review comments

Author: whowes

java-bigquery/google-cloud-bigquery/src/main/java/com/google/cloud/bigquery/BigQueryOptions.java

@@ -77,7 +77,9 @@ public static class Builder extends ServiceOptions.Builder<BigQuery, BigQueryOpt
     private Tracer openTelemetryTracer;
     private ResultRetryAlgorithm<?> resultRetryAlgorithm;
 
-    private Builder() {}
+    private Builder() {
+      setUseJwtAccessWithScope(false);
+    }
 
     private Builder(BigQueryOptions options) {
       super(options);
@@ -213,11 +215,6 @@ public static HttpTransportOptions getDefaultHttpTransportOptions() {
     return HttpTransportOptions.newBuilder().setReadTimeout(DEFAULT_READ_API_TIME_OUT).build();
   }
 
-  @Override
-  protected boolean useSelfSignedJwt() {
-    return false;
-  }
-
   @Override
   protected Set<String> getScopes() {
     return SCOPES;

sdk-platform-java/java-core/google-cloud-core/src/main/java/com/google/cloud/ServiceOptions.java

@@ -106,6 +106,7 @@ public abstract class ServiceOptions<
   private final TransportOptions transportOptions;
   private final HeaderProvider headerProvider;
   private final String quotaProjectId;
+  private final boolean useJwtAccessWithScope;
 
   private transient ServiceRpcFactory<OptionsT> serviceRpcFactory;
   private transient ServiceFactory<ServiceT, OptionsT> serviceFactory;
@@ -140,6 +141,7 @@ public abstract static class Builder<
     private HeaderProvider headerProvider;
     private String clientLibToken = ServiceOptions.getGoogApiClientLibName();
     private String quotaProjectId;
+    private boolean useJwtAccessWithScope = true;
 
     private ApiTracerFactory apiTracerFactory;
 
@@ -159,6 +161,7 @@ protected Builder(ServiceOptions<ServiceT, OptionsT> options) {
       transportOptions = options.transportOptions;
       clientLibToken = options.clientLibToken;
       quotaProjectId = options.quotaProjectId;
+      useJwtAccessWithScope = options.useJwtAccessWithScope;
       apiTracerFactory = options.apiTracerFactory;
     }
 
@@ -313,6 +316,18 @@ public B setQuotaProjectId(String quotaProjectId) {
       return self();
     }
 
+    /**
+     * Sets the configuration determining whether self-signed JWT with scopes are used for service
+     * account credentials.
+     *
+     * @param useJwtAccessWithScope whether to use self-signed JWT with scopes
+     * @return the builder
+     */
+    public B setUseJwtAccessWithScope(final boolean useJwtAccessWithScope) {
+      this.useJwtAccessWithScope = useJwtAccessWithScope;
+      return self();
+    }
+
     /**
      * Sets the {@link ApiTracerFactory}. It will be used to create an {@link ApiTracer} that is
      * annotated throughout the lifecycle of an RPC operation.
@@ -365,6 +380,7 @@ protected ServiceOptions(
         builder.quotaProjectId != null
             ? builder.quotaProjectId
             : getValueFromCredentialsFile(getCredentialsPath(), "quota_project_id");
+    useJwtAccessWithScope = builder.useJwtAccessWithScope;
     apiTracerFactory = builder.apiTracerFactory;
   }
 
@@ -650,17 +666,13 @@ public Credentials getScopedCredentials() {
         && ((GoogleCredentials) credentials).createScopedRequired()) {
       credentialsToReturn = ((GoogleCredentials) credentials).createScoped(getScopes());
     }
-    if (useSelfSignedJwt() && credentialsToReturn instanceof ServiceAccountCredentials) {
+    if (getUseJwtAccessWithScope() && credentialsToReturn instanceof ServiceAccountCredentials) {
       credentialsToReturn =
           ((ServiceAccountCredentials) credentialsToReturn).createWithUseJwtAccessWithScope(true);
     }
     return credentialsToReturn;
   }
 
-  protected boolean useSelfSignedJwt() {
-    return true;
-  }
-
   /** Returns configuration parameters for request retries. */
   public RetrySettings getRetrySettings() {
     return retrySettings;
@@ -831,6 +843,15 @@ public String getQuotaProjectId() {
     return quotaProjectId;
   }
 
+  /**
+   * Returns true when self-signed JWT with scopes are used for service account credentials.
+   *
+   * @return true when self-signed JWT with scopes are used
+   */
+  public boolean getUseJwtAccessWithScope() {
+    return useJwtAccessWithScope;
+  }
+
   /**
    * Returns the resolved host for the Service to connect to Google Cloud
    *

sdk-platform-java/java-core/google-cloud-core/src/test/java/com/google/cloud/ServiceOptionsTest.java

@@ -285,7 +285,7 @@ protected TestServiceOptions build() {
       }
     }
 
-    protected TestServiceOptions(Builder builder) {
+    private TestServiceOptions(Builder builder) {
       super(
           TestServiceFactory.class,
           TestServiceRpcFactory.class,
@@ -337,25 +337,6 @@ public int hashCode() {
     }
   }
 
-  private static class NonSsjwtServiceOptions extends TestServiceOptions {
-    private static class Builder extends TestServiceOptions.Builder {
-      @Override
-      protected NonSsjwtServiceOptions build() {
-        return new NonSsjwtServiceOptions(this);
-      }
-    }
-
-    private NonSsjwtServiceOptions(Builder builder) {
-      super(builder);
-    }
-
-    @Override
-    protected boolean useSelfSignedJwt() {
-      return false;
-    }
-  }
-
-
   @Test
   public void testBuilder() {
     assertSame(credentials, OPTIONS.getCredentials());
@@ -646,6 +627,7 @@ void testIsValidUniverseDomain_userUniverseDomainConfig_nonGDUCredentials() thro
             .setUniverseDomain("random.com")
             .setCredentials(credentialsNotInGDU)
             .build();
+    assertThat(options.hasValidUniverseDomain()).isTrue();
   }
 
   @Test
@@ -657,14 +639,16 @@ void testGetScopedCredentials_enablesSelfSignedJwtForServiceAccount() {
             .build();
     com.google.auth.Credentials scoped = options.getScopedCredentials();
     assertThat(scoped).isInstanceOf(ServiceAccountCredentials.class);
+    assertThat(((ServiceAccountCredentials) scoped).getUseJwtAccessWithScope()).isTrue();
   }
 
   @Test
   void testGetScopedCredentials_optsOutSelfSignedJwt() {
     TestServiceOptions options =
-        new NonSsjwtServiceOptions.Builder()
+        new TestServiceOptions.Builder()
             .setProjectId("project-id")
             .setCredentials(credentials)
+            .setUseJwtAccessWithScope(false)
             .build();
     com.google.auth.Credentials scoped = options.getScopedCredentials();
     assertThat(scoped).isInstanceOf(ServiceAccountCredentials.class);