feat: added simpler mechanism to generate delivery tokens

Committer: @danielfbright
PiperOrigin-RevId: 435100347

Author: danielfbright

README.md

@@ -113,7 +113,7 @@ minting tokens straightforward.
 
 To use, first associate a `Signer` with a service account and a type of token.
 
-For example:
+For example, when creating tokens for use with the On Demand Rides and Deliveries APIs:
 
 ```java
 AuthTokenMinter minter = AuthTokenMinter.builder()
@@ -123,6 +123,18 @@ AuthTokenMinter minter = AuthTokenMinter.builder()
   .build();
 ```
 
+When creating tokens for use with the Last Mile Fleet Services, use:
+
+```java
+AuthTokenMinter minter = AuthTokenMinter.deliveryBuilder()
+  .setDeliveryServerSigner(DefaultServiceAccountSigner.create())
+  .setDeliveryConsumerSigner(ImpersonatedAccountSignerCredentials.create("delivery-consumer@gcp-project.com")
+  .setUntrustedDeliveryDriverSigner(ImpersonatedAccountSignerCredentials.create("untrusted-delivery-driver-signer@gcp-project.iam.gserviceaccount.com")
+  .setTrustedDeliveryDriverSigner(ImpersonatedAccountSignerCredentials.create("trusted-delivery-driver-signer@gcp-project.iam.gserviceaccount.com")
+  .setDeliveryFleetReaderSigner(ImpersonatedAccountSignerCredentials.create("delivery-fleet-reader@gcp-project.iam.gserviceaccount.com")
+  .build();
+```
+
 The minter provides a getter method for each of the token types. Each getter
 returns an instance of `com.google.fleetengine.auth.token.FleetEngineToken`:
 

src/main/java/com/google/fleetengine/auth/AuthTokenMinter.java

@@ -101,16 +101,35 @@ public abstract class AuthTokenMinter implements FleetEngineTokenProvider {
   /** Authorization state manager responsible for caching signed JWTs. */
   public abstract FleetEngineAuthTokenStateManager tokenStateManager();
 
+  /** Specifies which server signer to use by default. */
+  abstract DefaultServerTokenType defaultServerTokenType();
+
   /**
-   * Provides a builder for FleetEngineToken.
+   * Provides a builder for FleetEngineToken. Signs with {@link #serverSigner()} when acting as
+   * {@link FleetEngineTokenProvider}.
    *
    * <p>{@link NaiveAuthStateManager} set as default state manager.
    */
   public static AuthTokenMinter.Builder builder() {
     FleetEngineTokenFactorySettings settings = FleetEngineTokenFactorySettings.builder().build();
     return new AutoValue_AuthTokenMinter.Builder()
         .setTokenStateManager(new NaiveAuthStateManager())
-        .setTokenFactory(new FleetEngineTokenFactory(settings));
+        .setTokenFactory(new FleetEngineTokenFactory(settings))
+        .setDefaultServerTokenType(DefaultServerTokenType.ODRD);
+  }
+
+  /**
+   * Provides a builder for FleetEngineToken.<br>
+   * Signs with {@link #deliveryServerSigner()} when acting as {@link FleetEngineTokenProvider}.
+   *
+   * <p>{@link NaiveAuthStateManager} set as default state manager.
+   */
+  public static AuthTokenMinter.Builder deliveryBuilder() {
+    FleetEngineTokenFactorySettings settings = FleetEngineTokenFactorySettings.builder().build();
+    return new AutoValue_AuthTokenMinter.Builder()
+        .setTokenStateManager(new NaiveAuthStateManager())
+        .setTokenFactory(new FleetEngineTokenFactory(settings))
+        .setDefaultServerTokenType(DefaultServerTokenType.LMFS);
   }
 
   /**
@@ -352,6 +371,9 @@ public FleetEngineToken getCustomToken(FleetEngineTokenClaims claims)
   /** Returns a non-expired server token with a base64 signed JWT. */
   @Override
   public FleetEngineToken getSignedToken() throws SigningTokenException {
+    if (defaultServerTokenType() == DefaultServerTokenType.LMFS) {
+      return getDeliveryServerToken();
+    }
     return getServerToken();
   }
 
@@ -397,15 +419,28 @@ public abstract static class Builder {
     public abstract Builder setTokenFactory(TokenFactory tokenFactory);
 
     /**
-     * Sets the authorization state manager responsible for caching signed JWTs
+     * Sets the authorization state manager responsible for caching signed JWTs.
      *
      * <p>By default, uses a naive manager that only caches server tokens.
      *
      * @param manager manager providing valid tokens
      */
     public abstract Builder setTokenStateManager(FleetEngineAuthTokenStateManager manager);
 
+    /**
+     * Specifies whether to provide default Odrd or Lmfs token by default.
+     *
+     * @param defaultServerTokenType specifies the type of token to produce by default
+     */
+    abstract Builder setDefaultServerTokenType(DefaultServerTokenType defaultServerTokenType);
+
     /** Builds {@link AuthTokenMinter}. */
     public abstract AuthTokenMinter build();
   }
+
+  /** Used internally to specify whether to provide ODRD or LMFS tokens by default. */
+  enum DefaultServerTokenType {
+    ODRD,
+    LMFS;
+  }
 }

src/test/java/com/google/fleetengine/auth/AuthTokenMinterTest.java

@@ -91,6 +91,37 @@ public void setup() {
             .build();
   }
 
+  @Test
+  public void getSignedToken_whenServerSignerSet_signsWithSetServerSigner()
+      throws SigningTokenException {
+    AuthTokenMinter baseFleetEngineAuth =
+        defaultFleetEngineAuthBuilder.setServerSigner(serverSigner).build();
+    when(tokenFactory.createServerToken()).thenReturn(fleetEngineToken);
+
+    baseFleetEngineAuth.getServerToken();
+
+    verify(authStateManager, times(1)).signToken(eq(serverSigner), eq(fleetEngineToken));
+  }
+
+  @Test
+  public void getSignedToken_whenDeliveryBuilder_signsWithSetDeliveryServerSigner()
+      throws SigningTokenException {
+    AuthTokenMinter.Builder defaultDeliveryFleetEngineAuthBuilder =
+        // Use delivery builder method
+        AuthTokenMinter.deliveryBuilder()
+            .setDeliveryServerSigner(deliveryServerSigner)
+            .setTokenStateManager(authStateManager)
+            .setTokenFactory(tokenFactory);
+
+    AuthTokenMinter baseFleetEngineAuth =
+        defaultDeliveryFleetEngineAuthBuilder.setDeliveryServerSigner(deliveryServerSigner).build();
+    when(tokenFactory.createDeliveryServerToken()).thenReturn(fleetEngineToken);
+
+    baseFleetEngineAuth.getSignedToken();
+
+    verify(authStateManager, times(1)).signToken(eq(deliveryServerSigner), eq(fleetEngineToken));
+  }
+
   @Test
   public void getServerToken_whenServerSignerSet_signsWithSetServerSigner()
       throws SigningTokenException {