fix(storage): always cache legacy credentials

google/cloud/google_cloud_cpp_rest_internal.bzl

@@ -39,6 +39,7 @@ google_cloud_cpp_rest_internal_hdrs = [
     "internal/oauth2_compute_engine_credentials.h",
     "internal/oauth2_credential_constants.h",
     "internal/oauth2_credentials.h",
+    "internal/oauth2_decorate_credentials.h",
     "internal/oauth2_error_credentials.h",
     "internal/oauth2_external_account_credentials.h",
     "internal/oauth2_external_account_token_source.h",
@@ -79,6 +80,7 @@ google_cloud_cpp_rest_internal_srcs = [
     "internal/oauth2_cached_credentials.cc",
     "internal/oauth2_compute_engine_credentials.cc",
     "internal/oauth2_credentials.cc",
+    "internal/oauth2_decorate_credentials.cc",
     "internal/oauth2_error_credentials.cc",
     "internal/oauth2_external_account_credentials.cc",
     "internal/oauth2_google_application_default_credentials_file.cc",

google/cloud/google_cloud_cpp_rest_internal.cmake

@@ -62,6 +62,8 @@ add_library(
     internal/oauth2_credential_constants.h
     internal/oauth2_credentials.cc
     internal/oauth2_credentials.h
+    internal/oauth2_decorate_credentials.cc
+    internal/oauth2_decorate_credentials.h
     internal/oauth2_error_credentials.cc
     internal/oauth2_error_credentials.h
     internal/oauth2_external_account_credentials.cc

google/cloud/internal/credentials_impl.h

@@ -110,6 +110,7 @@ class ImpersonateServiceAccountConfig : public Credentials {
   std::chrono::seconds lifetime() const;
   std::vector<std::string> const& scopes() const;
   std::vector<std::string> const& delegates() const;
+  Options const& options() const { return options_; }
 
  private:
   void dispatch(CredentialsVisitor& v) override { v.visit(*this); }

google/cloud/internal/oauth2_decorate_credentials.cc

@@ -0,0 +1,32 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "google/cloud/internal/oauth2_decorate_credentials.h"
+#include "google/cloud/common_options.h"
+#include "google/cloud/internal/oauth2_cached_credentials.h"
+
+namespace google {
+namespace cloud {
+namespace oauth2_internal {
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN
+
+std::shared_ptr<oauth2_internal::Credentials> WithCaching(
+    std::shared_ptr<oauth2_internal::Credentials> impl) {
+  return std::make_shared<oauth2_internal::CachedCredentials>(std::move(impl));
+}
+
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END
+}  // namespace oauth2_internal
+}  // namespace cloud
+}  // namespace google

google/cloud/internal/oauth2_decorate_credentials.h

@@ -0,0 +1,37 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_INTERNAL_OAUTH2_DECORATE_CREDENTIALS_H
+#define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_INTERNAL_OAUTH2_DECORATE_CREDENTIALS_H
+
+#include "google/cloud/internal/oauth2_credentials.h"
+#include "google/cloud/version.h"
+#include <memory>
+#include <string>
+
+namespace google {
+namespace cloud {
+namespace oauth2_internal {
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN
+
+/// Add only a caching decorator to the credentials.
+std::shared_ptr<oauth2_internal::Credentials> WithCaching(
+    std::shared_ptr<oauth2_internal::Credentials> impl);
+
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END
+}  // namespace oauth2_internal
+}  // namespace cloud
+}  // namespace google
+
+#endif  // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_INTERNAL_OAUTH2_DECORATE_CREDENTIALS_H

google/cloud/internal/unified_rest_credentials.cc

@@ -16,7 +16,7 @@
 #include "google/cloud/internal/make_jwt_assertion.h"
 #include "google/cloud/internal/oauth2_access_token_credentials.h"
 #include "google/cloud/internal/oauth2_anonymous_credentials.h"
-#include "google/cloud/internal/oauth2_cached_credentials.h"
+#include "google/cloud/internal/oauth2_decorate_credentials.h"
 #include "google/cloud/internal/oauth2_error_credentials.h"
 #include "google/cloud/internal/oauth2_external_account_credentials.h"
 #include "google/cloud/internal/oauth2_google_credentials.h"
@@ -36,17 +36,13 @@ using ::google::cloud::internal::GoogleDefaultCredentialsConfig;
 using ::google::cloud::internal::ImpersonateServiceAccountConfig;
 using ::google::cloud::internal::InsecureCredentialsConfig;
 using ::google::cloud::internal::ServiceAccountConfig;
+using ::google::cloud::oauth2_internal::WithCaching;
 
 std::shared_ptr<oauth2_internal::Credentials> MakeErrorCredentials(
     Status status) {
   return std::make_shared<oauth2_internal::ErrorCredentials>(std::move(status));
 }
 
-std::shared_ptr<oauth2_internal::Credentials> WithCaching(
-    std::shared_ptr<oauth2_internal::Credentials> impl) {
-  return std::make_shared<oauth2_internal::CachedCredentials>(std::move(impl));
-}
-
 }  // namespace
 
 std::shared_ptr<oauth2_internal::Credentials>
@@ -93,9 +89,9 @@ std::shared_ptr<oauth2_internal::Credentials> MapCredentials(
     }
 
     void visit(ImpersonateServiceAccountConfig& cfg) override {
-      result = WithCaching(
-          std::make_shared<
-              oauth2_internal::ImpersonateServiceAccountCredentials>(cfg));
+      result = std::make_shared<
+          oauth2_internal::ImpersonateServiceAccountCredentials>(cfg);
+      result = WithCaching(std::move(result));
     }
 
     void visit(ServiceAccountConfig& cfg) override {

google/cloud/storage/internal/unified_rest_credentials.cc

@@ -19,8 +19,8 @@
 #include "google/cloud/storage/oauth2/google_credentials.h"
 #include "google/cloud/storage/oauth2/service_account_credentials.h"
 #include "google/cloud/internal/getenv.h"
-#include "google/cloud/internal/oauth2_cached_credentials.h"
 #include "google/cloud/internal/oauth2_credentials.h"
+#include "google/cloud/internal/oauth2_decorate_credentials.h"
 #include "google/cloud/internal/oauth2_external_account_credentials.h"
 #include "google/cloud/internal/oauth2_google_credentials.h"
 #include "google/cloud/internal/oauth2_service_account_credentials.h"
@@ -39,6 +39,7 @@ using ::google::cloud::internal::GoogleDefaultCredentialsConfig;
 using ::google::cloud::internal::ImpersonateServiceAccountConfig;
 using ::google::cloud::internal::InsecureCredentialsConfig;
 using ::google::cloud::internal::ServiceAccountConfig;
+using ::google::cloud::oauth2_internal::WithCaching;
 
 std::shared_ptr<oauth2::Credentials> MakeErrorCredentials(Status status) {
   return std::make_shared<ErrorCredentials>(std::move(status));
@@ -77,7 +78,8 @@ struct RestVisitor : public CredentialsVisitor {
   void visit(GoogleDefaultCredentialsConfig& cfg) override {
     auto credentials = oauth2_internal::GoogleDefaultCredentials(cfg.options());
     if (credentials) {
-      result = std::make_shared<WrapRestCredentials>(*std::move(credentials));
+      result = std::make_shared<WrapRestCredentials>(
+          WithCaching(std::move(*credentials)));
       return;
     }
     result = MakeErrorCredentials(std::move(credentials).status());
@@ -94,9 +96,10 @@ struct RestVisitor : public CredentialsVisitor {
       result = MakeErrorCredentials(std::move(info).status());
       return;
     }
-    result = std::make_shared<WrapRestCredentials>(
-        std::make_shared<oauth2_internal::ServiceAccountCredentials>(
-            internal::MapServiceAccountCredentialsInfo(*std::move(info))));
+    auto impl = std::make_shared<oauth2_internal::ServiceAccountCredentials>(
+        internal::MapServiceAccountCredentialsInfo(*std::move(info)));
+    result =
+        std::make_shared<WrapRestCredentials>(WithCaching(std::move(impl)));
   }
 
   void visit(ExternalAccountConfig& cfg) override {
@@ -111,10 +114,10 @@ struct RestVisitor : public CredentialsVisitor {
       return rest_internal::MakeDefaultRestClient(std::string{},
                                                   std::move(options));
     };
-    result = std::make_shared<WrapRestCredentials>(
-        std::make_shared<oauth2_internal::CachedCredentials>(
-            std::make_shared<oauth2_internal::ExternalAccountCredentials>(
-                *info, client_factory, cfg.options())));
+    auto impl = std::make_shared<oauth2_internal::ExternalAccountCredentials>(
+        *info, client_factory, cfg.options());
+    result =
+        std::make_shared<WrapRestCredentials>(WithCaching(std::move(impl)));
   }
 };