diff --git a/java-bigquery/google-cloud-bigquery-jdbc/pom.xml b/java-bigquery/google-cloud-bigquery-jdbc/pom.xml
index 9ebe4576026c..fea7c3c1c5be 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/pom.xml
+++ b/java-bigquery/google-cloud-bigquery-jdbc/pom.xml
@@ -307,6 +307,11 @@
mockito-core
test
+
+ org.mockito
+ mockito-inline
+ test
+
org.mockito
mockito-junit-jupiter
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java
index f49f503a6dec..ce39f2c7aba5 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java
@@ -230,26 +230,22 @@ static Map parseOAuthProperties(DataSource ds, String callerClas
break;
}
- if (authType == AuthType.GOOGLE_SERVICE_ACCOUNT
- || authType == AuthType.GOOGLE_USER_ACCOUNT
- || authType == AuthType.PRE_GENERATED_TOKEN) {
- oauthProperties.put(
- BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME,
- ds.getOAuthSAImpersonationEmail());
- oauthProperties.put(
- BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_CHAIN_PROPERTY_NAME,
- ds.getOAuthSAImpersonationChain());
- oauthProperties.put(
- BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME,
- ds.getOAuthSAImpersonationScopes() != null
- ? ds.getOAuthSAImpersonationScopes()
- : BIGQUERY_SCOPE);
- oauthProperties.put(
- BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME,
- ds.getOAuthSAImpersonationTokenLifetime() != null
- ? ds.getOAuthSAImpersonationTokenLifetime()
- : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE);
- }
+ oauthProperties.put(
+ BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME,
+ ds.getOAuthSAImpersonationEmail());
+ oauthProperties.put(
+ BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_CHAIN_PROPERTY_NAME,
+ ds.getOAuthSAImpersonationChain());
+ oauthProperties.put(
+ BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME,
+ ds.getOAuthSAImpersonationScopes() != null
+ ? ds.getOAuthSAImpersonationScopes()
+ : BIGQUERY_SCOPE);
+ oauthProperties.put(
+ BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME,
+ ds.getOAuthSAImpersonationTokenLifetime() != null
+ ? ds.getOAuthSAImpersonationTokenLifetime()
+ : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE);
return oauthProperties;
}
@@ -284,12 +280,9 @@ static GoogleCredentials getCredentials(
getPreGeneratedTokensCredentials(authProperties, overrideProperties, callerClassName);
break;
case APPLICATION_DEFAULT_CREDENTIALS:
- // This auth method doesn't support service account impersonation
-
credentials = getApplicationDefaultCredentials(callerClassName);
break;
case EXTERNAL_ACCOUNT_AUTH:
- // This auth method doesn't support service account impersonation
credentials = getExternalAccountAuthCredentials(authProperties, callerClassName);
break;
default:
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryCallableStatementTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryCallableStatementTest.java
index a1d7c053655c..c873e4cef970 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryCallableStatementTest.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryCallableStatementTest.java
@@ -914,7 +914,7 @@ public void testSetDateCalParamByName() throws SQLException {
Calendar expectedCal = mock(Calendar.class);
doReturn(1L).when(expectedDate).getTime();
- doReturn(1L).when(expectedCal).getTime();
+ doReturn(new java.util.Date(1L)).when(expectedCal).getTime();
doReturn(1L).when(expectedCal).getTimeInMillis();
statement.setDate(PARAM_KEY, expectedDate, expectedCal);
Date actual = statement.getDate(PARAM_KEY);
@@ -1033,7 +1033,7 @@ public void testSetTimeCalParamByName() throws SQLException {
Calendar expectedCal = mock(Calendar.class);
doReturn(1L).when(expectedTime).getTime();
- doReturn(1L).when(expectedCal).getTime();
+ doReturn(new java.util.Date(1L)).when(expectedCal).getTime();
doReturn(1L).when(expectedCal).getTimeInMillis();
statement.setTime(PARAM_KEY, expectedTime, expectedCal);
Time actual = statement.getTime(PARAM_KEY);
@@ -1062,7 +1062,7 @@ public void testSetTimestampCalParamByName() throws SQLException {
Calendar expectedCal = mock(Calendar.class);
doReturn(1L).when(expectedTimestamp).getTime();
- doReturn(1L).when(expectedCal).getTime();
+ doReturn(new java.util.Date(1L)).when(expectedCal).getTime();
doReturn(1L).when(expectedCal).getTimeInMillis();
statement.setTimestamp(PARAM_KEY, expectedTimestamp, expectedCal);
Timestamp actual = statement.getTimestamp(PARAM_KEY);
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java
index 9176bb83d7be..adb7526cf6a5 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java
@@ -377,6 +377,48 @@ public void testParseUserImpersonationNonDefault() {
result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME));
}
+ @Test
+ public void testParseUserImpersonationForADC() {
+ Map result =
+ BigQueryJdbcOAuthUtility.parseOAuthProperties(
+ DataSource.fromUrl(
+ "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;"
+ + "OAuthType=3;ProjectId=MyBigQueryProject;"
+ + "ServiceAccountImpersonationEmail=impersonated@email.com;"),
+ "");
+
+ assertEquals("APPLICATION_DEFAULT_CREDENTIALS", result.get("OAuthType"));
+ assertEquals(
+ "impersonated@email.com",
+ result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME));
+ }
+
+ @Test
+ public void testGetServiceAccountImpersonatedCredentialsForADC() throws Exception {
+ GoogleCredentials dummySourceCredentials = GoogleCredentials.newBuilder().build();
+
+ try (org.mockito.MockedStatic mockedCreds =
+ org.mockito.Mockito.mockStatic(GoogleCredentials.class)) {
+ mockedCreds.when(GoogleCredentials::getApplicationDefault).thenReturn(dummySourceCredentials);
+
+ Map authProperties =
+ BigQueryJdbcOAuthUtility.parseOAuthProperties(
+ DataSource.fromUrl(
+ "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;"
+ + "OAuthType=3;ProjectId=MyBigQueryProject;"
+ + "ServiceAccountImpersonationEmail=impersonated@email.com;"),
+ "");
+
+ GoogleCredentials credentials =
+ BigQueryJdbcOAuthUtility.getCredentials(
+ authProperties, java.util.Collections.EMPTY_MAP, false, null);
+
+ assertThat(credentials).isInstanceOf(ImpersonatedCredentials.class);
+ assertThat(((ImpersonatedCredentials) credentials).getSourceCredentials())
+ .isEqualTo(dummySourceCredentials);
+ }
+ }
+
@Test
public void testGetServiceAccountImpersonatedCredentials() {
Map authProperties =
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/it/ITAuthTests.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/it/ITAuthTests.java
index f57493a997de..0fcb30903b25 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/it/ITAuthTests.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/it/ITAuthTests.java
@@ -371,4 +371,15 @@ public void testServiceAccountAuthenticationWithChainedImpersonation()
.toString();
validateConnection(connection_uri);
}
+
+ @Test
+ public void testADCAuthenticationWithImpersonation() throws IOException, SQLException {
+ final JsonObject authJson = getAuthJson();
+
+ String connection_uri =
+ getBaseUri(3, authJson.get("project_id").getAsString())
+ .append("ServiceAccountImpersonationEmail", authJson.get("client_email").getAsString())
+ .toString();
+ validateConnection(connection_uri);
+ }
}