Skip to content

Commit

Permalink
feat: support both identity and token source for gke metadata server …
Browse files Browse the repository at this point in the history 
…mode (#286)
  • Loading branch information
@nicolas-vivot
nicolas-vivot authored Jul 26, 2024
1 parent 486200c commit 20d5baf
Show file tree
Hide file tree
Showing 12 changed files with 34 additions and 5 deletions.
1 change: 1 addition & 0 deletions artifact-registry/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ impl ClientConfig {
audience: None,
scopes: Some(&SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
2 changes: 2 additions & 0 deletions bigquery/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ impl ClientConfig {
audience: None,
scopes: Some(&crate::http::bigquery_client::SCOPES),
sub: None,
..Default::default()
}
}

Expand All @@ -140,6 +141,7 @@ impl ClientConfig {
audience: Some(crate::grpc::apiv1::conn_pool::AUDIENCE),
scopes: Some(&crate::grpc::apiv1::conn_pool::SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
1 change: 1 addition & 0 deletions bigquery/src/http/bigquery_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ pub(crate) mod test {
audience: None,
scopes: Some(&SCOPES),
sub: None,
..Default::default()
})
.await
.unwrap();
Expand Down
2 changes: 1 addition & 1 deletion foundation/auth/src/idtoken.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ pub async fn create_id_token_source(
}
}

async fn id_token_source_from_credentials(
pub(crate) async fn id_token_source_from_credentials(
custom_claims: &HashMap<String, serde_json::Value>,
credentials: &CredentialsFile,
audience: &str,
Expand Down
26 changes: 22 additions & 4 deletions foundation/auth/src/project.rs
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
use google_cloud_metadata::on_gce;

use crate::credentials::CredentialsFile;
use crate::idtoken::id_token_source_from_credentials;
use crate::misc::EMPTY;
use crate::token_source::authorized_user_token_source::UserAccountTokenSource;
use crate::token_source::compute_identity_source::ComputeIdentitySource;
use crate::token_source::compute_token_source::ComputeTokenSource;
use crate::token_source::reuse_token_source::ReuseTokenSource;
use crate::token_source::service_account_token_source::OAuth2ServiceAccountTokenSource;
Expand All @@ -20,6 +22,7 @@ pub struct Config<'a> {
pub audience: Option<&'a str>,
pub scopes: Option<&'a [&'a str]>,
pub sub: Option<&'a str>,
pub use_id_token: bool,
}

impl Config<'_> {
Expand Down Expand Up @@ -95,11 +98,26 @@ pub async fn create_token_source_from_project(
config: Config<'_>,
) -> Result<Box<dyn TokenSource>, error::Error> {
match project {
Project::FromFile(file) => create_token_source_from_credentials(file, &config).await,
Project::FromFile(file) => {
if config.use_id_token {
id_token_source_from_credentials(&Default::default(), file, config.audience.unwrap_or_default()).await
} else {
create_token_source_from_credentials(file, &config).await
}
}
Project::FromMetadataServer(_) => {
let ts = ComputeTokenSource::new(&config.scopes_to_string(","))?;
let token = ts.token().await?;
Ok(Box::new(ReuseTokenSource::new(Box::new(ts), token)))
if config.use_id_token {
let ts = ComputeIdentitySource::new(config.audience.unwrap_or_default())?;
let token = ts.token().await?;
Ok(Box::new(ReuseTokenSource::new(Box::new(ts), token)))
} else {
if config.scopes.is_none() {
return Err(error::Error::ScopeOrAudienceRequired);
}
let ts = ComputeTokenSource::new(config.scopes_to_string(",").as_str())?;
let token = ts.token().await?;
Ok(Box::new(ReuseTokenSource::new(Box::new(ts), token)))
}
}
}
}
Expand Down
1 change: 1 addition & 0 deletions kms/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ impl ClientConfig {
audience: None,
scopes: Some(&SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
1 change: 1 addition & 0 deletions pubsub/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ impl ClientConfig {
audience: Some(crate::apiv1::conn_pool::AUDIENCE),
scopes: Some(&crate::apiv1::conn_pool::SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
1 change: 1 addition & 0 deletions spanner/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ impl ClientConfig {
audience: Some(crate::apiv1::conn_pool::AUDIENCE),
scopes: Some(&crate::apiv1::conn_pool::SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
1 change: 1 addition & 0 deletions spanner/tests/change_stream_test.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ async fn create_environment() -> Environment {
audience: Some(google_cloud_spanner::apiv1::conn_pool::AUDIENCE),
scopes: Some(&google_cloud_spanner::apiv1::conn_pool::SCOPES),
sub: None,
..Default::default()
})
.await
.unwrap();
Expand Down
1 change: 1 addition & 0 deletions storage/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ impl ClientConfig {
audience: None,
scopes: Some(&crate::http::storage_client::SCOPES),
sub: None,
..Default::default()
}
}
}
Expand Down
1 change: 1 addition & 0 deletions storage/src/http/service_account_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ mod test {
audience: None,
scopes: Some(&["https://www.googleapis.com/auth/cloud-platform"]),
sub: None,
..Default::default()
})
.await
.unwrap();
Expand Down
1 change: 1 addition & 0 deletions storage/src/http/storage_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1451,6 +1451,7 @@ pub(crate) mod test {
audience: None,
scopes: Some(&SCOPES),
sub: None,
..Default::default()
})
.await
.unwrap();
Expand Down

0 comments on commit 20d5baf

Please sign in to comment.