default to using FindDeafultCredentials for credentials, which allows…

… using with workload identity federation
GoogleCloudPlatform · Nov 4, 2022 · 6c054d2 · 6c054d2
1 parent 8c6aae1
commit 6c054d2
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 43 deletions.
diff --git a/exporter/collector/logs.go b/exporter/collector/logs.go
@@ -129,12 +129,7 @@ func NewGoogleCloudLogsExporter(
 	cfg Config,
 	log *zap.Logger,
 ) (*LogsExporter, error) {
-	err := setProjectFromADC(ctx, &cfg, loggingv2.DefaultAuthScopes())
-	if err != nil {
-		return nil, err
-	}
-
-	clientOpts, err := generateClientOptions(ctx, &cfg.LogConfig.ClientConfig, cfg.UserAgent, cfg.ImpersonateConfig)
+	clientOpts, err := generateClientOptions(ctx, &cfg.LogConfig.ClientConfig, &cfg, loggingv2.DefaultAuthScopes())
 	if err != nil {
 		return nil, err
 	}

diff --git a/exporter/collector/metrics.go b/exporter/collector/metrics.go
@@ -122,9 +122,8 @@ func NewGoogleCloudMetricsExporter(
 	view.Register(MetricViews()...)
 	view.Register(ocgrpc.DefaultClientViews...)
 	setVersionInUserAgent(&cfg, version)
-	setProjectFromADC(ctx, &cfg, monitoring.DefaultAuthScopes())
 
-	clientOpts, err := generateClientOptions(ctx, &cfg.MetricConfig.ClientConfig, cfg.UserAgent, cfg.ImpersonateConfig)
+	clientOpts, err := generateClientOptions(ctx, &cfg.MetricConfig.ClientConfig, &cfg, monitoring.DefaultAuthScopes())
 	if err != nil {
 		return nil, err
 	}

diff --git a/exporter/collector/traces.go b/exporter/collector/traces.go
@@ -23,7 +23,6 @@ import (
 	"strings"
 	"time"
 
-	monitoring "cloud.google.com/go/monitoring/apiv3/v2"
 	traceapi "cloud.google.com/go/trace/apiv2"
 	"go.opencensus.io/plugin/ocgrpc"
 	"go.opencensus.io/stats/view"
@@ -52,71 +51,78 @@ func setVersionInUserAgent(cfg *Config, version string) {
 	cfg.UserAgent = strings.ReplaceAll(cfg.UserAgent, "{{version}}", version)
 }
 
-func setProjectFromADC(ctx context.Context, cfg *Config, scopes []string) error {
-	if cfg.ProjectID == "" {
-		creds, err := google.FindDefaultCredentials(ctx, scopes...)
-		if err != nil {
-			return fmt.Errorf("error finding default application credentials: %v", err)
-		}
-		if creds.ProjectID == "" {
-			return errors.New("no project found with application default credentials")
-		}
-		cfg.ProjectID = creds.ProjectID
-	}
-	return nil
-}
-
-func generateClientOptions(ctx context.Context, cfg *ClientConfig, userAgent string, impersonateConfig ImpersonateConfig) ([]option.ClientOption, error) {
+func generateClientOptions(ctx context.Context, clientCfg *ClientConfig, cfg *Config, scopes []string) ([]option.ClientOption, error) {
 	var copts []option.ClientOption
 	// option.WithUserAgent is used by the Trace exporter, but not the Metric exporter (see comment below)
-	if userAgent != "" {
-		copts = append(copts, option.WithUserAgent(userAgent))
+	if cfg.UserAgent != "" {
+		copts = append(copts, option.WithUserAgent(cfg.UserAgent))
 	}
-	if cfg.Endpoint != "" {
-		if cfg.UseInsecure {
+	if clientCfg.Endpoint != "" {
+		if clientCfg.UseInsecure {
 			// option.WithGRPCConn option takes precedent over all other supplied options so the
 			// following user agent will be used by both exporters if we reach this branch
 			dialOpts := []grpc.DialOption{
 				grpc.WithStatsHandler(&ocgrpc.ClientHandler{}),
 				grpc.WithTransportCredentials(insecure.NewCredentials()),
 			}
-			if userAgent != "" {
-				dialOpts = append(dialOpts, grpc.WithUserAgent(userAgent))
+			if cfg.UserAgent != "" {
+				dialOpts = append(dialOpts, grpc.WithUserAgent(cfg.UserAgent))
 			}
-			conn, err := grpc.Dial(cfg.Endpoint, dialOpts...)
+			conn, err := grpc.Dial(clientCfg.Endpoint, dialOpts...)
 			if err != nil {
 				return nil, fmt.Errorf("cannot configure grpc conn: %w", err)
 			}
 			copts = append(copts, option.WithGRPCConn(conn))
 		} else {
-			copts = append(copts, option.WithEndpoint(cfg.Endpoint))
+			copts = append(copts, option.WithEndpoint(clientCfg.Endpoint))
 		}
 	}
-	if impersonateConfig.TargetPrincipal != "" {
+	if cfg.ImpersonateConfig.TargetPrincipal != "" {
+		if cfg.ProjectID == "" {
+			creds, err := google.FindDefaultCredentials(ctx, scopes...)
+			if err != nil {
+				return nil, fmt.Errorf("error finding default application credentials: %v", err)
+			}
+			if creds.ProjectID == "" {
+				return nil, errors.New("no project found with application default credentials")
+			}
+			cfg.ProjectID = creds.ProjectID
+		}
 		tokenSource, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
-			TargetPrincipal: impersonateConfig.TargetPrincipal,
-			Delegates:       impersonateConfig.Delegates,
-			Subject:         impersonateConfig.Subject,
-			Scopes:          monitoring.DefaultAuthScopes(),
+			TargetPrincipal: cfg.ImpersonateConfig.TargetPrincipal,
+			Delegates:       cfg.ImpersonateConfig.Delegates,
+			Subject:         cfg.ImpersonateConfig.Subject,
+			Scopes:          scopes,
 		})
 		if err != nil {
 			return nil, err
 		}
 		copts = append(copts, option.WithTokenSource(tokenSource))
+	} else if !clientCfg.UseInsecure {
+		creds, err := google.FindDefaultCredentials(ctx, scopes...)
+		if err != nil {
+			return nil, fmt.Errorf("error finding default application credentials: %v", err)
+		}
+		copts = append(copts, option.WithCredentials(creds))
+		if cfg.ProjectID == "" {
+			if creds.ProjectID == "" {
+				return nil, errors.New("no project found with application default credentials")
+			}
+			cfg.ProjectID = creds.ProjectID
+		}
 	}
-	if cfg.GRPCPoolSize > 0 {
-		copts = append(copts, option.WithGRPCConnectionPool(cfg.GRPCPoolSize))
+	if clientCfg.GRPCPoolSize > 0 {
+		copts = append(copts, option.WithGRPCConnectionPool(clientCfg.GRPCPoolSize))
 	}
-	if cfg.GetClientOptions != nil {
-		copts = append(copts, cfg.GetClientOptions()...)
+	if clientCfg.GetClientOptions != nil {
+		copts = append(copts, clientCfg.GetClientOptions()...)
 	}
 	return copts, nil
 }
 
 func NewGoogleCloudTracesExporter(ctx context.Context, cfg Config, version string, timeout time.Duration) (*TraceExporter, error) {
 	view.Register(ocgrpc.DefaultClientViews...)
 	setVersionInUserAgent(&cfg, version)
-	setProjectFromADC(ctx, &cfg, traceapi.DefaultAuthScopes())
 
 	topts := []cloudtrace.Option{
 		cloudtrace.WithProjectID(cfg.ProjectID),
@@ -126,7 +132,7 @@ func NewGoogleCloudTracesExporter(ctx context.Context, cfg Config, version strin
 		topts = append(topts, cloudtrace.WithAttributeMapping(mappingFuncFromAKM(cfg.TraceConfig.AttributeMappings)))
 	}
 
-	copts, err := generateClientOptions(ctx, &cfg.TraceConfig.ClientConfig, cfg.UserAgent, cfg.ImpersonateConfig)
+	copts, err := generateClientOptions(ctx, &cfg.TraceConfig.ClientConfig, &cfg, traceapi.DefaultAuthScopes())
 	if err != nil {
 		return nil, err
 	}