From 10790dc1a18dadb1ed56fb1a12053f113279e4d3 Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Tue, 14 Sep 2021 17:22:05 +0000 Subject: [PATCH 1/8] DirectPath: make ComputeEngineCredentials support non-default service account --- credentials/google/google.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 265d193c7c3..ef0a427cf83 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -59,13 +59,15 @@ func NewDefaultCredentials() credentials.Bundle { } // NewComputeEngineCredentials returns a credentials bundle that is configured to work -// with google services. This API must only be used when running on GCE. Authentication configured -// by this API represents the GCE VM's default service account. +// with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewComputeEngineCredentials() credentials.Bundle { +func NewComputeEngineCredentials(cc credentials.PerRPCCredentials) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { + if cc != nil { + return cc + } return oauth.NewComputeEngine() }, } From 2436373763249cccca33576bc19f9e608dd72c3a Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Tue, 14 Sep 2021 21:46:28 +0000 Subject: [PATCH 2/8] DirectPath: make ComputeEngineCredentials support non-default service account --- credentials/google/google.go | 23 +++++++++++++++++++++-- credentials/google/google_test.go | 1 + 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index ef0a427cf83..1b29f4c3bcb 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -59,10 +59,29 @@ func NewDefaultCredentials() credentials.Bundle { } // NewComputeEngineCredentials returns a credentials bundle that is configured to work +// with google services. This API must only be used when running on GCE. Authentication configured +// by this API represents the GCE VM's default service account. +// +// [Deprecated]: use NewDirectPathCredentials instead. +// This API is experimental. +func NewComputeEngineCredentials() credentials.Bundle { + c := &creds{ + newPerRPCCreds: func() credentials.PerRPCCredentials { + return oauth.NewComputeEngine() + }, + } + bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) + if err != nil { + logger.Warningf("compute engine creds: failed to create new creds: %v", err) + } + return bundle +} + +// NewDirectPathCredentials returns a credentials bundle that is configured to work // with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewComputeEngineCredentials(cc credentials.PerRPCCredentials) credentials.Bundle { +func NewDirectPathCredentials(cc credentials.PerRPCCredentials) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { if cc != nil { @@ -73,7 +92,7 @@ func NewComputeEngineCredentials(cc credentials.PerRPCCredentials) credentials.B } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { - logger.Warningf("compute engine creds: failed to create new creds: %v", err) + logger.Warningf("direct path creds: failed to create new creds: %v", err) } return bundle } diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index fee51f94501..6c7023e2ac9 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -78,6 +78,7 @@ func TestClientHandshakeBasedOnClusterName(t *testing.T) { for bundleTyp, tc := range map[string]credentials.Bundle{ "defaultCreds": NewDefaultCredentials(), "computeCreds": NewComputeEngineCredentials(), + "directpathCreds": NewDirectPathCredentials(nil), } { tests := []struct { name string From 627042534d902be2285bac354dc1dc3e232bb0b3 Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Tue, 14 Sep 2021 21:52:11 +0000 Subject: [PATCH 3/8] DirectPath: introduce a new API NewDirectPathCredentials --- credentials/google/google_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index 6c7023e2ac9..3fd6e7ceb3a 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -76,8 +76,8 @@ func overrideNewCredsFuncs() func() { func TestClientHandshakeBasedOnClusterName(t *testing.T) { defer overrideNewCredsFuncs()() for bundleTyp, tc := range map[string]credentials.Bundle{ - "defaultCreds": NewDefaultCredentials(), - "computeCreds": NewComputeEngineCredentials(), + "defaultCreds": NewDefaultCredentials(), + "computeCreds": NewComputeEngineCredentials(), "directpathCreds": NewDirectPathCredentials(nil), } { tests := []struct { From 72552c849594d6d5b29973b2bf01eb5af601acb8 Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Mon, 20 Sep 2021 21:59:38 +0000 Subject: [PATCH 4/8] DirectPath: introduce a new API NewComputeEngineCredsWithPerRPC --- credentials/google/google.go | 7 +++---- credentials/google/google_test.go | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 1b29f4c3bcb..8205696db87 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -62,7 +62,6 @@ func NewDefaultCredentials() credentials.Bundle { // with google services. This API must only be used when running on GCE. Authentication configured // by this API represents the GCE VM's default service account. // -// [Deprecated]: use NewDirectPathCredentials instead. // This API is experimental. func NewComputeEngineCredentials() credentials.Bundle { c := &creds{ @@ -77,11 +76,11 @@ func NewComputeEngineCredentials() credentials.Bundle { return bundle } -// NewDirectPathCredentials returns a credentials bundle that is configured to work +// NewComputeEngineCredsWithPerRPC returns a credentials bundle that is configured to work // with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewDirectPathCredentials(cc credentials.PerRPCCredentials) credentials.Bundle { +func NewComputeEngineCredsWithPerRPC(cc credentials.PerRPCCredentials) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { if cc != nil { @@ -92,7 +91,7 @@ func NewDirectPathCredentials(cc credentials.PerRPCCredentials) credentials.Bund } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { - logger.Warningf("direct path creds: failed to create new creds: %v", err) + logger.Warningf("compute engine creds with per rpc: failed to create new creds: %v", err) } return bundle } diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index 3fd6e7ceb3a..bd12c532f94 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -76,9 +76,9 @@ func overrideNewCredsFuncs() func() { func TestClientHandshakeBasedOnClusterName(t *testing.T) { defer overrideNewCredsFuncs()() for bundleTyp, tc := range map[string]credentials.Bundle{ - "defaultCreds": NewDefaultCredentials(), - "computeCreds": NewComputeEngineCredentials(), - "directpathCreds": NewDirectPathCredentials(nil), + "defaultCreds": NewDefaultCredentials(), + "computeCreds": NewComputeEngineCredentials(), + "computeCredsPerRPC": NewComputeEngineCredsWithPerRPC(nil), } { tests := []struct { name string From 514cda17a2bf29c8d61651d8575e6453c07be94c Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Tue, 21 Sep 2021 20:21:56 +0000 Subject: [PATCH 5/8] DirectPath: introduce a new API NewComputeEngineCredsWithPerRPC --- credentials/google/google.go | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 8205696db87..d002b583ac9 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -64,27 +64,18 @@ func NewDefaultCredentials() credentials.Bundle { // // This API is experimental. func NewComputeEngineCredentials() credentials.Bundle { - c := &creds{ - newPerRPCCreds: func() credentials.PerRPCCredentials { - return oauth.NewComputeEngine() - }, - } - bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) - if err != nil { - logger.Warningf("compute engine creds: failed to create new creds: %v", err) - } - return bundle + return NewComputeEngineCredsWithPerRPC(nil) } // NewComputeEngineCredsWithPerRPC returns a credentials bundle that is configured to work // with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewComputeEngineCredsWithPerRPC(cc credentials.PerRPCCredentials) credentials.Bundle { +func NewComputeEngineCredsWithPerRPC(perRPC credentials.PerRPCCredentials) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { - if cc != nil { - return cc + if perRPC != nil { + return perRPC } return oauth.NewComputeEngine() }, From 7e645f9e4d511b714bf90552da43449c98b6abab Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Wed, 29 Sep 2021 00:07:33 +0000 Subject: [PATCH 6/8] credentials/google: introduce a new API NewComputeEngineCredsWithOptions --- credentials/google/google.go | 18 ++++++++++++------ credentials/google/google_test.go | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index d002b583ac9..fe1a6f859fc 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -64,20 +64,26 @@ func NewDefaultCredentials() credentials.Bundle { // // This API is experimental. func NewComputeEngineCredentials() credentials.Bundle { - return NewComputeEngineCredsWithPerRPC(nil) + return NewComputeEngineCredsWithOptions(PerRPCCredsOpts{}) +} + +type PerRPCCredsOpts struct { + // The per RPC credentials passed to a bundle + PerRPC credentials.PerRPCCredentials } // NewComputeEngineCredsWithPerRPC returns a credentials bundle that is configured to work // with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewComputeEngineCredsWithPerRPC(perRPC credentials.PerRPCCredentials) credentials.Bundle { +func NewComputeEngineCredsWithOptions(perRPCOpts PerRPCCredsOpts) credentials.Bundle { + perRPC := oauth.NewComputeEngine() + if perRPCOpts.PerRPC != nil { + perRPC = perRPCOpts.PerRPC + } c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { - if perRPC != nil { - return perRPC - } - return oauth.NewComputeEngine() + return perRPC }, } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index bd12c532f94..e65a955202c 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -78,7 +78,7 @@ func TestClientHandshakeBasedOnClusterName(t *testing.T) { for bundleTyp, tc := range map[string]credentials.Bundle{ "defaultCreds": NewDefaultCredentials(), "computeCreds": NewComputeEngineCredentials(), - "computeCredsPerRPC": NewComputeEngineCredsWithPerRPC(nil), + "computeCredsPerRPC": NewComputeEngineCredsWithOptions(PerRPCCredsOpts{}), } { tests := []struct { name string From af130edd7b995a53e69a9bfc2b9c72b4c347bf7e Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Wed, 29 Sep 2021 00:25:56 +0000 Subject: [PATCH 7/8] credentials/google: introduce a new API NewComputeEngineCredsWithOptions --- credentials/google/google.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index fe1a6f859fc..562d4b250b8 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -69,17 +69,17 @@ func NewComputeEngineCredentials() credentials.Bundle { type PerRPCCredsOpts struct { // The per RPC credentials passed to a bundle - PerRPC credentials.PerRPCCredentials + PerRPCCreds credentials.PerRPCCredentials } -// NewComputeEngineCredsWithPerRPC returns a credentials bundle that is configured to work +// NewComputeEngineCredsWithOptions returns a credentials bundle that is configured to work // with google services. This API must only be used when running on GCE. // // This API is experimental. func NewComputeEngineCredsWithOptions(perRPCOpts PerRPCCredsOpts) credentials.Bundle { perRPC := oauth.NewComputeEngine() - if perRPCOpts.PerRPC != nil { - perRPC = perRPCOpts.PerRPC + if perRPCOpts.PerRPCCreds != nil { + perRPC = perRPCOpts.PerRPCCreds } c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { From 18f6f5ef4b10ebdd4c4ba79c6d2d707dd4b3120a Mon Sep 17 00:00:00 2001 From: mohanli-ml Date: Wed, 29 Sep 2021 17:32:34 +0000 Subject: [PATCH 8/8] credentials/google: introduce a new API NewComputeEngineCredsWithOptions --- credentials/google/google.go | 9 +++++---- credentials/google/google_test.go | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 562d4b250b8..07d0d0dc29c 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -64,11 +64,12 @@ func NewDefaultCredentials() credentials.Bundle { // // This API is experimental. func NewComputeEngineCredentials() credentials.Bundle { - return NewComputeEngineCredsWithOptions(PerRPCCredsOpts{}) + return NewComputeEngineCredsWithOptions(ComputeEngineCredsOptions{}) } -type PerRPCCredsOpts struct { - // The per RPC credentials passed to a bundle +// ComputeEngineCredsOptions constructs compite engine credentials with options. +type ComputeEngineCredsOptions struct { + // PerRPCCreds is a per RPC credentials that is passed to a bundle. PerRPCCreds credentials.PerRPCCredentials } @@ -76,7 +77,7 @@ type PerRPCCredsOpts struct { // with google services. This API must only be used when running on GCE. // // This API is experimental. -func NewComputeEngineCredsWithOptions(perRPCOpts PerRPCCredsOpts) credentials.Bundle { +func NewComputeEngineCredsWithOptions(perRPCOpts ComputeEngineCredsOptions) credentials.Bundle { perRPC := oauth.NewComputeEngine() if perRPCOpts.PerRPCCreds != nil { perRPC = perRPCOpts.PerRPCCreds diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index e65a955202c..647f8a16fed 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -78,7 +78,7 @@ func TestClientHandshakeBasedOnClusterName(t *testing.T) { for bundleTyp, tc := range map[string]credentials.Bundle{ "defaultCreds": NewDefaultCredentials(), "computeCreds": NewComputeEngineCredentials(), - "computeCredsPerRPC": NewComputeEngineCredsWithOptions(PerRPCCredsOpts{}), + "computeCredsPerRPC": NewComputeEngineCredsWithOptions(ComputeEngineCredsOptions{}), } { tests := []struct { name string