From 874c93f31ffd94b8b33f2bd7709e7e6bd1d1c64e Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Fri, 1 Oct 2021 10:21:47 -0700 Subject: [PATCH 1/7] [gce_call_creds_default] creds/google: NewDefaultWithOptions instead of NewGCEWithOptions --- credentials/google/google.go | 71 ++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 07d0d0dc29cc..27c85e16facb 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -35,63 +35,56 @@ const tokenRequestTimeout = 30 * time.Second var logger = grpclog.Component("credentials") -// NewDefaultCredentials returns a credentials bundle that is configured to work -// with google services. +// DefaultCredsOptions constructs options to build DefaultCreds. +type DefaultCredsOptions struct { + // PerRPCCreds is a per RPC credentials that is passed to a bundle. + PerRPCCreds credentials.PerRPCCredentials +} + +// NewDefaultCredentialsWithOptions returns a credentials bundle that is +// configured to work with google services. // // This API is experimental. -func NewDefaultCredentials() credentials.Bundle { +func NewDefaultCredentialsWithOptions(opts DefaultCredsOptions) credentials.Bundle { + perRPC := opts.PerRPCCreds + if perRPC == nil { + ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) + defer cancel() + var err error + perRPC, err = oauth.NewApplicationDefault(ctx) + if err != nil { + logger.Warningf("google default creds: failed to create application oauth: %v", err) + } + } c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { - ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) - defer cancel() - perRPCCreds, err := oauth.NewApplicationDefault(ctx) - if err != nil { - logger.Warningf("google default creds: failed to create application oauth: %v", err) - } - return perRPCCreds + return perRPC }, } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { - logger.Warningf("google default creds: failed to create new creds: %v", err) + logger.Warningf("compute engine creds with per rpc: failed to create new creds: %v", err) } return bundle } -// NewComputeEngineCredentials returns a credentials bundle that is configured to work -// with google services. This API must only be used when running on GCE. Authentication configured -// by this API represents the GCE VM's default service account. +// NewDefaultCredentials returns a credentials bundle that is configured to work +// with google services. // // This API is experimental. -func NewComputeEngineCredentials() credentials.Bundle { - return NewComputeEngineCredsWithOptions(ComputeEngineCredsOptions{}) -} - -// ComputeEngineCredsOptions constructs compite engine credentials with options. -type ComputeEngineCredsOptions struct { - // PerRPCCreds is a per RPC credentials that is passed to a bundle. - PerRPCCreds credentials.PerRPCCredentials +func NewDefaultCredentials() credentials.Bundle { + return NewDefaultCredentialsWithOptions(DefaultCredsOptions{}) } -// NewComputeEngineCredsWithOptions returns a credentials bundle that is configured to work -// with google services. This API must only be used when running on GCE. +// NewComputeEngineCredentials returns a credentials bundle that is configured to work +// with google services. This API must only be used when running on GCE. Authentication configured +// by this API represents the GCE VM's default service account. // // This API is experimental. -func NewComputeEngineCredsWithOptions(perRPCOpts ComputeEngineCredsOptions) credentials.Bundle { - perRPC := oauth.NewComputeEngine() - if perRPCOpts.PerRPCCreds != nil { - perRPC = perRPCOpts.PerRPCCreds - } - c := &creds{ - newPerRPCCreds: func() credentials.PerRPCCredentials { - return perRPC - }, - } - bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) - if err != nil { - logger.Warningf("compute engine creds with per rpc: failed to create new creds: %v", err) - } - return bundle +func NewComputeEngineCredentials() credentials.Bundle { + return NewDefaultCredentialsWithOptions(DefaultCredsOptions{ + PerRPCCreds: oauth.NewComputeEngine(), + }) } // creds implements credentials.Bundle. From 776f567dd853bf36ab84016e9ab61595fdf12823 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Fri, 1 Oct 2021 12:02:22 -0700 Subject: [PATCH 2/7] [gce_call_creds_default] Credentials --- credentials/google/google.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 27c85e16facb..46c9a52976f7 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -35,8 +35,8 @@ const tokenRequestTimeout = 30 * time.Second var logger = grpclog.Component("credentials") -// DefaultCredsOptions constructs options to build DefaultCreds. -type DefaultCredsOptions struct { +// DefaultCredentialsOptions constructs options to build DefaultCredentials. +type DefaultCredentialsOptions struct { // PerRPCCreds is a per RPC credentials that is passed to a bundle. PerRPCCreds credentials.PerRPCCredentials } @@ -45,7 +45,7 @@ type DefaultCredsOptions struct { // configured to work with google services. // // This API is experimental. -func NewDefaultCredentialsWithOptions(opts DefaultCredsOptions) credentials.Bundle { +func NewDefaultCredentialsWithOptions(opts DefaultCredentialsOptions) credentials.Bundle { perRPC := opts.PerRPCCreds if perRPC == nil { ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) @@ -73,7 +73,7 @@ func NewDefaultCredentialsWithOptions(opts DefaultCredsOptions) credentials.Bund // // This API is experimental. func NewDefaultCredentials() credentials.Bundle { - return NewDefaultCredentialsWithOptions(DefaultCredsOptions{}) + return NewDefaultCredentialsWithOptions(DefaultCredentialsOptions{}) } // NewComputeEngineCredentials returns a credentials bundle that is configured to work @@ -82,7 +82,7 @@ func NewDefaultCredentials() credentials.Bundle { // // This API is experimental. func NewComputeEngineCredentials() credentials.Bundle { - return NewDefaultCredentialsWithOptions(DefaultCredsOptions{ + return NewDefaultCredentialsWithOptions(DefaultCredentialsOptions{ PerRPCCreds: oauth.NewComputeEngine(), }) } From d2357088cb94f1126e028566c7498c222a6424ef Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Fri, 1 Oct 2021 13:56:25 -0700 Subject: [PATCH 3/7] [gce_call_creds_default] fix log --- credentials/google/google.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 46c9a52976f7..27b84770ccf4 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -63,7 +63,7 @@ func NewDefaultCredentialsWithOptions(opts DefaultCredentialsOptions) credential } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { - logger.Warningf("compute engine creds with per rpc: failed to create new creds: %v", err) + logger.Warningf("google default creds with per rpc: failed to create new creds: %v", err) } return bundle } From 57e797022238a40f7909c6cda44b88c2d7ebf290 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Fri, 1 Oct 2021 15:18:37 -0700 Subject: [PATCH 4/7] [gce_call_creds_default] c2 --- credentials/google/google.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 27b84770ccf4..9d3c8fff13de 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -37,7 +37,7 @@ var logger = grpclog.Component("credentials") // DefaultCredentialsOptions constructs options to build DefaultCredentials. type DefaultCredentialsOptions struct { - // PerRPCCreds is a per RPC credentials that is passed to a bundle. + // PerRPCCreds is a per RPC credentials that is passed to a bundle. PerRPCCreds credentials.PerRPCCredentials } @@ -53,7 +53,7 @@ func NewDefaultCredentialsWithOptions(opts DefaultCredentialsOptions) credential var err error perRPC, err = oauth.NewApplicationDefault(ctx) if err != nil { - logger.Warningf("google default creds: failed to create application oauth: %v", err) + logger.Warningf("NewDefaultCredentialsWithOptions: failed to create application oauth: %v", err) } } c := &creds{ @@ -63,7 +63,7 @@ func NewDefaultCredentialsWithOptions(opts DefaultCredentialsOptions) credential } bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { - logger.Warningf("google default creds with per rpc: failed to create new creds: %v", err) + logger.Warningf("NewDefaultCredentialsWithOptions: failed to create new creds: %v", err) } return bundle } From 3a5e4eac5c3cf7131e3a66140860d406a9860ee0 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Fri, 1 Oct 2021 15:54:19 -0700 Subject: [PATCH 5/7] [gce_call_creds_default] fix tests --- credentials/google/google_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index 647f8a16fed5..6a6e492ee77d 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -76,9 +76,9 @@ func overrideNewCredsFuncs() func() { func TestClientHandshakeBasedOnClusterName(t *testing.T) { defer overrideNewCredsFuncs()() for bundleTyp, tc := range map[string]credentials.Bundle{ - "defaultCreds": NewDefaultCredentials(), - "computeCreds": NewComputeEngineCredentials(), - "computeCredsPerRPC": NewComputeEngineCredsWithOptions(ComputeEngineCredsOptions{}), + "defaultCredsWithOptions": NewDefaultCredentialsWithOptions(DefaultCredentialsOptions{}), + "defaultCreds": NewDefaultCredentials(), + "computeCreds": NewComputeEngineCredentials(), } { tests := []struct { name string From 34e596e8f00b27564e19c685876ae957e4c49be4 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Tue, 5 Oct 2021 13:59:16 -0700 Subject: [PATCH 6/7] [gce_call_creds_default] make opts a field --- credentials/google/google.go | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 9d3c8fff13de..157f61ef0b4f 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -46,21 +46,16 @@ type DefaultCredentialsOptions struct { // // This API is experimental. func NewDefaultCredentialsWithOptions(opts DefaultCredentialsOptions) credentials.Bundle { - perRPC := opts.PerRPCCreds - if perRPC == nil { + if opts.PerRPCCreds == nil { ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) defer cancel() var err error - perRPC, err = oauth.NewApplicationDefault(ctx) + opts.PerRPCCreds, err = oauth.NewApplicationDefault(ctx) if err != nil { logger.Warningf("NewDefaultCredentialsWithOptions: failed to create application oauth: %v", err) } } - c := &creds{ - newPerRPCCreds: func() credentials.PerRPCCredentials { - return perRPC - }, - } + c := &creds{opts: opts} bundle, err := c.NewWithMode(internal.CredsBundleModeFallback) if err != nil { logger.Warningf("NewDefaultCredentialsWithOptions: failed to create new creds: %v", err) @@ -89,14 +84,14 @@ func NewComputeEngineCredentials() credentials.Bundle { // creds implements credentials.Bundle. type creds struct { + opts DefaultCredentialsOptions + // Supported modes are defined in internal/internal.go. mode string // The transport credentials associated with this bundle. transportCreds credentials.TransportCredentials // The per RPC credentials associated with this bundle. perRPCCreds credentials.PerRPCCredentials - // Creates new per RPC credentials - newPerRPCCreds func() credentials.PerRPCCredentials } func (c *creds) TransportCredentials() credentials.TransportCredentials { @@ -123,8 +118,8 @@ var ( // existing Bundle may cause races. func (c *creds) NewWithMode(mode string) (credentials.Bundle, error) { newCreds := &creds{ - mode: mode, - newPerRPCCreds: c.newPerRPCCreds, + opts: c.opts, + mode: mode, } // Create transport credentials. @@ -140,7 +135,7 @@ func (c *creds) NewWithMode(mode string) (credentials.Bundle, error) { } if mode == internal.CredsBundleModeFallback || mode == internal.CredsBundleModeBackendFromBalancer { - newCreds.perRPCCreds = newCreds.newPerRPCCreds() + newCreds.perRPCCreds = newCreds.opts.PerRPCCreds } return newCreds, nil From 58f0715c04ef50af2d48ca91ced752337c58462b Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Tue, 5 Oct 2021 14:12:27 -0700 Subject: [PATCH 7/7] [gce_call_creds_default] active --- credentials/google/google.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 157f61ef0b4f..63625a4b6803 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -88,9 +88,9 @@ type creds struct { // Supported modes are defined in internal/internal.go. mode string - // The transport credentials associated with this bundle. + // The active transport credentials associated with this bundle. transportCreds credentials.TransportCredentials - // The per RPC credentials associated with this bundle. + // The active per RPC credentials associated with this bundle. perRPCCreds credentials.PerRPCCredentials }