From bb0c148e66895ba994524b28f1f91fc09324c3ae Mon Sep 17 00:00:00 2001 From: qfel Date: Fri, 22 Mar 2019 15:41:23 -0700 Subject: [PATCH] Support google_default channel credentials The documentation mentions this option and yet it's ignored. Confusing. Signed-off-by: qfel --- source/common/grpc/google_grpc_creds_impl.cc | 3 +++ test/common/grpc/BUILD | 1 + test/common/grpc/google_grpc_creds_test.cc | 11 +++++++++++ test/common/grpc/service_key.json | 12 ++++++++++++ 4 files changed, 27 insertions(+) create mode 100644 test/common/grpc/service_key.json diff --git a/source/common/grpc/google_grpc_creds_impl.cc b/source/common/grpc/google_grpc_creds_impl.cc index 30f6ef3a04090..d73ad3cb59997 100644 --- a/source/common/grpc/google_grpc_creds_impl.cc +++ b/source/common/grpc/google_grpc_creds_impl.cc @@ -25,6 +25,9 @@ std::shared_ptr CredsUtility::getChannelCredentials( case envoy::api::v2::core::GrpcService::GoogleGrpc::ChannelCredentials::kLocalCredentials: { return grpc::experimental::LocalCredentials(UDS); } + case envoy::api::v2::core::GrpcService::GoogleGrpc::ChannelCredentials::kGoogleDefault: { + return grpc::GoogleDefaultCredentials(); + } default: return nullptr; } diff --git a/test/common/grpc/BUILD b/test/common/grpc/BUILD index 46657034b1787..549801ad5e7dd 100644 --- a/test/common/grpc/BUILD +++ b/test/common/grpc/BUILD @@ -78,6 +78,7 @@ envoy_cc_test( envoy_cc_test( name = "google_grpc_creds_test", srcs = envoy_select_google_grpc(["google_grpc_creds_test.cc"]), + data = [":service_key.json"], deps = [ ":utility_lib", "//test/mocks/stats:stats_mocks", diff --git a/test/common/grpc/google_grpc_creds_test.cc b/test/common/grpc/google_grpc_creds_test.cc index ca60d89971d45..819b758e1614c 100644 --- a/test/common/grpc/google_grpc_creds_test.cc +++ b/test/common/grpc/google_grpc_creds_test.cc @@ -1,7 +1,10 @@ +#include + #include "common/grpc/google_grpc_creds_impl.h" #include "test/common/grpc/utility.h" #include "test/mocks/stats/mocks.h" +#include "test/test_common/environment.h" #include "test/test_common/utility.h" #include "gtest/gtest.h" @@ -31,6 +34,14 @@ TEST_F(CredsUtilityTest, GetChannelCredentials) { EXPECT_NE(nullptr, CredsUtility::getChannelCredentials(config, *api_)); creds->mutable_local_credentials(); EXPECT_NE(nullptr, CredsUtility::getChannelCredentials(config, *api_)); + + const char var_name[] = "GOOGLE_APPLICATION_CREDENTIALS"; + EXPECT_EQ(nullptr, ::getenv(var_name)); + const auto creds_path = TestEnvironment::runfilesPath("test/common/grpc/service_key.json"); + ::setenv(var_name, creds_path.c_str(), 0); + creds->mutable_google_default(); + EXPECT_NE(nullptr, CredsUtility::getChannelCredentials(config, *api_)); + ::unsetenv(var_name); } TEST_F(CredsUtilityTest, DefaultSslChannelCredentials) { diff --git a/test/common/grpc/service_key.json b/test/common/grpc/service_key.json new file mode 100644 index 0000000000000..0e91dfe83bc7d --- /dev/null +++ b/test/common/grpc/service_key.json @@ -0,0 +1,12 @@ +{ + "type": "service_account", + "project_id": "teset-project", + "private_key_id": "xxx", + "private_key": "-----BEGIN PRIVATE KEY-----\nspUMkfFsoTfa\n-----END PRIVATE KEY-----\n", + "client_email": "test@test.iam.gserviceaccount.com", + "client_id": "42", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%test-dev.iam.gserviceaccount.com" +}