From 82eaa0d251809f26922a704434fb87120384bd78 Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Fri, 15 Sep 2023 11:01:14 -0500 Subject: [PATCH 1/2] feat(internal): add some feature flags for new auth libs We will use the internaloption to start to enable new auth lib for a small number of clients in the future. The envvar will be undocumented and used exclusively in our own testing environments. We will enable it on all of our repos as the first part of functional testing that all existing integration tests continue to work as normal when routing through the new auth layers. --- internal/settings.go | 14 ++++++++++++++ option/internaloption/internaloption.go | 13 +++++++++++++ 2 files changed, 27 insertions(+) diff --git a/internal/settings.go b/internal/settings.go index 3a3874df112..c552c95f49b 100644 --- a/internal/settings.go +++ b/internal/settings.go @@ -9,6 +9,8 @@ import ( "crypto/tls" "errors" "net/http" + "os" + "strings" "golang.org/x/oauth2" "golang.org/x/oauth2/google" @@ -16,6 +18,10 @@ import ( "google.golang.org/grpc" ) +const ( + newAuthLibEnVar = "GOOGLE_API_GO_EXPERIMENTAL_USE_NEW_AUTH_LIB" +) + // DialSettings holds information needed to establish a connection with a // Google API service. type DialSettings struct { @@ -47,6 +53,7 @@ type DialSettings struct { ImpersonationConfig *impersonate.Config EnableDirectPath bool EnableDirectPathXds bool + EnableNewAuthLibrary bool AllowNonDefaultServiceAccount bool // Google API system parameters. For more information please read: @@ -77,6 +84,13 @@ func (ds *DialSettings) HasCustomAudience() bool { return len(ds.Audiences) > 0 } +func (ds *DialSettings) IsNewAuthLibraryEnabled() bool { + if ds.EnableNewAuthLibrary || strings.ToLower(os.Getenv(newAuthLibEnVar)) == "true" { + return true + } + return false +} + // Validate reports an error if ds is invalid. func (ds *DialSettings) Validate() error { if ds.SkipValidation { diff --git a/option/internaloption/internaloption.go b/option/internaloption/internaloption.go index 3b8461d1da9..b2b249eec68 100644 --- a/option/internaloption/internaloption.go +++ b/option/internaloption/internaloption.go @@ -150,6 +150,19 @@ func (w *withCreds) Apply(o *internal.DialSettings) { o.InternalCredentials = (*google.Credentials)(w) } +// EnableNewAuthLibrary returns a ClientOption that specifies if libraries in this +// module to delegate auth to our new library. This option will be removed in +// the future once all clients have been moved to the new auth layer. +func EnableNewAuthLibrary() option.ClientOption { + return enableNewAuthLibrary(true) +} + +type enableNewAuthLibrary bool + +func (w enableNewAuthLibrary) Apply(o *internal.DialSettings) { + o.EnableNewAuthLibrary = bool(w) +} + // EmbeddableAdapter is a no-op option.ClientOption that allow libraries to // create their own client options by embedding this type into their own // client-specific option wrapper. See example for usage. From be34a4ea5329ece131e184d45d36a0aa8d2d9169 Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Fri, 15 Sep 2023 11:50:57 -0500 Subject: [PATCH 2/2] pr feedback --- internal/settings.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/internal/settings.go b/internal/settings.go index c552c95f49b..84f9302dcfa 100644 --- a/internal/settings.go +++ b/internal/settings.go @@ -10,7 +10,7 @@ import ( "errors" "net/http" "os" - "strings" + "strconv" "golang.org/x/oauth2" "golang.org/x/oauth2/google" @@ -85,9 +85,12 @@ func (ds *DialSettings) HasCustomAudience() bool { } func (ds *DialSettings) IsNewAuthLibraryEnabled() bool { - if ds.EnableNewAuthLibrary || strings.ToLower(os.Getenv(newAuthLibEnVar)) == "true" { + if ds.EnableNewAuthLibrary { return true } + if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnVar)); err == nil { + return b + } return false }