Allow overriding metadata url used during testing

2026-01-21 09:41:04 +01:00 · 2021-11-25 19:37:11 +01:00
parent 792cc04694
commit 169e5ff1c0
5 changed files with 43 additions and 29 deletions
--- a/src/application_default_credentials.rs
+++ b/src/application_default_credentials.rs
@@ -1,13 +1,25 @@
 use crate::error::Error;
 use crate::types::TokenInfo;

-pub struct ApplicationDefaultCredentialsFlowOpts;
+/// Provide options for the Application Default Credential Flow, mostly used for testing
+pub struct ApplicationDefaultCredentialsFlowOpts {
+    /// Used as base to build the url during token request from GCP metadata server
+    pub metadata_url: Option<String>,
+}
+impl Default for ApplicationDefaultCredentialsFlowOpts {
+    fn default() -> Self {
+        Self { metadata_url: None }
+    }
+}
+
+pub struct ApplicationDefaultCredentialsFlow {
+    metadata_url: String,
+}

-/// ServiceAccountFlow can fetch oauth tokens using a service account.
-pub struct ApplicationDefaultCredentialsFlow;
 impl ApplicationDefaultCredentialsFlow {
-    pub(crate) fn new(_opts: ApplicationDefaultCredentialsFlowOpts) -> Self {
-        ApplicationDefaultCredentialsFlow {}
+    pub(crate) fn new(opts: ApplicationDefaultCredentialsFlowOpts) -> Self {
+        let metadata_url = opts.metadata_url.unwrap_or_else(|| "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token".to_string());
+        ApplicationDefaultCredentialsFlow { metadata_url }
    }

    pub(crate) async fn token<C, T>(
@@ -20,7 +32,7 @@ impl ApplicationDefaultCredentialsFlow {
        C: hyper::client::connect::Connect + Clone + Send + Sync + 'static,
    {
        let scope = crate::helper::join(scopes, ",");
-        let token_uri = format!("http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token?scopes={}", scope);
+        let token_uri = format!("{}?scopes={}", self.metadata_url, scope); // TODO: This feels jank, can it be done better?
        let request = hyper::Request::get(token_uri)
            .header("Metadata-Flavor", "Google")
            .body(hyper::Body::from(String::new())) // why body is needed?
--- a/src/authenticator.rs
+++ b/src/authenticator.rs
@@ -274,14 +274,7 @@ impl ServiceAccountAuthenticator {
 /// ```
 pub struct ApplicationDefaultCredentialsAuthenticator;
 impl ApplicationDefaultCredentialsAuthenticator {
-    /// Use modified builder pattern to create an Authenticator that uses GCE instance metadata server
-    /// to provide tokens.
-    pub fn from_instance_metadata() -> ApplicationDefaultCredentialsFlowOpts {
-        ApplicationDefaultCredentialsFlowOpts {}
-    }
-
-    /// Use modified builder pattern to create an Authenticator that pulls default application credentials
-    /// service account file name from os environment variable.
+    /// Try to build ServiceAccountFlowOpts from the environment
    pub async fn from_environment() -> Result<ServiceAccountFlowOpts, std::env::VarError> {
        let service_account_key =
            crate::read_service_account_key(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)
@@ -296,12 +289,17 @@ impl ApplicationDefaultCredentialsAuthenticator {

    /// Use the builder pattern to deduce which model of authenticator should be used:
    /// Service account one or GCE instance metadata kind
-    pub async fn builder() -> ApplicationDefaultCredentialsTypes<DefaultHyperClient> {
-        Self::with_client(DefaultHyperClient).await
+    pub async fn builder(
+        opts: ApplicationDefaultCredentialsFlowOpts,
+    ) -> ApplicationDefaultCredentialsTypes<DefaultHyperClient> {
+        Self::with_client(DefaultHyperClient, opts).await
    }

    /// Use the builder pattern to deduce which model of authenticator should be used and allow providing a hyper client
-    pub async fn with_client<C>(client: C) -> ApplicationDefaultCredentialsTypes<C>
+    pub async fn with_client<C>(
+        client: C,
+        opts: ApplicationDefaultCredentialsFlowOpts,
+    ) -> ApplicationDefaultCredentialsTypes<C>
    where
        C: HyperClientBuilder,
    {
@@ -311,12 +309,9 @@ impl ApplicationDefaultCredentialsAuthenticator {

                ApplicationDefaultCredentialsTypes::ServiceAccount(builder)
            }
-            Err(_) => {
-                ApplicationDefaultCredentialsTypes::InstanceMetadata(AuthenticatorBuilder::new(
-                    ApplicationDefaultCredentialsAuthenticator::from_instance_metadata(),
-                    client,
-                ))
-            }
+            Err(_) => ApplicationDefaultCredentialsTypes::InstanceMetadata(
+                AuthenticatorBuilder::new(opts, client),
+            ),
        }
    }
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -97,6 +97,7 @@ pub use crate::authenticator::{
 pub use crate::helper::*;
 pub use crate::installed::InstalledFlowReturnMethod;

+pub use crate::application_default_credentials::ApplicationDefaultCredentialsFlowOpts;
 pub use crate::service_account::ServiceAccountKey;

 #[doc(inline)]