Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: implement quota project from env var in google/auth #452

Merged
merged 9 commits into from
May 11, 2023
Merged

feat: implement quota project from env var in google/auth #452

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e60216e
feat: implement quota project from env var in google/auth
bshaffer Apr 25, 2023
fca76c1
run in separate process
bshaffer Apr 25, 2023
3fcb991
Merge branch 'main' into add-quota-project-env
bshaffer May 1, 2023
2b5523b
fix tests
bshaffer May 1, 2023
6e0d897
Update ApplicationDefaultCredentialsTest.php
bshaffer May 2, 2023
eaa8e40
Update tests/ApplicationDefaultCredentialsTest.php
bshaffer May 2, 2023
b24117d
misc docs
bshaffer May 2, 2023
4f03f7d
Merge branch 'main' into add-quota-project-env
bshaffer May 2, 2023
ca909cc
Merge branch 'main' into add-quota-project-env
bshaffer May 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/ApplicationDefaultCredentials.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,11 @@ public static function getCredentials(
$httpHandler = HttpHandlerFactory::build($client);
}

if (is_null($quotaProject)) {
// if a quota project isn't specified, try to get one from the env var
$quotaProject = CredentialsLoader::quotaProjectFromEnv();
bshaffer marked this conversation as resolved.
Show resolved Hide resolved
}

if (!is_null($jsonKey)) {
if ($quotaProject) {
$jsonKey['quota_project_id'] = $quotaProject;
Expand Down
13 changes: 13 additions & 0 deletions src/CredentialsLoader.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ abstract class CredentialsLoader implements
{
const TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token';
const ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS';
const QUOTA_PROJECT_ENV_VAR = 'GOOGLE_CLOUD_QUOTA_PROJECT';
const WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json';
const NON_WINDOWS_WELL_KNOWN_PATH_BASE = '.config';
const MTLS_WELL_KNOWN_PATH = '.secureConnect/context_aware_metadata.json';
Expand Down Expand Up @@ -227,6 +228,18 @@ public function updateMetadata(
return $metadata_copy;
}

/**
* Fetch a quota project from the environment variable
* GOOGLE_CLOUD_QUOTA_PROJECT. Return null if
* GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
*
* @return string|null
*/
public static function quotaProjectFromEnv()
{
return getenv(self::QUOTA_PROJECT_ENV_VAR) ?: null;
}

/**
* Gets a callable which returns the default device certification.
*
Expand Down
3 changes: 2 additions & 1 deletion src/OAuth2.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1348,7 +1348,8 @@ public function setIdToken($idToken)
}

/**
* Get the granted scopes (if they exist) for the last fetched token.
* Get the granted space-separated scopes (if they exist) for the last
* fetched token.
*
* @return string|null
*/
Expand Down
54 changes: 54 additions & 0 deletions tests/ApplicationDefaultCredentialsTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
use Google\Auth\ApplicationDefaultCredentials;
use Google\Auth\Credentials\GCECredentials;
use Google\Auth\Credentials\ServiceAccountCredentials;
use Google\Auth\CredentialsLoader;
use Google\Auth\GCECache;
use GuzzleHttp\Psr7;
use GuzzleHttp\Psr7\Response;
Expand Down Expand Up @@ -590,6 +591,59 @@ public function testGetCredentialsUtilizesQuotaProjectInKeyFile()
);
}

/** @runInSeparateProcess */
public function testGetCredentialsUtilizesQuotaProjectEnvVar()
{
$quotaProject = 'quota-project-from-env-var';
putenv(CredentialsLoader::QUOTA_PROJECT_ENV_VAR . '=' . $quotaProject);
putenv('HOME=' . __DIR__ . '/fixtures');

$credentials = ApplicationDefaultCredentials::getCredentials();

$this->assertEquals(
$quotaProject,
$credentials->getQuotaProject()
);
}

/** @runInSeparateProcess */
public function testGetCredentialsUtilizesQuotaProjectParameterOverEnvVar()
{
$quotaProject = 'quota-project-from-parameter';
putenv(CredentialsLoader::QUOTA_PROJECT_ENV_VAR . '=quota-project-from-env-var');
putenv('HOME=' . __DIR__ . '/fixtures');

$credentials = ApplicationDefaultCredentials::getCredentials(
null, // $scope
null, // $httpHandler
null, // $cacheConfig
null, // $cache
$quotaProject, // $quotaProject
null // $defaultScope
);

$this->assertEquals(
$quotaProject,
$credentials->getQuotaProject()
);
}

/** @runInSeparateProcess */
public function testGetCredentialsUtilizesQuotaProjectEnvVarOverKeyFile()
bshaffer marked this conversation as resolved.
Show resolved Hide resolved
{
$quotaProject = 'quota-project-from-env-var';
$keyFile = __DIR__ . '/fixtures' . '/private.json';
putenv(CredentialsLoader::QUOTA_PROJECT_ENV_VAR . '=' . $quotaProject);
putenv(CredentialsLoader::ENV_VAR . '=' . $keyFile);

$credentials = ApplicationDefaultCredentials::getCredentials();

$this->assertEquals(
$quotaProject,
$credentials->getQuotaProject()
);
}

public function testWithFetchAuthTokenCacheAndExplicitQuotaProject()
{
$keyFile = __DIR__ . '/fixtures' . '/private.json';
Expand Down