From 7d7b382077a5d61066e094469fc24c83c8767964 Mon Sep 17 00:00:00 2001 From: Cody Oss Date: Fri, 19 Apr 2024 13:44:59 -0500 Subject: [PATCH] fix: various auth transition fixes - Better support for oauth2.Credential conversion - set quota project when setting tokensource based cred - honor SkipValidation option - if DefaultEndpointTemplate is not set pass old DefaultEndpoint. As we just do a string replace code works without formatting derective present. - simiplfiy poolAdapter calls to delegate more --- go.mod | 10 ++--- go.sum | 20 +++++----- go.work.sum | 5 +++ transport/grpc/dial.go | 41 +++++++++++++++------ transport/grpc/pool.go | 4 +- transport/http/dial.go | 84 +++++++++++++++++++++++++----------------- 6 files changed, 101 insertions(+), 63 deletions(-) diff --git a/go.mod b/go.mod index 587b59f86f1..214e29dd935 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module google.golang.org/api go 1.19 require ( - cloud.google.com/go/auth v0.2.1 + cloud.google.com/go/auth v0.2.2 cloud.google.com/go/auth/oauth2adapt v0.2.1 cloud.google.com/go/compute/metadata v0.3.0 github.com/google/go-cmp v0.6.0 @@ -14,13 +14,13 @@ require ( go.opencensus.io v0.24.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 - golang.org/x/net v0.22.0 + golang.org/x/net v0.24.0 golang.org/x/oauth2 v0.19.0 golang.org/x/sync v0.6.0 golang.org/x/time v0.5.0 google.golang.org/genproto/googleapis/bytestream v0.0.0-20240325203815-454cdb8f5daa google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be - google.golang.org/grpc v1.63.0 + google.golang.org/grpc v1.63.2 google.golang.org/protobuf v1.33.0 ) @@ -33,7 +33,7 @@ require ( go.opentelemetry.io/otel v1.24.0 // indirect go.opentelemetry.io/otel/metric v1.24.0 // indirect go.opentelemetry.io/otel/trace v1.24.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect ) diff --git a/go.sum b/go.sum index 6543fc74236..28bca4d1a5c 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,6 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/auth v0.2.1 h1:RMl6PI2MH1Qc3CM7XNJJHGwbC4WHQppSAjL0Cvu/M/g= -cloud.google.com/go/auth v0.2.1/go.mod h1:khQRBNrvNoHiHhV1iu2x8fSnlNbCaVHilznW5MAI5GY= +cloud.google.com/go/auth v0.2.2 h1:gmxNJs4YZYcw6YvKRtVBaF2fyUE6UrWPyzU8jHvYfmI= +cloud.google.com/go/auth v0.2.2/go.mod h1:2bDNJWtWziDT3Pu1URxHHbkHE/BbOCuyUiKIGcNvafo= cloud.google.com/go/auth/oauth2adapt v0.2.1 h1:VSPmMmUlT8CkIZ2PzD9AlLN+R3+D1clXMWHHa6vG/Ag= cloud.google.com/go/auth/oauth2adapt v0.2.1/go.mod h1:tOdK/k+D2e4GEwfBRA48dKNQiDsqIXxLh7VU319eV0g= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= @@ -80,8 +80,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -92,8 +92,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= @@ -106,8 +106,8 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= @@ -136,8 +136,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8= -google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/go.work.sum b/go.work.sum index 7da640a9548..697aab3f080 100644 --- a/go.work.sum +++ b/go.work.sum @@ -136,6 +136,7 @@ go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6 go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= @@ -145,6 +146,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -157,9 +159,11 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -186,4 +190,5 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go. google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= diff --git a/transport/grpc/dial.go b/transport/grpc/dial.go index 8d4cf2c7114..5ec81f85018 100644 --- a/transport/grpc/dial.go +++ b/transport/grpc/dial.go @@ -174,21 +174,30 @@ func DialPool(ctx context.Context, opts ...option.ClientOption) (ConnPool, error // dialPoolNewAuth is an adapter to call new auth library. func dialPoolNewAuth(ctx context.Context, secure bool, poolSize int, ds *internal.DialSettings) (grpctransport.GRPCClientConnPool, error) { // honor options if set - var ts oauth2.TokenSource + var creds *auth.Credentials if ds.InternalCredentials != nil { - ts = ds.InternalCredentials.TokenSource + creds = oauth2adapt.AuthCredentialsFromOauth2Credentials(ds.InternalCredentials) } else if ds.Credentials != nil { - ts = ds.Credentials.TokenSource + creds = oauth2adapt.AuthCredentialsFromOauth2Credentials(ds.Credentials) + } else if ds.AuthCredentials != nil { + creds = ds.AuthCredentials } else if ds.TokenSource != nil { - ts = ds.TokenSource + credOpts := &auth.CredentialsOptions{ + TokenProvider: oauth2adapt.TokenProviderFromTokenSource(ds.TokenSource), + } + if ds.QuotaProject != "" { + credOpts.QuotaProjectIDProvider = auth.CredentialsPropertyFunc(func(ctx context.Context) (string, error) { + return ds.QuotaProject, nil + }) + } + creds = auth.NewCredentials(credOpts) } - var creds *auth.Credentials - if ds.AuthCredentials != nil { - creds = ds.AuthCredentials - } else if ts != nil { - creds = auth.NewCredentials(&auth.CredentialsOptions{ - TokenProvider: oauth2adapt.TokenProviderFromTokenSource(ts), - }) + + var skipValidation bool + // If our clients explicitly setup the credential skip validation as it is + // assumed correct + if ds.SkipValidation || ds.InternalCredentials != nil { + skipValidation = true } var aud string @@ -202,6 +211,13 @@ func dialPoolNewAuth(ctx context.Context, secure bool, poolSize int, ds *interna if ds.RequestReason != "" { metadata["X-goog-request-reason"] = ds.RequestReason } + + // Defaults for older clients that don't set this value yet + var defaultEndpointTemplate string + if ds.DefaultEndpointTemplate == "" { + defaultEndpointTemplate = ds.DefaultEndpoint + } + pool, err := grpctransport.Dial(ctx, secure, &grpctransport.Options{ DisableTelemetry: ds.TelemetryDisabled, DisableAuthentication: ds.NoAuth, @@ -223,9 +239,10 @@ func dialPoolNewAuth(ctx context.Context, secure bool, poolSize int, ds *interna EnableDirectPathXds: ds.EnableDirectPathXds, EnableJWTWithScope: ds.EnableJwtWithScope, DefaultAudience: ds.DefaultAudience, - DefaultEndpointTemplate: ds.DefaultEndpointTemplate, + DefaultEndpointTemplate: defaultEndpointTemplate, DefaultMTLSEndpoint: ds.DefaultMTLSEndpoint, DefaultScopes: ds.DefaultScopes, + SkipValidation: skipValidation, }, }) return pool, err diff --git a/transport/grpc/pool.go b/transport/grpc/pool.go index 4369fca13e4..c731293d849 100644 --- a/transport/grpc/pool.go +++ b/transport/grpc/pool.go @@ -109,9 +109,9 @@ func (p *poolAdapter) Close() error { } func (p *poolAdapter) Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...grpc.CallOption) error { - return p.Conn().Invoke(ctx, method, args, reply, opts...) + return p.pool.Invoke(ctx, method, args, reply, opts...) } func (p *poolAdapter) NewStream(ctx context.Context, desc *grpc.StreamDesc, method string, opts ...grpc.CallOption) (grpc.ClientStream, error) { - return p.Conn().NewStream(ctx, desc, method, opts...) + return p.pool.NewStream(ctx, desc, method, opts...) } diff --git a/transport/http/dial.go b/transport/http/dial.go index 2f708008c77..64c881025a1 100644 --- a/transport/http/dial.go +++ b/transport/http/dial.go @@ -62,57 +62,73 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client, } // newClientNewAuth is an adapter to call new auth library. -func newClientNewAuth(ctx context.Context, settings *internal.DialSettings) (*http.Client, error) { +func newClientNewAuth(ctx context.Context, ds *internal.DialSettings) (*http.Client, error) { // honor options if set - var ts oauth2.TokenSource - if settings.InternalCredentials != nil { - ts = settings.InternalCredentials.TokenSource - } else if settings.Credentials != nil { - ts = settings.Credentials.TokenSource - } else if settings.TokenSource != nil { - ts = settings.TokenSource - } var creds *auth.Credentials - if settings.AuthCredentials != nil { - creds = settings.AuthCredentials - } else if ts != nil { - creds = auth.NewCredentials(&auth.CredentialsOptions{ - TokenProvider: oauth2adapt.TokenProviderFromTokenSource(ts), - }) + if ds.InternalCredentials != nil { + creds = oauth2adapt.AuthCredentialsFromOauth2Credentials(ds.InternalCredentials) + } else if ds.Credentials != nil { + creds = oauth2adapt.AuthCredentialsFromOauth2Credentials(ds.Credentials) + } else if ds.AuthCredentials != nil { + creds = ds.AuthCredentials + } else if ds.TokenSource != nil { + credOpts := &auth.CredentialsOptions{ + TokenProvider: oauth2adapt.TokenProviderFromTokenSource(ds.TokenSource), + } + if ds.QuotaProject != "" { + credOpts.QuotaProjectIDProvider = auth.CredentialsPropertyFunc(func(ctx context.Context) (string, error) { + return ds.QuotaProject, nil + }) + } + creds = auth.NewCredentials(credOpts) + } + + var skipValidation bool + // If our clients explicitly setup the credential skip validation as it is + // assumed correct + if ds.SkipValidation || ds.InternalCredentials != nil { + skipValidation = true + } + + // Defaults for older clients that don't set this value yet + var defaultEndpointTemplate string + if ds.DefaultEndpointTemplate == "" { + defaultEndpointTemplate = ds.DefaultEndpoint } var aud string - if len(settings.Audiences) > 0 { - aud = settings.Audiences[0] + if len(ds.Audiences) > 0 { + aud = ds.Audiences[0] } headers := http.Header{} - if settings.QuotaProject != "" { - headers.Set("X-goog-user-project", settings.QuotaProject) + if ds.QuotaProject != "" { + headers.Set("X-goog-user-project", ds.QuotaProject) } - if settings.RequestReason != "" { - headers.Set("X-goog-request-reason", settings.RequestReason) + if ds.RequestReason != "" { + headers.Set("X-goog-request-reason", ds.RequestReason) } client, err := httptransport.NewClient(&httptransport.Options{ - DisableTelemetry: settings.TelemetryDisabled, - DisableAuthentication: settings.NoAuth, + DisableTelemetry: ds.TelemetryDisabled, + DisableAuthentication: ds.NoAuth, Headers: headers, - Endpoint: settings.Endpoint, - APIKey: settings.APIKey, + Endpoint: ds.Endpoint, + APIKey: ds.APIKey, Credentials: creds, - ClientCertProvider: settings.ClientCertSource, + ClientCertProvider: ds.ClientCertSource, DetectOpts: &credentials.DetectOptions{ - Scopes: settings.Scopes, + Scopes: ds.Scopes, Audience: aud, - CredentialsFile: settings.CredentialsFile, - CredentialsJSON: settings.CredentialsJSON, + CredentialsFile: ds.CredentialsFile, + CredentialsJSON: ds.CredentialsJSON, Client: oauth2.NewClient(ctx, nil), }, InternalOptions: &httptransport.InternalOptions{ - EnableJWTWithScope: settings.EnableJwtWithScope, - DefaultAudience: settings.DefaultAudience, - DefaultEndpointTemplate: settings.DefaultEndpointTemplate, - DefaultMTLSEndpoint: settings.DefaultMTLSEndpoint, - DefaultScopes: settings.DefaultScopes, + EnableJWTWithScope: ds.EnableJwtWithScope, + DefaultAudience: ds.DefaultAudience, + DefaultEndpointTemplate: defaultEndpointTemplate, + DefaultMTLSEndpoint: ds.DefaultMTLSEndpoint, + DefaultScopes: ds.DefaultScopes, + SkipValidation: skipValidation, }, }) if err != nil {