From 4f9aee71867c00cbe47fab42d24b3e8718da5386 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Tue, 9 Jun 2020 10:59:39 -0700 Subject: [PATCH 01/10] [xds_google_default_creds] xds: use google default creds So the client works not only on GCE (e.g. it also read env variable for creds). --- xds/internal/client/bootstrap/bootstrap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xds/internal/client/bootstrap/bootstrap.go b/xds/internal/client/bootstrap/bootstrap.go index a9db93b15461..1ee0f1d47c5e 100644 --- a/xds/internal/client/bootstrap/bootstrap.go +++ b/xds/internal/client/bootstrap/bootstrap.go @@ -139,7 +139,7 @@ func NewConfig() (*Config, error) { config.BalancerName = xs.ServerURI for _, cc := range xs.ChannelCreds { if cc.Type == googleDefaultCreds { - config.Creds = grpc.WithCredentialsBundle(google.NewComputeEngineCredentials()) + config.Creds = grpc.WithCredentialsBundle(google.NewDefaultCredentials()) // We stop at the first credential type that we support. break } From 95278634bd1c499e43299a810ef8f3e49b84941a Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Tue, 9 Jun 2020 16:27:39 -0700 Subject: [PATCH 02/10] [xds_google_default_creds] add scope? Is this right? --- credentials/google/google.go | 11 ++++++++++- xds/internal/client/bootstrap/bootstrap.go | 4 +++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 04b349abcfb6..1347ab804a64 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -38,11 +38,20 @@ const tokenRequestTimeout = 30 * time.Second // // This API is experimental. func NewDefaultCredentials() credentials.Bundle { + return NewDefaultCredentialsWithScope() +} + +// NewDefaultCredentialsWithScope returns a credentials bundle that is +// configured to work with google services. It also takes the scopes for the RPC +// creds. +// +// This API is experimental. +func NewDefaultCredentialsWithScope(scope ...string) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) defer cancel() - perRPCCreds, err := oauth.NewApplicationDefault(ctx) + perRPCCreds, err := oauth.NewApplicationDefault(ctx, scope...) if err != nil { grpclog.Warningf("google default creds: failed to create application oauth: %v", err) } diff --git a/xds/internal/client/bootstrap/bootstrap.go b/xds/internal/client/bootstrap/bootstrap.go index 1ee0f1d47c5e..25e72a5f6e65 100644 --- a/xds/internal/client/bootstrap/bootstrap.go +++ b/xds/internal/client/bootstrap/bootstrap.go @@ -40,6 +40,8 @@ const ( googleDefaultCreds = "google_default" gRPCUserAgentName = "gRPC Go" clientFeatureNoOverprovisioning = "envoy.lb.does_not_support_overprovisioning" + + gceOauth2Scope = "https://www.googleapis.com/auth/cloud-platform" ) var gRPCVersion = fmt.Sprintf("%s %s", gRPCUserAgentName, grpc.Version) @@ -139,7 +141,7 @@ func NewConfig() (*Config, error) { config.BalancerName = xs.ServerURI for _, cc := range xs.ChannelCreds { if cc.Type == googleDefaultCreds { - config.Creds = grpc.WithCredentialsBundle(google.NewDefaultCredentials()) + config.Creds = grpc.WithCredentialsBundle(google.NewDefaultCredentialsWithScope(gceOauth2Scope)) // We stop at the first credential type that we support. break } From f3ffd29888b7eff1d666d57cd9b51f90fb8c85f1 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 11:46:54 -0700 Subject: [PATCH 03/10] [xds_google_default_creds] split google_default tests out, and disable leakcheck --- .../client/bootstrap/bootstrap_test.go | 98 +++++++++++++++---- 1 file changed, 79 insertions(+), 19 deletions(-) diff --git a/xds/internal/client/bootstrap/bootstrap_test.go b/xds/internal/client/bootstrap/bootstrap_test.go index d3dedb0454d4..296f274436d5 100644 --- a/xds/internal/client/bootstrap/bootstrap_test.go +++ b/xds/internal/client/bootstrap/bootstrap_test.go @@ -162,6 +162,85 @@ func (s) TestNewConfig(t *testing.T) { ] }] }`, + } + + oldFileReadFunc := fileReadFunc + fileReadFunc = func(name string) ([]byte, error) { + if b, ok := bootstrapFileMap[name]; ok { + return []byte(b), nil + } + return nil, os.ErrNotExist + } + defer func() { + fileReadFunc = oldFileReadFunc + os.Unsetenv(fileEnv) + }() + + tests := []struct { + name string + wantConfig *Config + wantError bool + }{ + {"nonExistentBootstrapFile", nil, true}, + {"empty", nil, true}, + {"badJSON", nil, true}, + {"emptyNodeProto", &Config{ + BalancerName: "trafficdirector.googleapis.com:443", + NodeProto: &corepb.Node{ + BuildVersion: gRPCVersion, + UserAgentName: gRPCUserAgentName, + UserAgentVersionType: &corepb.Node_UserAgentVersion{UserAgentVersion: grpc.Version}, + ClientFeatures: []string{clientFeatureNoOverprovisioning}, + }, + }, false}, + {"noBalancerName", nil, true}, + {"emptyXdsServer", nil, true}, + {"unknownTopLevelFieldInFile", nilCredsConfig, false}, + {"unknownFieldInNodeProto", nilCredsConfig, false}, + {"unknownFieldInXdsServer", nilCredsConfig, false}, + {"emptyChannelCreds", nilCredsConfig, false}, + {"nonGoogleDefaultCreds", nilCredsConfig, false}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + if err := os.Setenv(fileEnv, test.name); err != nil { + t.Fatalf("os.Setenv(%s, %s) failed with error: %v", fileEnv, test.name, err) + } + config, err := NewConfig() + if err != nil { + if !test.wantError { + t.Fatalf("unexpected error %v", err) + } + return + } + if test.wantError { + t.Fatalf("wantError: %v, got error %v", test.wantError, err) + } + if config.BalancerName != test.wantConfig.BalancerName { + t.Errorf("config.BalancerName is %s, want %s", config.BalancerName, test.wantConfig.BalancerName) + } + if !proto.Equal(config.NodeProto, test.wantConfig.NodeProto) { + t.Errorf("config.NodeProto is %#v, want %#v", config.NodeProto, test.wantConfig.NodeProto) + } + if (config.Creds != nil) != (test.wantConfig.Creds != nil) { + t.Errorf("config.Creds is %#v, want %#v", config.Creds, test.wantConfig.Creds) + } + }) + } +} + +// TestNewConfigWithGoogleDefault is the same as TestNewConfig, but the configs +// sets creds to google_default. +// +// It's a separate test because google_default creds uses compute/metadata +// package, which causes a leaked goroutine. This test doesn't have goroutine +// leak check. +// +// TODO: once the leak is fixed, this can be merged back to TestNewConfig. +// https://github.com/googleapis/google-cloud-go/issues/2417 +func TestNewConfigWithGoogleDefault(t *testing.T) { + bootstrapFileMap := map[string]string{ "multipleChannelCreds": ` { "node": { @@ -231,25 +310,6 @@ func (s) TestNewConfig(t *testing.T) { wantConfig *Config wantError bool }{ - {"nonExistentBootstrapFile", nil, true}, - {"empty", nil, true}, - {"badJSON", nil, true}, - {"emptyNodeProto", &Config{ - BalancerName: "trafficdirector.googleapis.com:443", - NodeProto: &corepb.Node{ - BuildVersion: gRPCVersion, - UserAgentName: gRPCUserAgentName, - UserAgentVersionType: &corepb.Node_UserAgentVersion{UserAgentVersion: grpc.Version}, - ClientFeatures: []string{clientFeatureNoOverprovisioning}, - }, - }, false}, - {"noBalancerName", nil, true}, - {"emptyXdsServer", nil, true}, - {"unknownTopLevelFieldInFile", nilCredsConfig, false}, - {"unknownFieldInNodeProto", nilCredsConfig, false}, - {"unknownFieldInXdsServer", nilCredsConfig, false}, - {"emptyChannelCreds", nilCredsConfig, false}, - {"nonGoogleDefaultCreds", nilCredsConfig, false}, {"multipleChannelCreds", nonNilCredsConfig, false}, {"goodBootstrap", nonNilCredsConfig, false}, {"multipleXDSServers", nonNilCredsConfig, false}, From 7013884dce9c35885e388e5677ce3ac411527264 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 12:24:37 -0700 Subject: [PATCH 04/10] Revert "[xds_google_default_creds] split google_default tests out, and disable leakcheck" This reverts commit f3ffd29888b7eff1d666d57cd9b51f90fb8c85f1. --- .../client/bootstrap/bootstrap_test.go | 98 ++++--------------- 1 file changed, 19 insertions(+), 79 deletions(-) diff --git a/xds/internal/client/bootstrap/bootstrap_test.go b/xds/internal/client/bootstrap/bootstrap_test.go index 296f274436d5..d3dedb0454d4 100644 --- a/xds/internal/client/bootstrap/bootstrap_test.go +++ b/xds/internal/client/bootstrap/bootstrap_test.go @@ -162,85 +162,6 @@ func (s) TestNewConfig(t *testing.T) { ] }] }`, - } - - oldFileReadFunc := fileReadFunc - fileReadFunc = func(name string) ([]byte, error) { - if b, ok := bootstrapFileMap[name]; ok { - return []byte(b), nil - } - return nil, os.ErrNotExist - } - defer func() { - fileReadFunc = oldFileReadFunc - os.Unsetenv(fileEnv) - }() - - tests := []struct { - name string - wantConfig *Config - wantError bool - }{ - {"nonExistentBootstrapFile", nil, true}, - {"empty", nil, true}, - {"badJSON", nil, true}, - {"emptyNodeProto", &Config{ - BalancerName: "trafficdirector.googleapis.com:443", - NodeProto: &corepb.Node{ - BuildVersion: gRPCVersion, - UserAgentName: gRPCUserAgentName, - UserAgentVersionType: &corepb.Node_UserAgentVersion{UserAgentVersion: grpc.Version}, - ClientFeatures: []string{clientFeatureNoOverprovisioning}, - }, - }, false}, - {"noBalancerName", nil, true}, - {"emptyXdsServer", nil, true}, - {"unknownTopLevelFieldInFile", nilCredsConfig, false}, - {"unknownFieldInNodeProto", nilCredsConfig, false}, - {"unknownFieldInXdsServer", nilCredsConfig, false}, - {"emptyChannelCreds", nilCredsConfig, false}, - {"nonGoogleDefaultCreds", nilCredsConfig, false}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - if err := os.Setenv(fileEnv, test.name); err != nil { - t.Fatalf("os.Setenv(%s, %s) failed with error: %v", fileEnv, test.name, err) - } - config, err := NewConfig() - if err != nil { - if !test.wantError { - t.Fatalf("unexpected error %v", err) - } - return - } - if test.wantError { - t.Fatalf("wantError: %v, got error %v", test.wantError, err) - } - if config.BalancerName != test.wantConfig.BalancerName { - t.Errorf("config.BalancerName is %s, want %s", config.BalancerName, test.wantConfig.BalancerName) - } - if !proto.Equal(config.NodeProto, test.wantConfig.NodeProto) { - t.Errorf("config.NodeProto is %#v, want %#v", config.NodeProto, test.wantConfig.NodeProto) - } - if (config.Creds != nil) != (test.wantConfig.Creds != nil) { - t.Errorf("config.Creds is %#v, want %#v", config.Creds, test.wantConfig.Creds) - } - }) - } -} - -// TestNewConfigWithGoogleDefault is the same as TestNewConfig, but the configs -// sets creds to google_default. -// -// It's a separate test because google_default creds uses compute/metadata -// package, which causes a leaked goroutine. This test doesn't have goroutine -// leak check. -// -// TODO: once the leak is fixed, this can be merged back to TestNewConfig. -// https://github.com/googleapis/google-cloud-go/issues/2417 -func TestNewConfigWithGoogleDefault(t *testing.T) { - bootstrapFileMap := map[string]string{ "multipleChannelCreds": ` { "node": { @@ -310,6 +231,25 @@ func TestNewConfigWithGoogleDefault(t *testing.T) { wantConfig *Config wantError bool }{ + {"nonExistentBootstrapFile", nil, true}, + {"empty", nil, true}, + {"badJSON", nil, true}, + {"emptyNodeProto", &Config{ + BalancerName: "trafficdirector.googleapis.com:443", + NodeProto: &corepb.Node{ + BuildVersion: gRPCVersion, + UserAgentName: gRPCUserAgentName, + UserAgentVersionType: &corepb.Node_UserAgentVersion{UserAgentVersion: grpc.Version}, + ClientFeatures: []string{clientFeatureNoOverprovisioning}, + }, + }, false}, + {"noBalancerName", nil, true}, + {"emptyXdsServer", nil, true}, + {"unknownTopLevelFieldInFile", nilCredsConfig, false}, + {"unknownFieldInNodeProto", nilCredsConfig, false}, + {"unknownFieldInXdsServer", nilCredsConfig, false}, + {"emptyChannelCreds", nilCredsConfig, false}, + {"nonGoogleDefaultCreds", nilCredsConfig, false}, {"multipleChannelCreds", nonNilCredsConfig, false}, {"goodBootstrap", nonNilCredsConfig, false}, {"multipleXDSServers", nonNilCredsConfig, false}, From 98d784f6e354572707e1f061fecf3180919ddc3a Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 12:25:38 -0700 Subject: [PATCH 05/10] [xds_google_default_creds] disable leakcheck for bootstrap package. Only disabling part of it doesnt work, because another test still see the leak --- .../client/bootstrap/bootstrap_test.go | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xds/internal/client/bootstrap/bootstrap_test.go b/xds/internal/client/bootstrap/bootstrap_test.go index d3dedb0454d4..83f6712d16e8 100644 --- a/xds/internal/client/bootstrap/bootstrap_test.go +++ b/xds/internal/client/bootstrap/bootstrap_test.go @@ -22,13 +22,11 @@ import ( "os" "testing" + corepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" "github.com/golang/protobuf/proto" + structpb "github.com/golang/protobuf/ptypes/struct" "google.golang.org/grpc" "google.golang.org/grpc/credentials/google" - "google.golang.org/grpc/internal/grpctest" - - corepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - structpb "github.com/golang/protobuf/ptypes/struct" ) var ( @@ -58,19 +56,11 @@ var ( } ) -type s struct { - grpctest.Tester -} - -func Test(t *testing.T) { - grpctest.RunSubTests(t, s{}) -} - // TestNewConfig exercises the functionality in NewConfig with different // bootstrap file contents. It overrides the fileReadFunc by returning // bootstrap file contents defined in this test, instead of reading from a // file. -func (s) TestNewConfig(t *testing.T) { +func TestNewConfig(t *testing.T) { bootstrapFileMap := map[string]string{ "empty": "", "badJSON": `["test": 123]`, @@ -283,7 +273,7 @@ func (s) TestNewConfig(t *testing.T) { } } -func (s) TestNewConfigEnvNotSet(t *testing.T) { +func TestNewConfigEnvNotSet(t *testing.T) { os.Unsetenv(fileEnv) config, err := NewConfig() if err == nil { From a2271f7c004b5d118392e6b990c6059bd9321b4f Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 12:41:39 -0700 Subject: [PATCH 06/10] [xds_google_default_creds] try harder Check scope and do different things. --- credentials/google/google.go | 11 +---- credentials/oauth/oauth.go | 53 ++++++++++++++++++++-- xds/internal/client/bootstrap/bootstrap.go | 2 +- 3 files changed, 52 insertions(+), 14 deletions(-) diff --git a/credentials/google/google.go b/credentials/google/google.go index 1347ab804a64..04b349abcfb6 100644 --- a/credentials/google/google.go +++ b/credentials/google/google.go @@ -38,20 +38,11 @@ const tokenRequestTimeout = 30 * time.Second // // This API is experimental. func NewDefaultCredentials() credentials.Bundle { - return NewDefaultCredentialsWithScope() -} - -// NewDefaultCredentialsWithScope returns a credentials bundle that is -// configured to work with google services. It also takes the scopes for the RPC -// creds. -// -// This API is experimental. -func NewDefaultCredentialsWithScope(scope ...string) credentials.Bundle { c := &creds{ newPerRPCCreds: func() credentials.PerRPCCredentials { ctx, cancel := context.WithTimeout(context.Background(), tokenRequestTimeout) defer cancel() - perRPCCreds, err := oauth.NewApplicationDefault(ctx, scope...) + perRPCCreds, err := oauth.NewApplicationDefault(ctx) if err != nil { grpclog.Warningf("google default creds: failed to create application oauth: %v", err) } diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go index 899e3372ce3c..8d88e677bf46 100644 --- a/credentials/oauth/oauth.go +++ b/credentials/oauth/oauth.go @@ -74,6 +74,8 @@ func NewJWTAccessFromKey(jsonKey []byte) (credentials.PerRPCCredentials, error) } func (j jwtAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + // TODO: the returned TokenSource is reusable. Store it in a sync.Map, with + // uri as the key, to avoid recreating for every RPC. ts, err := google.JWTAccessTokenSourceFromJSON(j.jsonKey, uri[0]) if err != nil { return nil, err @@ -174,12 +176,57 @@ func NewServiceAccountFromFile(keyFile string, scope ...string) (credentials.Per return NewServiceAccountFromKey(jsonKey, scope...) } -// NewApplicationDefault returns "Application Default Credentials". For more +// // NewApplicationDefault returns "Application Default Credentials". For more +// // detail, see https://developers.google.com/accounts/docs/application-default-credentials. +// func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { +// t, err := google.DefaultTokenSource(ctx, scope...) +// if err != nil { +// return nil, err +// } +// return TokenSource{t}, nil +// } +// + +// NewApplicationDefaultWithScope returns "Application Default Credentials". For more // detail, see https://developers.google.com/accounts/docs/application-default-credentials. func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { - t, err := google.DefaultTokenSource(ctx, scope...) + creds, err := google.FindDefaultCredentials(ctx, scope...) if err != nil { return nil, err } - return TokenSource{t}, nil + + // If JSON is nil, the authentication is provided by the environment and not + // with a credentials file, e.g. when code is running on Google Cloud + // Platform. Use the returned token source. + if creds.JSON == nil { + return TokenSource{creds.TokenSource}, nil + } + + // If auth is provided by env variable or creds file, the behavior will be + // different based on whether scope is set. Because the returned + // creds.TokenSource does oauth with jwt by default, and it requires scope. + // We can only use it if scope is not empty, otherwise it will fail with + // missing scope error. + // + // If scope is set, use it, it should just work. + // + // If scope is not set, we try to use jwt directly without oauth (this only + // works if it's a service account). + + if len(scope) != 0 { + return TokenSource{creds.TokenSource}, nil + } + + // Try to convert JSON to a jwt config without setting the optional scope + // parameter to check if it's a service account (the function errors if it's + // not). This is necessary because the returned config doesn't show the type + // of the account. + if _, err := google.JWTConfigFromJSON(creds.JSON); err != nil { + // If this fails, it's not a service account, return the original + // TokenSource from above. + return TokenSource{creds.TokenSource}, nil + } + + // If it's a service account, create a JWT only access with the key. + return NewJWTAccessFromKey(creds.JSON) } diff --git a/xds/internal/client/bootstrap/bootstrap.go b/xds/internal/client/bootstrap/bootstrap.go index 25e72a5f6e65..df1aedd86be3 100644 --- a/xds/internal/client/bootstrap/bootstrap.go +++ b/xds/internal/client/bootstrap/bootstrap.go @@ -141,7 +141,7 @@ func NewConfig() (*Config, error) { config.BalancerName = xs.ServerURI for _, cc := range xs.ChannelCreds { if cc.Type == googleDefaultCreds { - config.Creds = grpc.WithCredentialsBundle(google.NewDefaultCredentialsWithScope(gceOauth2Scope)) + config.Creds = grpc.WithCredentialsBundle(google.NewDefaultCredentials()) // We stop at the first credential type that we support. break } From 82a978b1b4f09da1833fa01137df7ea678afde4e Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 13:51:14 -0700 Subject: [PATCH 07/10] [xds_google_default_creds] comment --- credentials/oauth/oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go index 8d88e677bf46..f07fc99dff30 100644 --- a/credentials/oauth/oauth.go +++ b/credentials/oauth/oauth.go @@ -187,7 +187,7 @@ func NewServiceAccountFromFile(keyFile string, scope ...string) (credentials.Per // } // -// NewApplicationDefaultWithScope returns "Application Default Credentials". For more +// NewApplicationDefault returns "Application Default Credentials". For more // detail, see https://developers.google.com/accounts/docs/application-default-credentials. func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { creds, err := google.FindDefaultCredentials(ctx, scope...) From ed074347d86e83064f83df371131bbe984c557e1 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 13:55:39 -0700 Subject: [PATCH 08/10] [xds_google_default_creds] more cleanup --- credentials/oauth/oauth.go | 11 ----------- xds/internal/client/bootstrap/bootstrap.go | 2 -- 2 files changed, 13 deletions(-) diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go index f07fc99dff30..6657055d6609 100644 --- a/credentials/oauth/oauth.go +++ b/credentials/oauth/oauth.go @@ -176,17 +176,6 @@ func NewServiceAccountFromFile(keyFile string, scope ...string) (credentials.Per return NewServiceAccountFromKey(jsonKey, scope...) } -// // NewApplicationDefault returns "Application Default Credentials". For more -// // detail, see https://developers.google.com/accounts/docs/application-default-credentials. -// func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { -// t, err := google.DefaultTokenSource(ctx, scope...) -// if err != nil { -// return nil, err -// } -// return TokenSource{t}, nil -// } -// - // NewApplicationDefault returns "Application Default Credentials". For more // detail, see https://developers.google.com/accounts/docs/application-default-credentials. func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) { diff --git a/xds/internal/client/bootstrap/bootstrap.go b/xds/internal/client/bootstrap/bootstrap.go index df1aedd86be3..1ee0f1d47c5e 100644 --- a/xds/internal/client/bootstrap/bootstrap.go +++ b/xds/internal/client/bootstrap/bootstrap.go @@ -40,8 +40,6 @@ const ( googleDefaultCreds = "google_default" gRPCUserAgentName = "gRPC Go" clientFeatureNoOverprovisioning = "envoy.lb.does_not_support_overprovisioning" - - gceOauth2Scope = "https://www.googleapis.com/auth/cloud-platform" ) var gRPCVersion = fmt.Sprintf("%s %s", gRPCUserAgentName, grpc.Version) From 50c87625449e37ef0e6f51f92764b9c2fb30721f Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 14:58:29 -0700 Subject: [PATCH 09/10] [xds_google_default_creds] add TODO --- xds/internal/client/bootstrap/bootstrap_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xds/internal/client/bootstrap/bootstrap_test.go b/xds/internal/client/bootstrap/bootstrap_test.go index 83f6712d16e8..6190ccb5f9b4 100644 --- a/xds/internal/client/bootstrap/bootstrap_test.go +++ b/xds/internal/client/bootstrap/bootstrap_test.go @@ -56,6 +56,9 @@ var ( } ) +// TODO: enable leak check for this package when +// https://github.com/googleapis/google-cloud-go/issues/2417 is fixed. + // TestNewConfig exercises the functionality in NewConfig with different // bootstrap file contents. It overrides the fileReadFunc by returning // bootstrap file contents defined in this test, instead of reading from a From e16fab676e21e1cd9b33b8e40ab85e3f53436389 Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 10 Jun 2020 15:01:54 -0700 Subject: [PATCH 10/10] [xds_google_default_creds] disable test for appengine It panics on appgine with go1.9 --- xds/internal/client/bootstrap/bootstrap_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xds/internal/client/bootstrap/bootstrap_test.go b/xds/internal/client/bootstrap/bootstrap_test.go index 6190ccb5f9b4..de0ef3954e72 100644 --- a/xds/internal/client/bootstrap/bootstrap_test.go +++ b/xds/internal/client/bootstrap/bootstrap_test.go @@ -1,3 +1,5 @@ +// +build !appengine + /* * * Copyright 2019 gRPC authors.