[resultstore] Pass RPC credentials directly to Connect.
The current method of hard-coding default options to create
credentials was always hack for experimentation.
IN-597 #comment
Change-Id: I5914751d4404d05fa62d184d2ea4a86631f3f62d
diff --git a/resultstore/resultstore.go b/resultstore/resultstore.go
index 799513f..8fa4fe2 100644
--- a/resultstore/resultstore.go
+++ b/resultstore/resultstore.go
@@ -9,16 +9,30 @@
"crypto/x509"
"fmt"
- "go.chromium.org/luci/auth"
api "google.golang.org/genproto/googleapis/devtools/resultstore/v2"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
- "google.golang.org/grpc/credentials/oauth"
+)
+
+const (
+ // Google Cloud API scope required to use ResultStore Upload API.
+ scope = "https://www.googleapis.com/auth/cloud-platform"
)
// Connect returns a new UploadClient connected to the ResultStore backend at the given host.
-func Connect(ctx context.Context, environment Environment) (UploadClient, error) {
- conn, err := connectToGRPCHost(ctx, environment.GRPCServiceAddress())
+func Connect(ctx context.Context, environment Environment, creds credentials.PerRPCCredentials) (UploadClient, error) {
+ pool, err := x509.SystemCertPool()
+ if err != nil {
+ return nil, fmt.Errorf("failed to create cert pool: %v", err)
+ }
+
+ transportCreds := credentials.NewClientTLSFromCert(pool, "")
+
+ conn, err := grpc.Dial(
+ environment.GRPCServiceAddress(),
+ grpc.WithTransportCredentials(transportCreds),
+ grpc.WithPerRPCCredentials(creds),
+ )
if err != nil {
return nil, err
}
@@ -64,55 +78,3 @@
panic("invalid environment: " + e)
}
}
-
-// AuthMode specifies how to authenticate with
-type AuthMode string
-
-// AuthMode constants.
-const (
- // LUCIAuth uses LUCI auth with SilentLogin. See the docs at
- // go.chromium.org/luci/common/auth#SilentLogin for more details. This mode should
- // always be used in production.
- LUCIAuth AuthMode = "luci"
-
- // GAEDefaultAuth uses the Google application default credentials, which are read from
- // the environment variable GOOGLE_APPLICATION_CREDENTIALS. This is useful for local
- // debugging and testing.
- GAEDefaultAuth AuthMode = "gae_default"
-)
-
-const (
- // Google Cloud API scope required to use ResultStore Upload API.
- scope = "https://www.googleapis.com/auth/cloud-platform"
-)
-
-func connectToGRPCHost(ctx context.Context, host string) (*grpc.ClientConn, error) {
- // TODO(IN-699): AuthMode and Options should be initialized by command-line flags.
- var authOpts auth.Options
- perRPC, err := perRPCCredentials(ctx, GAEDefaultAuth, authOpts)
- if err != nil {
- return nil, err
- }
-
- pool, err := x509.SystemCertPool()
- if err != nil {
- return nil, fmt.Errorf("failed to create cert pool: %v", err)
- }
- transportCreds := credentials.NewClientTLSFromCert(pool, "")
- return grpc.Dial(host,
- grpc.WithTransportCredentials(transportCreds),
- grpc.WithPerRPCCredentials(perRPC),
- )
-}
-
-func perRPCCredentials(ctx context.Context, authMode AuthMode, authOpts auth.Options) (credentials.PerRPCCredentials, error) {
- switch authMode {
- case LUCIAuth:
- authenticator := auth.NewAuthenticator(ctx, auth.SilentLogin, authOpts)
- return authenticator.PerRPCCredentials()
- case GAEDefaultAuth:
- return oauth.NewApplicationDefault(ctx, scope)
- default:
- return nil, fmt.Errorf("invalid authenticatation mode: %v", authMode)
- }
-}