mtls refactor for endpoints

mmv1/third_party/terraform/utils/config.go.erb

@@ -128,10 +128,51 @@ type Config struct {
 	GkeHubBasePath string
 }
 
+<% products.each do |product| -%>
+const <%= product[:definitions].name -%>BasePathKey = "<%= product[:definitions].name -%>"
+<% end -%>
+const CloudBillingBasePathKey = "CloudBilling"
+const ComposerBasePathKey = "Composer"
+const ComputeBetaBasePathKey = "ComputeBeta"
+const ContainerBasePathKey = "Container"
+const DataprocBetaBasePathKey = "DataprocBeta"
+const ContainerBetaBasePathKey = "ContainerBeta"
+const DataflowBasePathKey = "Dataflow"
+const IAMBasePathKey = "IAM"
+const IamCredentialsBasePathKey = "IamCredentials"
+const ResourceManagerV2BasePathKey = "ResourceManagerV2"
+const ServiceNetworkingBasePathKey = "ServiceNetworking"
+const StorageTransferBasePathKey = "StorageTransfer"
+const BigtableAdminBasePathKey = "BigtableAdmin"
+const EventarcBasePathKey = "Eventarc"
+const GkeHubFeatureBasePathKey = "GkeHubFeature"
+
+
 // Generated product base paths
+var DefaultBasePaths = map[string]string{
 <% products.each do |product| -%>
-var <%= product[:definitions].name -%>DefaultBasePath = "<%= product[:definitions].base_url -%>"
+	<%= product[:definitions].name -%>BasePathKey : "<%= product[:definitions].base_url -%>",
+<% end -%>
+	CloudBillingBasePathKey : "https://cloudbilling.googleapis.com/v1/",
+<% if version == "ga" -%>
+	ComposerBasePathKey : "https://composer.googleapis.com/v1/",
+<% else -%>
+	ComposerBasePathKey : "https://composer.googleapis.com/v1beta1/",
 <% end -%>
+	ComputeBetaBasePathKey : "https://www.googleapis.com/compute/beta/",
+	ContainerBasePathKey : "https://container.googleapis.com/v1/",
+	ContainerBetaBasePathKey : "https://container.googleapis.com/v1beta1/",
+	DataprocBetaBasePathKey : "https://dataproc.googleapis.com/v1beta2/",
+	DataflowBasePathKey : "https://dataflow.googleapis.com/v1b3/",
+	IAMBasePathKey : "https://iam.googleapis.com/v1/",
+	IamCredentialsBasePathKey : "https://iamcredentials.googleapis.com/v1/",
+	ResourceManagerV2BasePathKey : "https://cloudresourcemanager.googleapis.com/v2/",
+	ServiceNetworkingBasePathKey : "https://servicenetworking.googleapis.com/v1/",
+	StorageTransferBasePathKey : "https://storagetransfer.googleapis.com/v1/",
+	BigtableAdminBasePathKey : "https://bigtableadmin.googleapis.com/v2/",
+	EventarcBasePathKey : "https://eventarc.googleapis.com/v1beta1/",
+	GkeHubFeatureBasePathKey: "https://gkehub.googleapis.com/v1beta/",
+}
 
 var DefaultClientScopes = []string{
 	"https://www.googleapis.com/auth/compute",
@@ -158,9 +199,11 @@ func (c *Config) LoadAndValidate(ctx context.Context) error {
 
 	cleanCtx := context.WithValue(ctx, oauth2.HTTPClient, cleanhttp.DefaultClient())
 
-	// 1. OAUTH2 TRANSPORT/CLIENT - sets up proper auth headers
-	client := oauth2.NewClient(cleanCtx, tokenSource)
-
+	// 1. MTLS TRANSPORT/CLIENT - sets up proper auth headers
+	client, _, err := transport.NewHTTPClient(cleanCtx, option.WithTokenSource(tokenSource))
+	if err != nil {
+		return err
+	}
 	// Userinfo is fetched before request logging is enabled to reduce additional noise.
 	err = c.logGoogleIdentities()
 	if err != nil {
@@ -886,22 +929,22 @@ func removeBasePathVersion(url string) string {
 func ConfigureBasePaths(c *Config) {
 	// Generated Products
 	<% products.map.each do |product| -%>
-	c.<%= product[:definitions].name -%>BasePath = <%= product[:definitions].name -%>DefaultBasePath
+	c.<%= product[:definitions].name -%>BasePath = DefaultBasePaths[<%= product[:definitions].name -%>BasePathKey]
 	<% end -%>
 
 	// Handwritten Products / Versioned / Atypical Entries
-	c.CloudBillingBasePath = CloudBillingDefaultBasePath
-	c.ComposerBasePath = ComposerDefaultBasePath
-	c.ComputeBetaBasePath = ComputeBetaDefaultBasePath
-	c.ContainerBasePath = ContainerDefaultBasePath
-	c.ContainerBetaBasePath = ContainerBetaDefaultBasePath
-	c.DataprocBasePath = DataprocDefaultBasePath
-	c.DataflowBasePath = DataflowDefaultBasePath
-	c.IamCredentialsBasePath = IamCredentialsDefaultBasePath
-	c.ResourceManagerV2BasePath = ResourceManagerV2DefaultBasePath
-	c.IAMBasePath = IAMDefaultBasePath
-	c.ServiceNetworkingBasePath = ServiceNetworkingDefaultBasePath
-	c.BigQueryBasePath = BigQueryDefaultBasePath
-	c.StorageTransferBasePath = StorageTransferDefaultBasePath
-	c.BigtableAdminBasePath = BigtableAdminDefaultBasePath
+	c.CloudBillingBasePath = DefaultBasePaths[CloudBillingBasePathKey]
+	c.ComposerBasePath = DefaultBasePaths[ComposerBasePathKey]
+	c.ComputeBetaBasePath = DefaultBasePaths[ComputeBetaBasePathKey]
+	c.ContainerBasePath = DefaultBasePaths[ContainerBasePathKey]
+	c.ContainerBetaBasePath = DefaultBasePaths[ContainerBetaBasePathKey]
+	c.DataprocBasePath = DefaultBasePaths[DataprocBasePathKey]
+	c.DataflowBasePath = DefaultBasePaths[DataflowBasePathKey]
+	c.IamCredentialsBasePath = DefaultBasePaths[IamCredentialsBasePathKey]
+	c.ResourceManagerV2BasePath = DefaultBasePaths[ResourceManagerV2BasePathKey]
+	c.IAMBasePath = DefaultBasePaths[IAMBasePathKey]
+	c.ServiceNetworkingBasePath = DefaultBasePaths[ServiceNetworkingBasePathKey]
+	c.BigQueryBasePath = DefaultBasePaths[BigQueryBasePathKey]
+	c.StorageTransferBasePath = DefaultBasePaths[StorageTransferBasePathKey]
+	c.BigtableAdminBasePath = DefaultBasePaths[BigtableAdminBasePathKey]
 }

mmv1/third_party/terraform/utils/mtls_util.go

@@ -0,0 +1,46 @@
+package google
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"google.golang.org/api/option/internaloption"
+	"google.golang.org/api/transport"
+)
+
+// The transport libaray does not natively expose logic to determine whether
+// the user is within mtls mode or not. They do return the mtls endpoint if
+// it is enabled during client creation so we will use this logic to determine
+// the mode the user is in and throw away the client they give us back.
+func isMtls() bool {
+	regularEndpoint := "https://mockservice.googleapis.com/v1/"
+	mtlsEndpoint := getMtlsEndpoint(regularEndpoint)
+	_, endpoint, err := transport.NewHTTPClient(context.Background(),
+		internaloption.WithDefaultEndpoint(regularEndpoint),
+		internaloption.WithDefaultMTLSEndpoint(mtlsEndpoint),
+	)
+	if err != nil {
+		return false
+	}
+	isMtls := endpoint == mtlsEndpoint
+	return isMtls
+}
+
+func getMtlsEndpoint(baseEndpoint string) string {
+	u, err := url.Parse(baseEndpoint)
+	if err != nil {
+		if strings.Contains(baseEndpoint, ".googleapis") {
+			return strings.Replace(baseEndpoint, ".googleapis", ".mtls.googleapis", 1)
+		}
+		return baseEndpoint
+	}
+	domainParts := strings.Split(u.Host, ".")
+	if len(domainParts) > 1 {
+		u.Host = fmt.Sprintf("%s.mtls.%s", domainParts[0], strings.Join(domainParts[1:], "."))
+	} else {
+		u.Host = fmt.Sprintf("%s.mtls", domainParts[0])
+	}
+	return u.String()
+}

mmv1/third_party/terraform/utils/mtls_util_test.go

@@ -0,0 +1,16 @@
+package google
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestUnitMtls_urlSwitching(t *testing.T) {
+	t.Parallel()
+	for key, bp := range DefaultBasePaths {
+		url := getMtlsEndpoint(bp)
+		if !strings.Contains(url, ".mtls.") {
+			t.Errorf("%s: mtls conversion unsuccessful preconv - %s postconv - %s", key, bp, url)
+		}
+	}
+}

mmv1/third_party/terraform/utils/provider.go.erb

@@ -20,6 +20,18 @@ var mutexKV = NewMutexKV()
 
 // Provider returns a *schema.Provider.
 func Provider() *schema.Provider {
+
+	// The mtls service client gives the type of endpoint (mtls/regular)
+	// at client creation. Since we use a shared client for requests we must
+	// rewrite the endpoints to be mtls endpoints for the scenario where
+	// mtls is enabled.
+	if isMtls() {
+		// if mtls is enabled switch all default endpoints to use the mtls endpoint
+		for key, bp := range DefaultBasePaths {
+			DefaultBasePaths[key] = getMtlsEndpoint(bp)
+		}
+	}
+
 	provider := &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"credentials": &schema.Schema{
@@ -134,7 +146,7 @@ func Provider() *schema.Provider {
 				ValidateFunc: validateCustomEndpoint,
 				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
 					"GOOGLE_<%= product[:definitions].name.underscore.upcase -%>_CUSTOM_ENDPOINT",
-				}, <%= product[:definitions].name -%>DefaultBasePath),
+				}, DefaultBasePaths[<%= product[:definitions].name -%>BasePathKey]),
 			},
 			<% end -%>