fix: allow unenrcypted transfer of token

For local debugging.
einride · May 7, 2021 · 245c982 · 245c982
1 parent 99e4b5d
commit 245c982
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 20 deletions.
diff --git a/cmd/iamctl/go.sum b/cmd/iamctl/go.sum
@@ -291,8 +291,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.einride.tech/aip v0.35.0/go.mod h1:JgWM7uEMZ1GfTehF4YJKSPg3PQlwgpnLbL+imA0yH3M=
-go.einride.tech/aip v0.36.0 h1:/PfkDWPeFn/89vlaFX88ZqI1MUmA8WEUo/X9wCIdU4Q=
-go.einride.tech/aip v0.36.0/go.mod h1:JgWM7uEMZ1GfTehF4YJKSPg3PQlwgpnLbL+imA0yH3M=
+go.einride.tech/aip v0.38.0 h1:qh5yEOZ0T2vrxq/PMZ0MAY2Ag82IexSJs3fC6iTvQYc=
+go.einride.tech/aip v0.38.0/go.mod h1:JgWM7uEMZ1GfTehF4YJKSPg3PQlwgpnLbL+imA0yH3M=
 go.einride.tech/spanner-aip v0.34.0 h1:EtTeXHWZIaw6iWElJoNfkGvmF+gnEkFCWC+wowBbUCg=
 go.einride.tech/spanner-aip v0.34.0/go.mod h1:nxaR0F9hrPxC/7xmFDBIk68j+z9uwYtoNELYqcNjxf8=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=

diff --git a/cmd/iamctl/internal/connection/args.go b/cmd/iamctl/internal/connection/args.go
@@ -9,10 +9,8 @@ import (
 
 	"github.com/spf13/pflag"
 	"go.einride.tech/iam/iamexample"
-	"google.golang.org/api/idtoken"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/credentials/oauth"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
@@ -40,14 +38,7 @@ func (f *Flags) Connect(ctx context.Context) (*grpc.ClientConn, error) {
 	var opts []grpc.DialOption
 	opts = append(opts, grpc.WithUnaryInterceptor(f.unaryClientInterceptor))
 	if f.Token != "" {
-		audience := "https://" + trimPort(f.Address)
-		idTokenSource, err := idtoken.NewTokenSource(ctx, audience)
-		if err != nil {
-			return nil, err
-		}
-		opts = append(opts, grpc.WithPerRPCCredentials(
-			&oauth.TokenSource{TokenSource: idTokenSource},
-		))
+		opts = append(opts, grpc.WithPerRPCCredentials(tokenCredentials(f.Token)))
 	}
 	if f.Insecure {
 		opts = append(opts, grpc.WithInsecure())
@@ -79,6 +70,18 @@ func (c *Flags) unaryClientInterceptor(
 	return nil
 }
 
+type tokenCredentials string
+
+func (t tokenCredentials) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	return map[string]string{
+		"authorization": "bearer " + string(t),
+	}, nil
+}
+
+func (p tokenCredentials) RequireTransportSecurity() bool {
+	return false
+}
+
 type printDetailsError struct {
 	err error
 }
@@ -105,14 +108,6 @@ func (e *printDetailsError) Error() string {
 	return result.String()
 }
 
-func trimPort(target string) string {
-	parts := strings.Split(target, ":")
-	if len(parts) == 1 {
-		return target
-	}
-	return strings.Join(parts[:len(parts)-1], ":")
-}
-
 func withDefaultPort(target string, port int) string {
 	parts := strings.Split(target, ":")
 	if len(parts) == 1 {