fix(auth): fix EXPERIMENTAL_GOOGLE_API_USE_S2A detection

fixes: #9670
googleapis · Mar 29, 2024 · 5409485 · 5409485
1 parent 0aa31d2
commit 5409485
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 20 deletions.
diff --git a/auth/internal/transport/cba_test.go b/auth/internal/transport/cba_test.go
@@ -396,13 +396,13 @@ func setupTest(t *testing.T) func() {
 func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 	testCases := []struct {
 		name         string
-		ds           *Options
+		opts         *Options
 		wantEndpoint string
 		wantErr      error
 	}{
 		{
 			name: "google default universe (GDU), no client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -411,7 +411,7 @@ func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "google default universe (GDU), client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -421,7 +421,7 @@ func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, no client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -431,7 +431,7 @@ func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -444,12 +444,12 @@ func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		if tc.ds.ClientCertProvider != nil {
+		if tc.opts.ClientCertProvider != nil {
 			os.Setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true")
 		} else {
 			os.Setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
 		}
-		config, err := getTransportConfig(tc.ds)
+		config, err := getTransportConfig(tc.opts)
 		if err != nil {
 			if err != tc.wantErr {
 				t.Fatalf("%s: err: %v", tc.name, err)
@@ -465,13 +465,13 @@ func TestGetTransportConfig_UniverseDomain(t *testing.T) {
 func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 	testCases := []struct {
 		name         string
-		ds           *Options
+		opts         *Options
 		wantEndpoint string
 		wantErr      error
 	}{
 		{
 			name: "google default universe (GDU), no client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -480,7 +480,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "google default universe (GDU), no client cert, endpoint",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -490,7 +490,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "google default universe (GDU), client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -500,7 +500,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "google default universe (GDU), client cert, endpoint",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -511,7 +511,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, no client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -522,7 +522,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, no client cert, endpoint",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -533,7 +533,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, client cert",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -544,7 +544,7 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 		},
 		{
 			name: "UniverseDomain, client cert, endpoint",
-			ds: &Options{
+			opts: &Options{
 				DefaultEndpoint:         testRegularEndpoint,
 				DefaultEndpointTemplate: testEndpointTemplate,
 				DefaultMTLSEndpoint:     testMTLSEndpoint,
@@ -557,12 +557,12 @@ func TestGetGRPCTransportCredsAndEndpoint_UniverseDomain(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		if tc.ds.ClientCertProvider != nil {
+		if tc.opts.ClientCertProvider != nil {
 			os.Setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true")
 		} else {
 			os.Setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
 		}
-		_, endpoint, err := GetGRPCTransportCredsAndEndpoint(tc.ds)
+		_, endpoint, err := GetGRPCTransportCredsAndEndpoint(tc.opts)
 		if err != nil {
 			if err != tc.wantErr {
 				t.Fatalf("%s: err: %v", tc.name, err)

diff --git a/auth/internal/transport/s2a.go b/auth/internal/transport/s2a.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"log"
 	"os"
-	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -162,7 +162,7 @@ func shouldUseS2A(clientCertSource cert.Provider, opts *Options) bool {
 		return false
 	}
 	// If EXPERIMENTAL_GOOGLE_API_USE_S2A is not set to true, skip S2A.
-	if b, err := strconv.ParseBool(os.Getenv(googleAPIUseS2AEnv)); err == nil && !b {
+	if !isGoogleS2AEnabled() {
 		return false
 	}
 	// If DefaultMTLSEndpoint is not set and no endpoint override, skip S2A.
@@ -179,3 +179,7 @@ func shouldUseS2A(clientCertSource cert.Provider, opts *Options) bool {
 	}
 	return true
 }
+
+func isGoogleS2AEnabled() bool {
+	return strings.ToLower(os.Getenv(googleAPIUseS2AEnv)) == "true"
+}