gcs client: use fake credentials in unit test (#5834)

* gcs client: use fake credentials in unit test 'insecure' mode is only used in unit tests, so I piggy-backed on that to set a fake API key. This avoids the GCS library looking up credentials from the user's environment and possibly contacting Google servers, as described at https://cloud.google.com/docs/authentication/production * Comment Co-authored-by: Owen Diehl <ow.diehl@gmail.com> Co-authored-by: Owen Diehl <ow.diehl@gmail.com>
3 years ago · c0cc004333
parent 1329ea165c
commit c0cc004333
1 changed files with 4 additions and 1 deletions
--- a/pkg/storage/chunk/gcp/instrumentation.go
+++ b/pkg/storage/chunk/gcp/instrumentation.go
@ -71,10 +71,13 @@ func gcsInstrumentation(ctx context.Context, scope string, insecure bool, http2
 		customTransport.TLSNextProto = make(map[string]func(string, *tls.Conn) http.RoundTripper)
 		customTransport.ForceAttemptHTTP2 = false
 	}
+	transportOptions := []option.ClientOption{option.WithScopes(scope)}
 	if insecure {
 		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		// When using `insecure` (testing only), we add a fake API key as well to skip credential chain lookups.
+		transportOptions = append(transportOptions, option.WithAPIKey("insecure"))
 	}
-	transport, err := google_http.NewTransport(ctx, customTransport, option.WithScopes(scope))
+	transport, err := google_http.NewTransport(ctx, customTransport, transportOptions...)
 	if err != nil {
 		return nil, err
 	}