From c0cc004333b1392ab12b41a8666c1d2fb1e2ec30 Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Fri, 8 Apr 2022 14:20:23 +0100 Subject: [PATCH] gcs client: use fake credentials in unit test (#5834) * gcs client: use fake credentials in unit test 'insecure' mode is only used in unit tests, so I piggy-backed on that to set a fake API key. This avoids the GCS library looking up credentials from the user's environment and possibly contacting Google servers, as described at https://cloud.google.com/docs/authentication/production * Comment Co-authored-by: Owen Diehl Co-authored-by: Owen Diehl --- pkg/storage/chunk/gcp/instrumentation.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/storage/chunk/gcp/instrumentation.go b/pkg/storage/chunk/gcp/instrumentation.go index 6d2ce3878b..16ff7562eb 100644 --- a/pkg/storage/chunk/gcp/instrumentation.go +++ b/pkg/storage/chunk/gcp/instrumentation.go @@ -71,10 +71,13 @@ func gcsInstrumentation(ctx context.Context, scope string, insecure bool, http2 customTransport.TLSNextProto = make(map[string]func(string, *tls.Conn) http.RoundTripper) customTransport.ForceAttemptHTTP2 = false } + transportOptions := []option.ClientOption{option.WithScopes(scope)} if insecure { customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + // When using `insecure` (testing only), we add a fake API key as well to skip credential chain lookups. + transportOptions = append(transportOptions, option.WithAPIKey("insecure")) } - transport, err := google_http.NewTransport(ctx, customTransport, option.WithScopes(scope)) + transport, err := google_http.NewTransport(ctx, customTransport, transportOptions...) if err != nil { return nil, err }