Closed bryancymo closed 2 years ago
Hello @bryancymo. Thank you for this nice PR.
I will review it next week but as far as I can see everything seems good.
Do you think it is possible to get an integration or a unit test for the meta api credentials ?
I could add a unit test that stubs the API, but its implemented as such that everything is caught by the HttpError which transparently passes it downstream. So its not really a valuable test imo. Integration tests are quite hard as you need to actually run the test on GCP infrastructure with access to the metadata API. Its not an API that is accessible from the outside...
In order to use the same docker image, #18 picked the metadata implementation but with an internal dyn trait update
Added credentials functions to acquire tokens from the GCP Metadata servers when running on GCP infrastructure. This allows the application to utilise the VM's native service account or in case of GKE the Workload Identity service account, in doing so eliminating the need to embed credentials as files.