GCS: Consider channel options for credential request when creating default client options

[gab-david]

Does this issue affect the google-cloud-cpp project? Yes

What component of google-cloud-cpp is this related to? google/cloud/storage

Describe the bug When I call ClientOptions::CreateDefaultClientOptions(channel_options) with channel_options provided which contains the SSL root path used for CURLOPT_CAINFO, I expect that the SSL root path is used for credentials request and other request like bucket accesses. The current issue is that the SSL root path is used only for the bucket accesses but not for the credential request.

To Reproduce Steps to reproduce the behavior:

1. Call function 'ClientOptions::CreateDefaultClientOptions(channel_options)', example from quickstart.cc:

   
   --- a/google/cloud/storage/quickstart/quickstart.cc
   +++ b/google/cloud/storage/quickstart/quickstart.cc
   @@ -13,6 +13,7 @@
   // limitations under the License.
   
   #include "google/cloud/storage/client.h"
   +#include "google/cloud/storage/client_options.h"
   #include <iostream>
   
   int main(int argc, char* argv[]) {
   @@ -26,10 +27,15 @@ int main(int argc, char* argv[]) {
   // Create aliases to make the code easier to read.
   namespace gcs = google::cloud::storage;

• gcs::ChannelOptions channel_options;
• channel_options.set_ssl_root_path("~/my_certs.crt");
• auto options = gcs::ClientOptions::CreateDefaultClientOptions(channel_options);
• if (!options) throw std::runtime_error(options.status().message());

• // Create a client to communicate with Google Cloud Storage. This client // uses the default configuration for authentication and project id.

• google::cloud::StatusOr client =
• gcs::Client::CreateDefaultClient();
• auto client = google::cloud::StatusOr(gcs::Client(*options)); if (!client) { std::cerr << "Failed to create Storage Client, status=" << client.status() << "\n";

2. with strace -yy -etrace=file quickstart , check the first .crt file opened first is /etc/ssl/certs/ca-certificates.crt (the one defined by default in libcurl) then others for write and read request use the provided file ~/my_certs.crt

Expected behavior The provided SSL root path is used only for the credential request too.

Operating system: Ubuntu

What compiler and version are you using?

$ g++ -v
Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/5/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 5.4.0-6ubuntu1~16.04.12' --with-bugurl=file:///usr/share/doc/gcc-5/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-5 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-5-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-5-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-5-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12) 

What version of google-cloud-cpp are you using? tag v1.20.0

Additional context NA

[gab-david]

Related PR is #5524