2022-11-01 11:07:35 +08:00
|
|
|
package gcp
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
|
2023-02-26 11:31:49 +08:00
|
|
|
"github.com/cockroachdb/errors"
|
2022-11-01 11:07:35 +08:00
|
|
|
"github.com/minio/minio-go/v7"
|
|
|
|
|
"github.com/minio/minio-go/v7/pkg/credentials"
|
2023-03-14 18:09:54 +08:00
|
|
|
"go.uber.org/atomic"
|
2022-11-01 11:07:35 +08:00
|
|
|
"golang.org/x/oauth2"
|
|
|
|
|
"golang.org/x/oauth2/google"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// WrapHTTPTransport wraps http.Transport, add an auth header to support GCP native auth
|
|
|
|
|
type WrapHTTPTransport struct {
|
2022-11-08 12:43:02 +08:00
|
|
|
tokenSrc oauth2.TokenSource
|
|
|
|
|
backend transport
|
2023-03-14 18:09:54 +08:00
|
|
|
currentToken atomic.Pointer[oauth2.Token]
|
2022-11-01 11:07:35 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// transport abstracts http.Transport to simplify test
|
|
|
|
|
type transport interface {
|
|
|
|
|
RoundTrip(req *http.Request) (*http.Response, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewWrapHTTPTransport constructs a new WrapHTTPTransport
|
|
|
|
|
func NewWrapHTTPTransport(secure bool) (*WrapHTTPTransport, error) {
|
|
|
|
|
tokenSrc := google.ComputeTokenSource("")
|
|
|
|
|
// in fact never return err
|
|
|
|
|
backend, err := minio.DefaultTransport(secure)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "failed to create default transport")
|
|
|
|
|
}
|
|
|
|
|
return &WrapHTTPTransport{
|
|
|
|
|
tokenSrc: tokenSrc,
|
|
|
|
|
backend: backend,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-08 12:43:02 +08:00
|
|
|
// RoundTrip wraps original http.RoundTripper by Adding a Bearer token acquired from tokenSrc
|
2022-11-01 11:07:35 +08:00
|
|
|
func (t *WrapHTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
2022-11-08 12:43:02 +08:00
|
|
|
// here Valid() means the token won't be expired in 10 sec
|
|
|
|
|
// so the http client timeout shouldn't be longer, or we need to change the default `expiryDelta` time
|
2023-03-14 18:09:54 +08:00
|
|
|
currentToken := t.currentToken.Load()
|
|
|
|
|
if currentToken.Valid() {
|
|
|
|
|
req.Header.Set("Authorization", "Bearer "+currentToken.AccessToken)
|
|
|
|
|
} else {
|
|
|
|
|
newToken, err := t.tokenSrc.Token()
|
2022-11-08 12:43:02 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "failed to acquire token")
|
|
|
|
|
}
|
2023-03-14 18:09:54 +08:00
|
|
|
t.currentToken.Store(newToken)
|
|
|
|
|
req.Header.Set("Authorization", "Bearer "+newToken.AccessToken)
|
2022-11-01 11:07:35 +08:00
|
|
|
}
|
2023-03-14 18:09:54 +08:00
|
|
|
|
2022-11-01 11:07:35 +08:00
|
|
|
return t.backend.RoundTrip(req)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const GcsDefaultAddress = "storage.googleapis.com"
|
|
|
|
|
|
|
|
|
|
// NewMinioClient returns a minio.Client which is compatible for GCS
|
|
|
|
|
func NewMinioClient(address string, opts *minio.Options) (*minio.Client, error) {
|
|
|
|
|
if opts == nil {
|
|
|
|
|
opts = &minio.Options{}
|
|
|
|
|
}
|
|
|
|
|
if address == "" {
|
|
|
|
|
address = GcsDefaultAddress
|
|
|
|
|
opts.Secure = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// adhoc to remove port of gcs address to let minio-go know it's gcs
|
|
|
|
|
if strings.Contains(address, GcsDefaultAddress) {
|
|
|
|
|
address = GcsDefaultAddress
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if opts.Creds != nil {
|
|
|
|
|
// if creds is set, use it directly
|
|
|
|
|
return minio.New(address, opts)
|
|
|
|
|
}
|
|
|
|
|
// opts.Creds == nil, assume using IAM
|
|
|
|
|
transport, err := NewWrapHTTPTransport(opts.Secure)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "failed to create default transport")
|
|
|
|
|
}
|
|
|
|
|
opts.Transport = transport
|
|
|
|
|
opts.Creds = credentials.NewStaticV2("", "", "")
|
|
|
|
|
return minio.New(address, opts)
|
|
|
|
|
}
|
