tustvold commented on code in PR #3541:
URL: https://github.com/apache/arrow-rs/pull/3541#discussion_r1084117015
##########
object_store/src/gcp/credential.rs:
##########
@@ -222,3 +327,118 @@ fn b64_encode_obj<T: serde::Serialize>(obj: &T) ->
Result<String> {
let string = serde_json::to_string(obj).context(EncodeSnafu)?;
Ok(BASE64_URL_SAFE_NO_PAD.encode(string))
}
+
+/// A provider that uses the Google Cloud Platform metadata server to fetch a
token.
+#[derive(Debug, Default)]
+pub struct InstanceCredentialProvider {
+ audience: String,
+}
+
+impl InstanceCredentialProvider {
+ pub fn new<T: Into<String>>(audience: T) -> Self {
+ Self {
+ audience: audience.into(),
+ }
+ }
+}
+
+#[async_trait]
+impl TokenProvider for InstanceCredentialProvider {
+ async fn fetch_token(
+ &self,
+ client: &Client,
Review Comment:
One thing to double-check is what happens if https is disabled for the
client. At least for AWS the client is created as part of the credential, and
explicitly permits http for the `InstanceCredentialProvider`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
