From 55beaa993aaf052d8be39766afc6777c3c2a0bdd Mon Sep 17 00:00:00 2001 From: Cody Oss <6331106+codyoss@users.noreply.github.com> Date: Mon, 22 Apr 2024 12:26:41 -0500 Subject: [PATCH] fix(auth/credentials): error on bad file name if explicitly set (#10018) Only want our fall-through logic to work for ADC specified behaviour, not explicit credential options. Fixes: #9809 --- auth/credentials/detect.go | 5 ++++- auth/credentials/detect_test.go | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/auth/credentials/detect.go b/auth/credentials/detect.go index 5723ae94b321..cb3f44f5873f 100644 --- a/auth/credentials/detect.go +++ b/auth/credentials/detect.go @@ -76,7 +76,10 @@ func DetectDefault(opts *DetectOptions) (*auth.Credentials, error) { if opts.CredentialsJSON != nil { return readCredentialsFileJSON(opts.CredentialsJSON, opts) } - if filename := credsfile.GetFileNameFromEnv(opts.CredentialsFile); filename != "" { + if opts.CredentialsFile != "" { + return readCredentialsFile(opts.CredentialsFile, opts) + } + if filename := os.Getenv(credsfile.GoogleAppCredsEnvVar); filename != "" { if creds, err := readCredentialsFile(filename, opts); err == nil { return creds, err } diff --git a/auth/credentials/detect_test.go b/auth/credentials/detect_test.go index 8219a9b23919..95661373a21f 100644 --- a/auth/credentials/detect_test.go +++ b/auth/credentials/detect_test.go @@ -688,6 +688,15 @@ func TestDefaultCredentials_BadFiletype(t *testing.T) { } } +func TestDefaultCredentials_BadFileName(t *testing.T) { + if _, err := DetectDefault(&DetectOptions{ + CredentialsFile: "a/bad/filepath", + Scopes: []string{"https://www.googleapis.com/auth/cloud-platform"}, + }); err == nil { + t.Fatal("got nil, want non-nil err") + } +} + func TestDefaultCredentials_Validate(t *testing.T) { tests := []struct { name string