Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metadata: support signaling "not on GCE" #4920

Open
stevo-f3 opened this issue Sep 30, 2021 · 4 comments
Open

metadata: support signaling "not on GCE" #4920

stevo-f3 opened this issue Sep 30, 2021 · 4 comments
Assignees
@codyoss
Labels
api: compute Issues related to the Compute Engine API. external This issue is blocked on a bug with the actual product. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@stevo-f3
Copy link

Is your feature request related to a problem? Please describe.
Multiple components that we have running exactly same on multi-cloud/onprem environments have transitive dependency on this library, and metadata lookups for "on GCP" test keeps spamming our DNS servers.

Describe the solution you'd like
Please support, not only explicitly signaling via GCE_METADATA_HOST env var that the component is running on GCP (see

google-cloud-go/compute/metadata/metadata.go

Lines 117 to 121 in ea00264

func testOnGCE() bool {
// The user explicitly said they're on GCE, so trust them.
if os.Getenv(metadataHostEnv) != "" {
return true
}
), but also signaling, via another env var or special value of existing one, that environment is not GCE one.

Describe alternatives you've considered
I've considered configuring local DNS resolvers to treat *.internal as local domain, not to be resolved by DNS servers. Problem is we have some .internal domains which have to be resolved by DNS servers. Configuring more specific domain (like metadata.google.internal) as local or as ignored/refused is not supported on local resolver that we have. Replacing local resolver to a more capable one is considered to be way much more involving compared to updating dependency to this go library and setting an environment variable.

Additional context
N/A
@stevo-f3 stevo-f3 added the triage me I really want to be triaged. label Sep 30, 2021
@codyoss codyoss self-assigned this Sep 30, 2021
@codyoss codyoss added api: compute Issues related to the Compute Engine API. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed triage me I really want to be triaged. labels Sep 30, 2021
@codyoss
Copy link
Member

codyoss commented Sep 30, 2021

Hey @stevo-f3 thanks for the feature request. I see how this could be useful in non-GCE environments.

Out of curiosity how are you authenticating with your services? The metadata check is the last method checked in our "Application Default Credential" flow: FindDefaultCredentials. I would think if other valid credential flows were found you would not hit this check.

@stevo-f3
Copy link
Author

stevo-f3 commented Oct 1, 2021

Will have to check on the auth. Thinking out loud, can there be valid credential flow on non-GCE environment?

@codyoss
Copy link
Member

codyoss commented Oct 1, 2021

@stevo-f3 Yes, a couple come to mind:

  1. A Service account key file can be used to authenticate.
  2. User credential files (gcloud auth login)
  3. Also external accounts using identity federation with STS.

@codyoss codyoss mentioned this issue Jun 29, 2022
Closed
@codyoss codyoss mentioned this issue Nov 18, 2022
Closed
@codyoss codyoss added the external This issue is blocked on a bug with the actual product. label Apr 16, 2024
@codyoss
Copy link
Member

codyoss commented Apr 16, 2024

I have re-rasied this issue to internal teams.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
api: compute Issues related to the Compute Engine API. external This issue is blocked on a bug with the actual product. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codyoss @stevo-f3