Do not need Google credentials before using it (elastic#21072)

This PR moves retrieving a GCP token to a later stage of running Functionbeat. From now on tokens are only needed when the operations require it. Previously user was required to set a proper credentials file under `GOOGLE_APPLICATION_CREDENTIALS` environment variable regardless of the operation. Closes elastic#17329 (cherry picked from commit c2efa09)
kvch · Sep 14, 2020 · 262d88a · 262d88a
1 parent dbc9cb8
commit 262d88a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 10 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -107,6 +107,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Functionbeat*
 
+- Do not need Google credentials if not required for the operation. {issue}17329[17329] {pull}21072[21072]
 
 ==== Added
 

diff --git a/x-pack/functionbeat/manager/gcp/cli_manager.go b/x-pack/functionbeat/manager/gcp/cli_manager.go
@@ -76,14 +76,19 @@ func (c *CLIManager) deploy(update bool, name string) error {
 	executer.Add(newOpEnsureBucket(c.log, c.config))
 	executer.Add(newOpUploadToBucket(c.log, c.config, name, functionData.raw))
 
+	token, err := c.getTokenSrc()
+	if err != nil {
+		return err
+	}
+
 	ctx := &functionContext{}
 	if update {
-		executer.Add(newOpUpdateFunction(ctx, c.log, c.tokenSrc, functionData.function.Name, functionData.function))
+		executer.Add(newOpUpdateFunction(ctx, c.log, token, functionData.function.Name, functionData.function))
 	} else {
-		executer.Add(newOpCreateFunction(ctx, c.log, c.tokenSrc, c.location, name, functionData.function))
+		executer.Add(newOpCreateFunction(ctx, c.log, token, c.location, name, functionData.function))
 	}
 
-	executer.Add(newOpWaitForFunction(ctx, c.log, c.tokenSrc))
+	executer.Add(newOpWaitForFunction(ctx, c.log, token))
 
 	if err := executer.Execute(nil); err != nil {
 		if rollbackErr := executer.Rollback(nil); rollbackErr != nil {
@@ -104,9 +109,14 @@ func (c *CLIManager) Remove(name string) error {
 		return err
 	}
 
+	token, err := c.getTokenSrc()
+	if err != nil {
+		return err
+	}
+
 	ctx := &functionContext{}
 	executer := executor.NewExecutor(c.log)
-	executer.Add(newOpDeleteFunction(ctx, c.log, c.location, functionData.function.Name, c.tokenSrc))
+	executer.Add(newOpDeleteFunction(ctx, c.log, c.location, functionData.function.Name, token))
 	executer.Add(newOpDeleteFromBucket(c.log, c.config, name))
 
 	if err := executer.Execute(nil); err != nil {
@@ -151,6 +161,20 @@ func (c *CLIManager) Package(outputPattern string) error {
 	return nil
 }
 
+func (c *CLIManager) getTokenSrc() (oauth2.TokenSource, error) {
+	if c.tokenSrc != nil {
+		return c.tokenSrc, nil
+	}
+
+	var err error
+	c.tokenSrc, err = google.DefaultTokenSource(context.Background(), "https://www.googleapis.com/auth/cloud-platform")
+	if err != nil {
+		return nil, fmt.Errorf("error while creating CLIManager: %+v", err)
+	}
+
+	return c.tokenSrc, nil
+}
+
 // NewCLI returns the interface to manage functions on Google Cloud Platform.
 func NewCLI(
 	log *logp.Logger,
@@ -173,16 +197,10 @@ func NewCLI(
 
 	location := fmt.Sprintf(locationTemplate, config.ProjectID, config.Location)
 
-	tokenSrc, err := google.DefaultTokenSource(context.TODO(), "https://www.googleapis.com/auth/cloud-platform")
-	if err != nil {
-		return nil, fmt.Errorf("error while creating CLIManager: %+v", err)
-	}
-
 	return &CLIManager{
 		config:          config,
 		log:             logp.NewLogger("gcp"),
 		location:        location,
-		tokenSrc:        tokenSrc,
 		templateBuilder: templateBuilder,
 	}, nil
 }