From 1f4c119cd7486379ad56781e69791b1a0bacd1a8 Mon Sep 17 00:00:00 2001 From: Jack <56563911+jdockerty@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:40:55 +0100 Subject: [PATCH] fix(gcs): do not skip signing with `allow_anonymous` (#4979) * fix: do not skip signing with allow_anonymous * feat: load_token handles allow_anonymous --- core/src/services/gcs/core.rs | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/core/src/services/gcs/core.rs b/core/src/services/gcs/core.rs index 0b9e8ae84c94..445659302515 100644 --- a/core/src/services/gcs/core.rs +++ b/core/src/services/gcs/core.rs @@ -75,20 +75,24 @@ static BACKOFF: Lazy = Lazy::new(|| ExponentialBuilder::default().with_jitter()); impl GcsCore { - async fn load_token(&self) -> Result { + async fn load_token(&self) -> Result> { let cred = { || self.token_loader.load() } .retry(&*BACKOFF) .await .map_err(new_request_credential_error)?; if let Some(cred) = cred { - Ok(cred) - } else { - Err(Error::new( - ErrorKind::ConfigInvalid, - "no valid credential found", - )) + return Ok(Some(cred)); + } + + if self.allow_anonymous { + return Ok(None); } + + Err(Error::new( + ErrorKind::ConfigInvalid, + "no valid credential found", + )) } fn load_credential(&self) -> Result> { @@ -112,14 +116,13 @@ impl GcsCore { } pub async fn sign(&self, req: &mut Request) -> Result<()> { - if self.allow_anonymous { + if let Some(cred) = self.load_token().await? { + self.signer + .sign(req, &cred) + .map_err(new_request_sign_error)?; + } else { return Ok(()); } - let cred = self.load_token().await?; - - self.signer - .sign(req, &cred) - .map_err(new_request_sign_error)?; // Always remove host header, let users' client to set it based on HTTP // version.