From 00d50a9334b1fe03b91be06077b871c4fe9e7fb9 Mon Sep 17 00:00:00 2001
From: Harsh Thakur <harshthakur9030@gmail.com>
Date: Sun, 25 Oct 2020 07:49:24 +0530
Subject: [PATCH 1/3] Adding auth trigger to pubsub

Signed-off-by: Harsh Thakur <harshthakur9030@gmail.com>
---
 pkg/scalers/gcp_pub_sub_scaler.go | 39 ++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/pkg/scalers/gcp_pub_sub_scaler.go b/pkg/scalers/gcp_pub_sub_scaler.go
index 58b004cc0b7..d44aac63850 100644
--- a/pkg/scalers/gcp_pub_sub_scaler.go
+++ b/pkg/scalers/gcp_pub_sub_scaler.go
@@ -20,6 +20,11 @@ const (
 	pubSubStackDriverMetricName   = "pubsub.googleapis.com/subscription/num_undelivered_messages"
 )
 
+type gcpAuthorizationMetadata struct {
+	GoogleApplicationCredentials string
+	podIdentityOwner             bool
+}
+
 type pubsubScaler struct {
 	client   *StackDriverClient
 	metadata *pubsubMetadata
@@ -28,7 +33,7 @@ type pubsubScaler struct {
 type pubsubMetadata struct {
 	targetSubscriptionSize int
 	subscriptionName       string
-	credentials            string
+	gcpAuthorization       gcpAuthorizationMetadata
 }
 
 var gcpPubSubLog = logf.Log.WithName("gcp_pub_sub_scaler")
@@ -68,14 +73,11 @@ func parsePubSubMetadata(config *ScalerConfig) (*pubsubMetadata, error) {
 		return nil, fmt.Errorf("no subscription name given")
 	}
 
-	if config.TriggerMetadata["credentialsFromEnv"] != "" {
-		meta.credentials = config.ResolvedEnv[config.TriggerMetadata["credentialsFromEnv"]]
-	}
-
-	if len(meta.credentials) == 0 {
-		return nil, fmt.Errorf("no credentials given. Need GCP service account credentials in json format")
+	auth, err := getGcpAuthorization(config.AuthParams, config.TriggerMetadata, config.ResolvedEnv)
+	if err != nil {
+		return nil, err
 	}
-
+	meta.gcpAuthorization = *auth
 	return &meta, nil
 }
 
@@ -149,7 +151,7 @@ func (s *pubsubScaler) GetMetrics(ctx context.Context, metricName string, metric
 // Stackdriver api
 func (s *pubsubScaler) GetSubscriptionSize(ctx context.Context) (int64, error) {
 	if s.client == nil {
-		client, err := NewStackDriverClient(ctx, s.metadata.credentials)
+		client, err := NewStackDriverClient(ctx, s.metadata.gcpAuthorization.GoogleApplicationCredentials)
 		if err != nil {
 			return -1, err
 		}
@@ -160,3 +162,22 @@ func (s *pubsubScaler) GetSubscriptionSize(ctx context.Context) (int64, error) {
 
 	return s.client.GetMetrics(ctx, filter)
 }
+
+func getGcpAuthorization(authParams, metadata, resolvedEnv map[string]string) (*gcpAuthorizationMetadata, error) {
+	meta := gcpAuthorizationMetadata{}
+	if metadata["identityOwner"] == "operator" {
+		meta.podIdentityOwner = false
+	} else if metadata["identityOwner"] == "" || metadata["identityOwner"] == "pod" {
+		meta.podIdentityOwner = true
+		if authParams["GoogleApplicationCredentials"] != "" {
+			meta.GoogleApplicationCredentials = authParams["GoogleApplicationCredentials"]
+		} else {
+			if metadata["credentialsFromEnv"] != "" {
+				meta.GoogleApplicationCredentials = resolvedEnv[metadata["credentialsFromEnv"]]
+			} else {
+				return nil, fmt.Errorf("GoogleApplicationCredentials not found")
+			}
+		}
+	}
+	return &meta, nil
+}

From fa1136155107d46b0f68ad364caa9eaf39b307f6 Mon Sep 17 00:00:00 2001
From: Harsh Thakur <harshthakur9030@gmail.com>
Date: Mon, 26 Oct 2020 22:27:05 +0530
Subject: [PATCH 2/3] Adding test cases

Signed-off-by: Harsh Thakur <harshthakur9030@gmail.com>
---
 pkg/scalers/gcp_pubsub_scaler_test.go | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/pkg/scalers/gcp_pubsub_scaler_test.go b/pkg/scalers/gcp_pubsub_scaler_test.go
index ce2d700f71c..13ad4c47441 100644
--- a/pkg/scalers/gcp_pubsub_scaler_test.go
+++ b/pkg/scalers/gcp_pubsub_scaler_test.go
@@ -9,8 +9,9 @@ var testPubSubResolvedEnv = map[string]string{
 }
 
 type parsePubSubMetadataTestData struct {
-	metadata map[string]string
-	isError  bool
+	authParams map[string]string
+	metadata   map[string]string
+	isError    bool
 }
 
 type gcpPubSubMetricIdentifier struct {
@@ -19,17 +20,21 @@ type gcpPubSubMetricIdentifier struct {
 }
 
 var testPubSubMetadata = []parsePubSubMetadataTestData{
-	{map[string]string{}, true},
+	{map[string]string{}, map[string]string{}, true},
 	// all properly formed
-	{map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, false},
-	// missing subscriptionName
-	{map[string]string{"subscriptionName": "", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
-	// missing credentials
-	{map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": ""}, true},
+	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, false},
+	// // missing subscriptionName
+	{nil, map[string]string{"subscriptionName": "", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
+	// // missing credentials
+	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": ""}, true},
 	// incorrect credentials
-	{map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "WRONG_CREDS"}, true},
+	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "WRONG_CREDS"}, false},
 	// malformed subscriptionSize
-	{map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "AA", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
+	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "AA", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
+	// // Credentials from AuthParams
+	{map[string]string{"GoogleApplicationCredentials": "Creds", "podIdentityOwner": ""}, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7"}, false},
+	// // Credentials from AuthParams with empty creds
+	{map[string]string{"GoogleApplicationCredentials": "", "podIdentityOwner": ""}, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7"}, true},
 }
 
 var gcpPubSubMetricIdentifiers = []gcpPubSubMetricIdentifier{
@@ -38,7 +43,7 @@ var gcpPubSubMetricIdentifiers = []gcpPubSubMetricIdentifier{
 
 func TestPubSubParseMetadata(t *testing.T) {
 	for _, testData := range testPubSubMetadata {
-		_, err := parsePubSubMetadata(&ScalerConfig{TriggerMetadata: testData.metadata, ResolvedEnv: testPubSubResolvedEnv})
+		_, err := parsePubSubMetadata(&ScalerConfig{AuthParams: testData.authParams, TriggerMetadata: testData.metadata, ResolvedEnv: testPubSubResolvedEnv})
 		if err != nil && !testData.isError {
 			t.Error("Expected success but got error", err)
 		}

From 19bf10adb4a6cbdf5e984117accdf26f2c0fe518 Mon Sep 17 00:00:00 2001
From: Harsh Thakur <harshthakur9030@gmail.com>
Date: Wed, 28 Oct 2020 05:17:43 +0530
Subject: [PATCH 3/3] Update changelog

Signed-off-by: Harsh Thakur <harshthakur9030@gmail.com>
---
 CHANGELOG.md                          |  1 +
 pkg/scalers/gcp_pubsub_scaler_test.go | 10 ++++------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 656fa08f3d2..06d6c7c6c1f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@
 - Added ScaledObject Status Conditions to display status of scaling ([#750](https://github.com/kedacore/keda/pull/750))
 - Added optional authentication parameters for the Redis Scaler ([#962](https://github.com/kedacore/keda/pull/962))
 - Improved GCP PubSub Scaler performance by closing the client correctly ([#1087](https://github.com/kedacore/keda/pull/1087))
+- Added support for Trigger Authentication for GCP PubSub scaler ([#1291](https://github.com/kedacore/keda/pull/1291))
 
 ### Breaking Changes
 
diff --git a/pkg/scalers/gcp_pubsub_scaler_test.go b/pkg/scalers/gcp_pubsub_scaler_test.go
index 13ad4c47441..6a7c6b38f20 100644
--- a/pkg/scalers/gcp_pubsub_scaler_test.go
+++ b/pkg/scalers/gcp_pubsub_scaler_test.go
@@ -23,17 +23,15 @@ var testPubSubMetadata = []parsePubSubMetadataTestData{
 	{map[string]string{}, map[string]string{}, true},
 	// all properly formed
 	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, false},
-	// // missing subscriptionName
+	// missing subscriptionName
 	{nil, map[string]string{"subscriptionName": "", "subscriptionSize": "7", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
-	// // missing credentials
+	// missing credentials
 	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": ""}, true},
-	// incorrect credentials
-	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7", "credentialsFromEnv": "WRONG_CREDS"}, false},
 	// malformed subscriptionSize
 	{nil, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "AA", "credentialsFromEnv": "SAMPLE_CREDS"}, true},
-	// // Credentials from AuthParams
+	// Credentials from AuthParams
 	{map[string]string{"GoogleApplicationCredentials": "Creds", "podIdentityOwner": ""}, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7"}, false},
-	// // Credentials from AuthParams with empty creds
+	// Credentials from AuthParams with empty creds
 	{map[string]string{"GoogleApplicationCredentials": "", "podIdentityOwner": ""}, map[string]string{"subscriptionName": "mysubscription", "subscriptionSize": "7"}, true},
 }