Merge branch 'main' into renovate/kelvinmo-simplejwt-0.x

googleapis · Aug 23, 2023 · 85700db · 85700db
2 parents 29f84e3 + be5b162
commit 85700db
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
  * [feat]: add support for Firebase v6.0 (#391)
 
+## [1.29.0](https://github.com/googleapis/google-auth-library-php/compare/v1.28.0...v1.29.0) (2023-08-22)
+
+
+### Features
+
+* Check unix residency for gce when ping fails ([#469](https://github.com/googleapis/google-auth-library-php/issues/469)) ([3c672f9](https://github.com/googleapis/google-auth-library-php/commit/3c672f9aff61529f4af836558caa50fa29fb9447))
+
 ## [1.28.0](https://github.com/googleapis/google-auth-library-php/compare/v1.27.0...v1.28.0) (2023-05-11)
 
 

diff --git a/src/Credentials/GCECredentials.php b/src/Credentials/GCECredentials.php
@@ -100,6 +100,11 @@ class GCECredentials extends CredentialsLoader implements
      */
     const FLAVOR_HEADER = 'Metadata-Flavor';
 
+    /**
+     * The Linux file which contains the product name.
+     */
+    private const GKE_PRODUCT_NAME_FILE = '/sys/class/dmi/id/product_name';
+
     /**
      * Note: the explicit `timeout` and `tries` below is a workaround. The underlying
      * issue is that resolving an unknown host on some networks will take
@@ -340,6 +345,22 @@ public static function onGce(callable $httpHandler = null)
             } catch (ConnectException $e) {
             }
         }
+
+        if (PHP_OS === 'Windows') {
+            // @TODO: implement GCE residency detection on Windows
+            return false;
+        }
+
+        // Detect GCE residency on Linux
+        return self::detectResidencyLinux(self::GKE_PRODUCT_NAME_FILE);
+    }
+
+    private static function detectResidencyLinux(string $productNameFile): bool
+    {
+        if (file_exists($productNameFile)) {
+            $productName = trim((string) file_get_contents($productNameFile));
+            return 0 === strpos($productName, 'Google');
+        }
         return false;
     }
 

diff --git a/tests/Credentials/GCECredentialsTest.php b/tests/Credentials/GCECredentialsTest.php
@@ -73,6 +73,38 @@ public function testOnGCEIsFalseOnServerErrorStatus()
         $this->assertFalse(GCECredentials::onGCE($httpHandler));
     }
 
+    public function testCheckProductNameFile()
+    {
+        $tmpFile = tempnam(sys_get_temp_dir(), 'gce-test-product-name');
+
+        $method = (new \ReflectionClass(GCECredentials::class))
+            ->getMethod('detectResidencyLinux');
+        $method->setAccessible(true);
+
+        $this->assertFalse($method->invoke(null, '/nonexistant/file'));
+
+        file_put_contents($tmpFile, 'Google');
+        $this->assertTrue($method->invoke(null, $tmpFile));
+
+        file_put_contents($tmpFile, 'Not Google');
+        $this->assertFalse($method->invoke(null, $tmpFile));
+    }
+
+    public function testOnGceWithResidency()
+    {
+        if (!GCECredentials::onGCE()) {
+            $this->markTestSkipped('This test only works while running on GCE');
+        }
+
+        // If calling metadata server fails, this will check the residency file.
+        $httpHandler = function () {
+            // Mock an exception, such as a ping timeout
+            throw $this->prophesize(ClientException::class)->reveal();
+        };
+
+        $this->assertTrue(GCECredentials::onGCE($httpHandler));
+    }
+
     public function testOnGCEIsFalseOnOkStatusWithoutExpectedHeader()
     {
         $httpHandler = getHandler([