From c765967cfb738f9447b7e5a4f9b9479b10be33a1 Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Wed, 16 Oct 2024 18:49:43 +0200 Subject: [PATCH 1/5] Update _metadata.py --- google/auth/compute_engine/_metadata.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/google/auth/compute_engine/_metadata.py b/google/auth/compute_engine/_metadata.py index b66d9f9b3..1ba83ad3b 100644 --- a/google/auth/compute_engine/_metadata.py +++ b/google/auth/compute_engine/_metadata.py @@ -75,6 +75,9 @@ def is_on_gce(request): Returns: bool: True if the code runs on Google Compute Engine, False otherwise. """ + if os.getenv(environment_vars.NO_GCE_CHECK) != "true": + return False + if ping(request): return True From fdc1a6fcc72c8342fd422643fe560fa5bb66941f Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Wed, 16 Oct 2024 18:52:43 +0200 Subject: [PATCH 2/5] Update environment_vars.py --- google/auth/environment_vars.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/google/auth/environment_vars.py b/google/auth/environment_vars.py index 81f31571e..376a8088b 100644 --- a/google/auth/environment_vars.py +++ b/google/auth/environment_vars.py @@ -60,6 +60,12 @@ """Environment variable providing an alternate ip:port to be used for ip-only GCE metadata requests.""" +NO_GCE_CHECK = "NO_GCE_CHECK" +"""Environment variable controlling whether to check if running on GCE or not. + +The default value is false. Users have to explicitly set this value to true +in order to disable the GCE check.""" + GOOGLE_API_USE_CLIENT_CERTIFICATE = "GOOGLE_API_USE_CLIENT_CERTIFICATE" """Environment variable controlling whether to use client certificate or not. From 8e70fb60bc26baf51adb3d40026773a46b8bbe3e Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Thu, 17 Oct 2024 05:14:20 +0200 Subject: [PATCH 3/5] Update test__metadata.py --- tests/compute_engine/test__metadata.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/compute_engine/test__metadata.py b/tests/compute_engine/test__metadata.py index f49886d71..87f34f575 100644 --- a/tests/compute_engine/test__metadata.py +++ b/tests/compute_engine/test__metadata.py @@ -83,6 +83,20 @@ def test_is_on_gce_ping_success(): assert _metadata.is_on_gce(request) +def test_is_on_gce_no_gce_check(): + request = make_request("", headers=_metadata._METADATA_HEADERS) + + os.environ[environment_vars.NO_GCE_CHECK] = "true" + importlib.reload(_metadata) + + try: + assert not _metadata.is_on_gce(request) + assert request.call_count == 0 + finally: + del os.environ[environment_vars.NO_GCE_CHECK] + importlib.reload(_metadata) + + @mock.patch("os.name", new="nt") def test_is_on_gce_windows_success(): request = make_request("", headers={_metadata._METADATA_FLAVOR_HEADER: "meep"}) From 5b974dfe5566bb1dcee696037a0f3c946d2f658c Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Thu, 17 Oct 2024 05:17:23 +0200 Subject: [PATCH 4/5] Update _metadata.py --- google/auth/compute_engine/_metadata.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/google/auth/compute_engine/_metadata.py b/google/auth/compute_engine/_metadata.py index 1ba83ad3b..5ee9d7076 100644 --- a/google/auth/compute_engine/_metadata.py +++ b/google/auth/compute_engine/_metadata.py @@ -60,6 +60,10 @@ except ValueError: # pragma: NO COVER _METADATA_DEFAULT_TIMEOUT = 3 +# This is used to disable checking for the GCE metadata server and directly +# assuming it's not available. +_NO_GCE_CHECK = os.getenv(environment_vars.NO_GCE_CHECK) != "true" + # Detect GCE Residency _GOOGLE = "Google" _GCE_PRODUCT_NAME_FILE = "/sys/class/dmi/id/product_name" @@ -75,7 +79,7 @@ def is_on_gce(request): Returns: bool: True if the code runs on Google Compute Engine, False otherwise. """ - if os.getenv(environment_vars.NO_GCE_CHECK) != "true": + if _NO_GCE_CHECK: return False if ping(request): From 4b73018e685bd6b854c4f8e88636261ec53fc537 Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Thu, 17 Oct 2024 06:01:42 +0200 Subject: [PATCH 5/5] Update _metadata.py --- google/auth/compute_engine/_metadata.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/compute_engine/_metadata.py b/google/auth/compute_engine/_metadata.py index 5ee9d7076..80001b623 100644 --- a/google/auth/compute_engine/_metadata.py +++ b/google/auth/compute_engine/_metadata.py @@ -62,7 +62,7 @@ # This is used to disable checking for the GCE metadata server and directly # assuming it's not available. -_NO_GCE_CHECK = os.getenv(environment_vars.NO_GCE_CHECK) != "true" +_NO_GCE_CHECK = os.getenv(environment_vars.NO_GCE_CHECK) == "true" # Detect GCE Residency _GOOGLE = "Google"