fix: gRPC auth logging enabled by "auth" (#12702)

dbolduc · web-flow · commit 3859905ead8d · 2023-09-26T11:23:06.000-04:00
diff --git a/google/cloud/internal/minimal_iam_credentials_stub.cc b/google/cloud/internal/minimal_iam_credentials_stub.cc
@@ -203,7 +203,8 @@ class AsyncAccessTokenGeneratorTracing : public MinimalIamCredentialsStub {
 std::shared_ptr<MinimalIamCredentialsStub> DecorateMinimalIamCredentialsStub(
     std::shared_ptr<MinimalIamCredentialsStub> impl, Options const& options) {
   impl = std::make_shared<AsyncAccessTokenGeneratorMetadata>(std::move(impl));
-  if (Contains(options.get<TracingComponentsOption>(), "rpc")) {
+  auto const& components = options.get<TracingComponentsOption>();
+  if (Contains(components, "auth") || Contains(components, "rpc")) {
     impl = std::make_shared<AsyncAccessTokenGeneratorLogging>(
         std::move(impl), options.get<GrpcTracingOptionsOption>());
   }
diff --git a/google/cloud/internal/minimal_iam_credentials_stub_test.cc b/google/cloud/internal/minimal_iam_credentials_stub_test.cc
@@ -43,6 +43,7 @@ using ::google::iam::credentials::v1::SignBlobRequest;
 using ::google::iam::credentials::v1::SignBlobResponse;
 using ::testing::Contains;
 using ::testing::HasSubstr;
+using ::testing::Not;
 using ::testing::Return;
 
 class MinimalIamCredentialsStubTest : public ::testing::Test {
@@ -72,7 +73,7 @@ TEST_F(MinimalIamCredentialsStubTest, AsyncGenerateAccessTokenLogging) {
       });
   auto stub = DecorateMinimalIamCredentialsStub(
       mock, Options{}
-                .set<TracingComponentsOption>({"rpc"})
+                .set<TracingComponentsOption>({"auth"})
                 .set<GrpcTracingOptionsOption>(
                     TracingOptions{}.SetOptions("single_line_mode")));
   GenerateAccessTokenRequest request;
@@ -116,7 +117,7 @@ TEST_F(MinimalIamCredentialsStubTest, SignBlobLogging) {
   EXPECT_CALL(*mock, SignBlob).WillOnce(Return(expected));
   auto stub = DecorateMinimalIamCredentialsStub(
       mock, Options{}
-                .set<TracingComponentsOption>({"rpc"})
+                .set<TracingComponentsOption>({"auth"})
                 .set<GrpcTracingOptionsOption>(
                     TracingOptions{}.SetOptions("single_line_mode")));
   SignBlobRequest request;
@@ -187,6 +188,36 @@ TEST_F(MinimalIamCredentialsStubTest, AsyncGenerateAccessTokenMetadata) {
   EXPECT_THAT(lines, Not(Contains(HasSubstr("AsyncGenerateAccessToken"))));
 }
 
+TEST_F(MinimalIamCredentialsStubTest, LoggingComponentNames) {
+  struct TestCase {
+    std::set<std::string> components;
+    bool enabled;
+  };
+  // Note that "rpc" enables logging of this component for backwards
+  // compatibility reasons.
+  std::vector<TestCase> cases = {
+      {{"auth"}, true},
+      {{"rpc"}, true},
+      {{"auth", "rpc"}, true},
+      {{"rest"}, false},
+  };
+
+  for (auto const& c : cases) {
+    auto mock = std::make_shared<MockMinimalIamCredentialsStub>();
+    EXPECT_CALL(*mock, SignBlob).WillOnce(Return(SignBlobResponse{}));
+    auto stub = DecorateMinimalIamCredentialsStub(
+        mock, Options{}.set<TracingComponentsOption>(c.components));
+    grpc::ClientContext context;
+    (void)stub->SignBlob(context, SignBlobRequest{});
+    auto const lines = log_.ExtractLines();
+    if (c.enabled) {
+      EXPECT_THAT(lines, Contains(HasSubstr("SignBlob")));
+    } else {
+      EXPECT_THAT(lines, Not(Contains(HasSubstr("SignBlob"))));
+    }
+  }
+}
+
 #ifdef GOOGLE_CLOUD_CPP_HAVE_OPENTELEMETRY
 using ::google::cloud::testing_util::DisableTracing;
 using ::google::cloud::testing_util::EnableTracing;
