Skip to content

Commit cdaf6a6

Browse files
rocksporerockspore
authored
fix(storage): add env var to allow disabling bound token (#13236)
Inspired by #13153. The token issuing side is still behind so hopefully it's not too late to add this knob out of extra caution. Users will be able to use it to turn off this flow if anything goes wrong. @tritone Sorry for not doing this sooner. Would you mind taking a look?
1 parent 5a0a8a8 commit cdaf6a6

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

storage/grpc_client.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import (
2323
"io"
2424
"log"
2525
"os"
26+
"strconv"
2627
"sync"
2728

2829
"cloud.google.com/go/iam/apiv1/iampb"
@@ -101,8 +102,10 @@ func defaultGRPCOptions() []option.ClientOption {
101102
defaults = append(defaults,
102103
internaloption.AllowNonDefaultServiceAccount(true),
103104
internaloption.EnableDirectPath(true),
104-
internaloption.EnableDirectPathXds(),
105-
internaloption.AllowHardBoundTokens("ALTS"))
105+
internaloption.EnableDirectPathXds())
106+
if disableBoundToken, _ := strconv.ParseBool(os.Getenv("STORAGE_DISABLE_DIRECTPATH_BOUND_TOKEN")); !disableBoundToken {
107+
defaults = append(defaults, internaloption.AllowHardBoundTokens("ALTS"))
108+
}
106109
}
107110

108111
return defaults

0 commit comments

Comments
 (0)