googleapis
feat(auth): configure ALTS bound tokens in Options's validate()
This is a different approach compared with #11665. The unexported field altsCredentials will be resolved during the validate() at most one time and used in subsequent dial() calls.
@quartzmo Could you PTAL at this? If this approach makes more sense to you, I feel we should do the same thing for the existing DetectDefault call especially with the introduction of MTLS_S2A feature. Let me know if there are any caveats I am missing here. Thanks.
@rockspore Thank you for exploring the problems I raised in #11665. I think this PR suggests a good beginning for a larger cleanup of grpctransport. I would continue it as follows:
- Figure out why
DetectDefaultis potentially repeatedly called indialinstead of just once inDial. - An instance of
grpctransport.Optionsshould be considered mutable until itsresolveDetectOptionsmethod is called. After that, it should be considered an immutable record of the configuration that produced thecredentials.DetectOptions. (This options object is subsequently used to callDetectDefault.) - If another call to
DetectDefaultis needed, with a modified configuration, a newgrpctransport.Optionsmust be created. It can be a copy of the original. Its usage should also follow 2. above. - Move all mutation of
grpctransport.Optionsas well as all calls toDetectDefaultout ofdialand intoDial. This will improve efficiency as well as the readability ofdial. - Move the resolution of
auth.Credentialsout ofdialand intoDial.
I think that these changes go far beyond your changes in #11665, which at the moment are consistent with the current design as well as nicely encapsulated in the configureDirectPath func. At this point, I feel we should merge #11665, as there is nothing in it that cannot be changed within the plan sketched out above. Also, I don't want step 1. above to delay you.
I'd like to keep this PR open until it can be expanded or replaced. However, I am converting it to a Draft since it is incomplete.