GoogleAuthFilter authorisation does not work for authorising cloud function endpoints

[c0d3-k1ra]

Description

According to google service to service authorisation, the metadata/instance endpoint can be queried to get auth token.

While it works for other resources on GCP, it does not work when we need to get auth for a cloud function.

Reason for this is that GoogleAuthFilter sends, only host name as audience in metadata/instance url, however for a cloud function, the audience should be {hostName/functionName},

Since, functionName is treated as path, following eliminates that and the token doesn't work.

String receivingURI = fullURI.getScheme() + "://" + fullURI.getHost(); this eliminates the path

A doc is available here, that explains the same.

Task List

• [x] Steps to reproduce provided
• [ ] Stacktrace (if present) provided
• [x] Example that reproduces the problem uploaded to Github
• [x] Full description of the issue provided (see below)

Steps to Reproduce

1. Add micronaut-gcp-http-client
2. Set the patterns for cloud functions
3. Results in forbidden error.

Expected Behaviour

Should be able to get the token for a cloud function as audience.

Actual Behaviour

Doesn't consider ans includes function name in the URL while querying the token for AUDIENCE.

Environment Information

• Operating System:
• Micronaut Version: 2.0.0
• JDK Version: Java 11

Example Application

• Can be created from https://micronaut-projects.github.io/micronaut-gcp/latest/guide/index.html#authorizingClients

[graemerocher]

@c0d3-k1ra seems you have diagnosed the problem, would you be interested in sending a PR to help resolve the issue?

[t-gebauer]

Solution/workaround: https://github.com/micronaut-projects/micronaut-gcp/pull/693