transport/http: Temporarily disable ADC for DCA
Currently, many services including compute, storage, and bigquery do not have working mTLS endpoints, so we will disable the ADC for DCA logic until we can confirm that all services have working mTLS endpoints.
See Google internal bug: b/153088385
Change-Id: I4bd023e67cd5bf9abf218a380b50d6e0bf090723
Reviewed-on: https://code-review.googlesource.com/c/google-api-go-client/+/54232
Reviewed-by: Chris Broadfoot <cbro@google.com>
diff --git a/transport/http/dial.go b/transport/http/dial.go
index d0dcc75..4848698 100644
--- a/transport/http/dial.go
+++ b/transport/http/dial.go
@@ -202,10 +202,19 @@
// We would like to avoid introducing client-side logic that parses whether the
// endpoint override is an mTLS url, since the url pattern may change at anytime.
func getClientCertificateSource(settings *internal.DialSettings) (cert.Source, error) {
- if settings.ClientCertSource != nil {
- return settings.ClientCertSource, nil
- }
- return cert.DefaultSource()
+ return settings.ClientCertSource, nil
+ // TODO(andyzhao): Currently, many services including compute, storage, and bigquery
+ // do not have working mTLS endpoints, so we will disable the ADC for DCA logic
+ // until we can confirm that all services have working mTLS endpoints.
+ /*
+ if settings.HTTPClient != nil {
+ return nil, nil // HTTPClient is incompatible with ClientCertificateSource
+ } else if settings.ClientCertSource != nil {
+ return settings.ClientCertSource, nil
+ } else {
+ return cert.DefaultSoure()
+ }
+ */
}
// getEndpoint returns the endpoint for the service, taking into account the
