fix: using proxy options for generating auth token (#1402)

sachinpro · web-flow · commit 6eb00910f148 · 2026-02-03T16:26:09.000+05:30
diff --git a/google/cloud/odbc/bq_client_interface/odbc_authentication.cc b/google/cloud/odbc/bq_client_interface/odbc_authentication.cc
@@ -35,7 +35,7 @@ auto const kSelfSignedJwtEnvVar =
     "GOOGLE_CLOUD_CPP_EXPERIMENTAL_DISABLE_SELF_SIGNED_JWT";
 
 StatusRecordOr<std::shared_ptr<Credentials>> CreateServiceCredentials(
-    std::string const& credentials_file_path) {
+    std::string const& credentials_file_path, Options const& options) {
   if (credentials_file_path.empty()) {
     LOG(ERROR)
         << "CreateServiceCredentials:: The path to the file can't be empty";
@@ -73,19 +73,19 @@ StatusRecordOr<std::shared_ptr<Credentials>> CreateServiceCredentials(
             credentials_file_path};
   }
 
-  return ::google::cloud::MakeServiceAccountCredentials(contents);
+  return ::google::cloud::MakeServiceAccountCredentials(contents, options);
 }
 
 StatusRecordOr<std::shared_ptr<Credentials>>
-CreateApplicationDefaultCredentials() {
+CreateApplicationDefaultCredentials(Options const& options) {
   // C++ client library in google-cloud-cpp first checks
   // GOOGLE_APPLICATION_CREDENTIALS env var and use it if it's present. Then it
   // looks for a 'default' location of the file with credentials.
-  return ::google::cloud::MakeGoogleDefaultCredentials();
+  return ::google::cloud::MakeGoogleDefaultCredentials(options);
 }
 
 StatusRecordOr<std::shared_ptr<Credentials>> CreateExternalAuthCredentialsJSON(
-    std::string const& credentials_file_path) {
+    std::string const& credentials_file_path, Options const& options) {
   if (credentials_file_path.empty()) {
     LOG(ERROR) << "CreateExternalAuthCredentialsJSON:: The path to the "
                   "external auth JSON file can't be empty";
@@ -117,7 +117,7 @@ StatusRecordOr<std::shared_ptr<Credentials>> CreateExternalAuthCredentialsJSON(
             credentials_file_path};
   }
 
-  return ::google::cloud::MakeExternalAccountCredentials(contents);
+  return ::google::cloud::MakeExternalAccountCredentials(contents, options);
 }
 
 StatusRecordOr<nlohmann::json> CreateJsonCredsObject(
@@ -140,7 +140,8 @@ StatusRecordOr<nlohmann::json> CreateJsonCredsObject(
 }
 
 StatusRecordOr<std::shared_ptr<Credentials>>
-CreateExternalAccountAuthenticationBYOID(Oauth const& oauth) {
+CreateExternalAccountAuthenticationBYOID(Oauth const& oauth,
+                                         Options const& options) {
   if (!IsBYOIDPropsSet(oauth)) {
     LOG(ERROR)
         << "CreateExternalAccountAuthenticationBYOID:: Unable to create "
@@ -158,23 +159,25 @@ CreateExternalAccountAuthenticationBYOID(Oauth const& oauth) {
         << json_creds.GetStatusRecord().message;
     return json_creds.GetStatusRecord();
   }
-  return ::google::cloud::MakeExternalAccountCredentials((*json_creds).dump());
+  return ::google::cloud::MakeExternalAccountCredentials((*json_creds).dump(),
+                                                         options);
 }
 
 StatusRecordOr<std::shared_ptr<Credentials>> CreateCredentials(
-    Oauth const& oauth) {
+    Oauth const& oauth, Options const& options) {
   switch (oauth.auth_mechanism) {
     case OauthMechanism::kServiceAndUserAccount:
-      return CreateServiceCredentials(oauth.credentials_file_path);
+      return CreateServiceCredentials(oauth.credentials_file_path, options);
     case OauthMechanism::kApplicationDefault:
-      return CreateApplicationDefaultCredentials();
+      return CreateApplicationDefaultCredentials(options);
     case OauthMechanism::kExternalUser: {
       if (!IsBYOIDPropsSet(oauth)) {
         // Call creation of external auth via JSON file
-        return CreateExternalAuthCredentialsJSON(oauth.credentials_file_path);
+        return CreateExternalAuthCredentialsJSON(oauth.credentials_file_path,
+                                                 options);
       }
       // Call creation of external auth via BYOID properties.
-      return CreateExternalAccountAuthenticationBYOID(oauth);
+      return CreateExternalAccountAuthenticationBYOID(oauth, options);
     }
   }
   LOG(ERROR) << "CreateCredentials:: OauthMechanism enum is invalid";
diff --git a/google/cloud/odbc/bq_client_interface/odbc_authentication.h b/google/cloud/odbc/bq_client_interface/odbc_authentication.h
@@ -95,7 +95,8 @@ inline bool IsBYOIDPropsSet(Oauth const& oauth) {
 
 /// Creates an object of UnifiedCredentials depending on the input arguments.
 odbc_internal::StatusRecordOr<std::shared_ptr<Credentials>> CreateCredentials(
-    Oauth const& oauth);
+    Oauth const& oauth,
+    ::google::cloud::Options const& options = ::google::cloud::Options{});
 
 /// Creates OAuth2 access_token
 odbc_internal::StatusRecordOr<AccessToken> GetOAuth2Token(
diff --git a/google/cloud/odbc/bq_client_interface/odbc_bq_client.cc b/google/cloud/odbc/bq_client_interface/odbc_bq_client.cc
@@ -79,23 +79,10 @@ google::cloud::ProxyConfig CreateProxyConfig(std::string hostname,
 
 StatusRecordOr<std::shared_ptr<ODBCBQClient>> ODBCBQClient::CreateBQClient(
     Oauth const& oauth) {
-  StatusRecordOr<std::shared_ptr<Credentials>> credentials =
-      CreateCredentials(oauth);
-  if (!credentials) {
-    LOG(ERROR) << "CreateBQClient::CreateCredentials:: "
-               << credentials.GetStatusRecord().message;
-    return credentials.GetStatusRecord();
-  }
-
-  Options options =
-      google::cloud::Options{}.set<google::cloud::UnifiedCredentialsOption>(
-          *credentials);
-
-  std::string pem_file = oauth.ssl_credentials.pem_root_certs;
-  if (!pem_file.empty()) {
-    options.set<google::cloud::CARootsFilePathOption>(pem_file);
-  }
+  // 1. Initialize Options and set Proxy/SSL settings FIRST
+  google::cloud::Options options;
 
+  // Set Proxy
   options.set<google::cloud::ProxyOption>(
       ProxyConfig()
           .set_hostname(oauth.proxy_options.hostname)
@@ -104,9 +91,24 @@ StatusRecordOr<std::shared_ptr<ODBCBQClient>> ODBCBQClient::CreateBQClient(
           .set_password(oauth.proxy_options.password)
           .set_scheme("http"));
 
+  std::string pem_file = oauth.ssl_credentials.pem_root_certs;
+  if (!pem_file.empty()) {
+    options.set<google::cloud::CARootsFilePathOption>(pem_file);
+  }
+
   options.set<google::cloud::UserAgentProductsOption>(
       {"Google-Bigquery-ODBC/" + std::string(DRIVER_VERSION)});
 
+  StatusRecordOr<std::shared_ptr<Credentials>> credentials =
+      CreateCredentials(oauth, options);
+  if (!credentials) {
+    LOG(ERROR) << "CreateBQClient::CreateCredentials:: "
+               << credentials.GetStatusRecord().message;
+    return credentials.GetStatusRecord();
+  }
+
+  options.set<google::cloud::UnifiedCredentialsOption>(*credentials);
+
   if (oauth.tpc.enable_tpc && oauth.tpc.universe_domain != "googleapis.com") {
     options.set<google::cloud::internal::UniverseDomainOption>(
         oauth.tpc.universe_domain);
