TLS config fix

gcloud-sdk/Cargo.toml

@@ -424,7 +424,7 @@ google-rest-dns-v1 = ["rest"]
 google-rest-compute-v1 = ["rest"]
 
 [dependencies]
-tonic = { version = "0.12", features = ["tls"] }
+tonic = { version = "0.12", features = ["tls", "channel", "prost"] }
 tower = "0.4"
 tower-layer = "0.3"
 tower-util = "0.3"
@@ -454,4 +454,4 @@ tag-prefix=""
 
 [package.metadata.docs.rs]
 all-features = false
-features = ["rest", "tls-roots", "tls-webpki-roots"]
+features = ["rest", "tls-roots"]

gcloud-sdk/src/api_client.rs

@@ -48,12 +48,6 @@ where
             token_scopes
         );
 
-        #[cfg(any(feature = "tls-roots", feature = "tls-webpki-roots"))]
-        let channel =
-            GoogleEnvironment::init_google_services_channel_with_native_roots(google_api_url)
-                .await?;
-
-        #[cfg(not(any(feature = "tls-roots", feature = "tls-webpki-roots")))]
         let channel = GoogleEnvironment::init_google_services_channel(google_api_url).await?;
 
         let token_generator =
@@ -206,6 +200,7 @@ impl GoogleEnvironment {
             .await?)
     }
 
+    #[cfg(not(any(feature = "tls-roots", feature = "tls-webpki-roots")))]
     pub fn init_google_services_channel_tls_config(
         domain_name: String,
     ) -> tonic::transport::ClientTlsConfig {
@@ -216,18 +211,24 @@ impl GoogleEnvironment {
             .domain_name(domain_name)
     }
 
-    #[cfg(any(feature = "tls-roots", feature = "tls-webpki-roots"))]
-    pub async fn init_google_services_channel_with_native_roots<S: AsRef<str>>(
-        api_url: S,
-    ) -> Result<Channel, crate::error::Error> {
-        Ok(Channel::from_shared(api_url.as_ref().to_string())?
-            .connect_timeout(Duration::from_secs(30))
-            .tcp_keepalive(Some(Duration::from_secs(60)))
-            .keep_alive_timeout(Duration::from_secs(60))
-            .http2_keep_alive_interval(Duration::from_secs(60))
-            .keep_alive_while_idle(true)
-            .connect()
-            .await?)
+    #[cfg(feature = "tls-roots")]
+    #[cfg(not(feature = "tls-webpki-roots"))]
+    pub fn init_google_services_channel_tls_config(
+        domain_name: String,
+    ) -> tonic::transport::ClientTlsConfig {
+        tonic::transport::ClientTlsConfig::new()
+            .with_native_roots()
+            .domain_name(domain_name)
+    }
+
+    #[cfg(feature = "tls-webpki-roots")]
+    #[cfg(not(feature = "tls-roots"))]
+    pub fn init_google_services_channel_tls_config(
+        domain_name: String,
+    ) -> tonic::transport::ClientTlsConfig {
+        tonic::transport::ClientTlsConfig::new()
+            .with_webpki_roots()
+            .domain_name(domain_name)
     }
 }
 

gcloud-sdk/src/proto_ext/kms.rs

@@ -1,5 +1,5 @@
-use bytes::{Buf, BufMut};
 use crate::google::cloud::kms::v1::ProtectionLevel;
+use bytes::{Buf, BufMut};
 use secret_vault_value::SecretValue;
 
 #[derive(Clone, PartialEq, Debug, Default)]

gcloud-sdk/src/rest_apis/rest_api_client.rs

@@ -19,8 +19,8 @@ impl GoogleRestApi {
         token_source_type: TokenSourceType,
         token_scopes: Vec<String>,
     ) -> crate::error::Result<Self> {
-        Self::with_client_token_source(reqwest::Client::new(), token_source_type, token_scopes)
-            .await
+        let client = reqwest::Client::new();
+        Self::with_client_token_source(client, token_source_type, token_scopes).await
     }
 
     pub async fn with_client_token_source(

gcloud-sdk/src/token_source/metadata.rs

@@ -42,7 +42,7 @@ impl Metadata {
     }
 
     pub async fn detect_google_project_id(&self) -> Option<String> {
-        match PathAndQuery::from_str("project/project-id") {
+        match PathAndQuery::from_str("/computeMetadata/v1/project/project-id") {
             Ok(url) if self.client.is_available() => {
                 trace!("Receiving Project ID token from Metadata Server");
                 self.client