in src/envoy/http/service_control/service_control_call_impl.cc [56:102]
void ServiceControlCallImpl::createIamTokenSub() {
switch (filter_config_.iam_token().access_token().token_type_case()) {
case AccessToken::kRemoteToken: {
const std::string& cluster =
filter_config_.iam_token().access_token().remote_token().cluster();
const std::string& uri =
filter_config_.iam_token().access_token().remote_token().uri();
const std::chrono::seconds fetch_timeout(TimeUtil::DurationToSeconds(
filter_config_.iam_token().access_token().remote_token().timeout()));
const DependencyErrorBehavior error_behavior =
filter_config_.dep_error_behavior();
access_token_sub_ = token_subscriber_factory_.createImdsTokenSubscriber(
TokenType::AccessToken, cluster, uri, fetch_timeout, error_behavior,
[this](absl::string_view access_token) {
access_token_for_iam_ = std::string(access_token);
});
break;
}
default: {
throw Envoy::EnvoyException(
"Not support getting access token for iam server by "
"service account file");
}
}
const std::string& token_cluster =
filter_config_.iam_token().iam_uri().cluster();
const std::string& token_uri = filter_config_.iam_token().iam_uri().uri();
const std::chrono::seconds fetch_timeout(TimeUtil::DurationToSeconds(
filter_config_.iam_token().iam_uri().timeout()));
const DependencyErrorBehavior error_behavior =
filter_config_.dep_error_behavior();
::google::protobuf::RepeatedPtrField<std::string> scopes;
scopes.Add(kServiceControlScope);
iam_token_sub_ = token_subscriber_factory_.createIamTokenSubscriber(
TokenType::AccessToken, token_cluster, token_uri, fetch_timeout,
error_behavior,
[this](absl::string_view token) {
TokenSharedPtr new_token = std::make_shared<std::string>(token);
tls_.runOnAllThreads(
[new_token](Envoy::OptRef<ThreadLocalCache> object) {
object->set_sc_token(new_token);
object->set_quota_token(new_token);
});
},
filter_config_.iam_token().delegates(), scopes,
[this]() { return access_token_for_iam_; });
}