func()

in auth/auth.go [73:100]

• 25 lines of code
• 8 McCabe index (conditional complexity)

func (c *Client) TokenSource(ctx context.Context, cfg *config.MountConfig) (oauth2.TokenSource, error) {
	allowSecretRef, err := vars.AllowNodepublishSeretRef.GetBooleanValue()
	if err != nil {
		klog.ErrorS(err, "failed to get ALLOW_NODE_PUBLISH_SECRET flag")
		klog.Fatal("failed to get ALLOW_NODE_PUBLISH_SECRET flag")
	}
	if cfg.AuthNodePublishSecret && allowSecretRef {
		creds, err := google.CredentialsFromJSON(ctx, cfg.AuthKubeSecret, cloudScope)
		if err != nil {
			return nil, fmt.Errorf("unable to generate credentials from key.json: %w", err)
		}
		return creds.TokenSource, nil
	}

	if cfg.AuthProviderADC {
		return google.DefaultTokenSource(ctx, cloudScope)
	}

	if cfg.AuthPodADC {
		token, err := c.Token(ctx, cfg)
		if err != nil {
			return nil, fmt.Errorf("unable to obtain workload identity auth: %v", err)
		}
		return oauth2.StaticTokenSource(token), nil
	}

	return nil, errors.New("mount configuration has no auth method configured")
}