telegraf/plugins/outputs/http/http.go

//go:generate ../../../tools/readme_config_includer/generator
package http

import (
	"bufio"
	"bytes"
	"context"
	"crypto/sha256"
	_ "embed"
	"fmt"
	"io"
	"net/http"
	"strings"
	"time"

	awsV2 "github.com/aws/aws-sdk-go-v2/aws"
	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"

	"github.com/influxdata/telegraf"
	"github.com/influxdata/telegraf/config"
	"github.com/influxdata/telegraf/internal"
	internalaws "github.com/influxdata/telegraf/plugins/common/aws"
	httpconfig "github.com/influxdata/telegraf/plugins/common/http"
	"github.com/influxdata/telegraf/plugins/outputs"
	"github.com/influxdata/telegraf/plugins/serializers"
	"golang.org/x/oauth2"
	"google.golang.org/api/idtoken"
)

//go:embed sample.conf
var sampleConfig string

const (
	maxErrMsgLen = 1024
	defaultURL   = "http://127.0.0.1:8080/telegraf"
)

const (
	defaultContentType    = "text/plain; charset=utf-8"
	defaultMethod         = http.MethodPost
	defaultUseBatchFormat = true
)

type HTTP struct {
	URL                     string            `toml:"url"`
	Method                  string            `toml:"method"`
	Username                config.Secret     `toml:"username"`
	Password                config.Secret     `toml:"password"`
	Headers                 map[string]string `toml:"headers"`
	ContentEncoding         string            `toml:"content_encoding"`
	UseBatchFormat          bool              `toml:"use_batch_format"`
	AwsService              string            `toml:"aws_service"`
	NonRetryableStatusCodes []int             `toml:"non_retryable_statuscodes"`
	httpconfig.HTTPClientConfig
	Log telegraf.Logger `toml:"-"`

	client     *http.Client
	serializer serializers.Serializer

	awsCfg *awsV2.Config
	internalaws.CredentialConfig

	// Google API Auth
	CredentialsFile string `toml:"google_application_credentials"`
	oauth2Token     *oauth2.Token
}

func (*HTTP) SampleConfig() string {
	return sampleConfig
}

func (h *HTTP) SetSerializer(serializer serializers.Serializer) {
	h.serializer = serializer
}

func (h *HTTP) Connect() error {
	if h.AwsService != "" {
		cfg, err := h.CredentialConfig.Credentials()
		if err == nil {
			h.awsCfg = &cfg
		}
	}

	if h.Method == "" {
		h.Method = http.MethodPost
	}
	h.Method = strings.ToUpper(h.Method)
	if h.Method != http.MethodPost && h.Method != http.MethodPut {
		return fmt.Errorf("invalid method [%s] %s", h.URL, h.Method)
	}

	ctx := context.Background()
	client, err := h.HTTPClientConfig.CreateClient(ctx, h.Log)
	if err != nil {
		return err
	}

	h.client = client

	return nil
}

func (h *HTTP) Close() error {
	return nil
}

func (h *HTTP) Write(metrics []telegraf.Metric) error {
	var reqBody []byte

	if h.UseBatchFormat {
		var err error
		reqBody, err = h.serializer.SerializeBatch(metrics)
		if err != nil {
			return err
		}

		return h.writeMetric(reqBody)
	}

	for _, metric := range metrics {
		var err error
		reqBody, err = h.serializer.Serialize(metric)
		if err != nil {
			return err
		}

		if err := h.writeMetric(reqBody); err != nil {
			return err
		}
	}
	return nil
}

func (h *HTTP) writeMetric(reqBody []byte) error {
	var reqBodyBuffer io.Reader = bytes.NewBuffer(reqBody)

	var err error
	if h.ContentEncoding == "gzip" {
		rc := internal.CompressWithGzip(reqBodyBuffer)
		defer rc.Close()
		reqBodyBuffer = rc
	}

	var payloadHash *string
	if h.awsCfg != nil {
		// We need a local copy of the full buffer, the signature scheme requires a sha256 of the request body.
		buf := new(bytes.Buffer)
		_, err = io.Copy(buf, reqBodyBuffer)
		if err != nil {
			return err
		}

		sum := sha256.Sum256(buf.Bytes())
		reqBodyBuffer = buf

		// sha256 is hex encoded
		hash := fmt.Sprintf("%x", sum)
		payloadHash = &hash
	}

	req, err := http.NewRequest(h.Method, h.URL, reqBodyBuffer)
	if err != nil {
		return err
	}

	if h.awsCfg != nil {
		signer := v4.NewSigner()
		ctx := context.Background()

		credentials, err := h.awsCfg.Credentials.Retrieve(ctx)
		if err != nil {
			return err
		}

		err = signer.SignHTTP(ctx, credentials, req, *payloadHash, h.AwsService, h.Region, time.Now().UTC())
		if err != nil {
			return err
		}
	}

	if !h.Username.Empty() || !h.Password.Empty() {
		username, err := h.Username.Get()
		if err != nil {
			return fmt.Errorf("getting username failed: %w", err)
		}
		defer config.ReleaseSecret(username)
		password, err := h.Password.Get()
		if err != nil {
			return fmt.Errorf("getting password failed: %w", err)
		}
		defer config.ReleaseSecret(password)

		req.SetBasicAuth(string(username), string(password))
	}

	// google api auth
	if h.CredentialsFile != "" {
		token, err := h.getAccessToken(context.Background(), h.URL)
		if err != nil {
			return err
		}
		token.SetAuthHeader(req)
	}

	req.Header.Set("User-Agent", internal.ProductToken())
	req.Header.Set("Content-Type", defaultContentType)
	if h.ContentEncoding == "gzip" {
		req.Header.Set("Content-Encoding", "gzip")
	}
	for k, v := range h.Headers {
		if strings.ToLower(k) == "host" {
			req.Host = v
		}
		req.Header.Set(k, v)
	}

	resp, err := h.client.Do(req)
	if err != nil {
		return err
	}
	defer resp.Body.Close()

	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
		for _, nonRetryableStatusCode := range h.NonRetryableStatusCodes {
			if resp.StatusCode == nonRetryableStatusCode {
				h.Log.Errorf("Received non-retryable status %v. Metrics are lost.", resp.StatusCode)
				return nil
			}
		}

		errorLine := ""
		scanner := bufio.NewScanner(io.LimitReader(resp.Body, maxErrMsgLen))
		if scanner.Scan() {
			errorLine = scanner.Text()
		}

		return fmt.Errorf("when writing to [%s] received status code: %d. body: %s", h.URL, resp.StatusCode, errorLine)
	}

	_, err = io.ReadAll(resp.Body)
	if err != nil {
		return fmt.Errorf("when writing to [%s] received error: %v", h.URL, err)
	}

	return nil
}

func init() {
	outputs.Add("http", func() telegraf.Output {
		return &HTTP{
			Method:         defaultMethod,
			URL:            defaultURL,
			UseBatchFormat: defaultUseBatchFormat,
		}
	})
}

func (h *HTTP) getAccessToken(ctx context.Context, audience string) (*oauth2.Token, error) {
	if h.oauth2Token.Valid() {
		return h.oauth2Token, nil
	}

	ts, err := idtoken.NewTokenSource(ctx, audience, idtoken.WithCredentialsFile(h.CredentialsFile))
	if err != nil {
		return nil, fmt.Errorf("error creating oauth2 token source: %s", err)
	}

	token, err := ts.Token()
	if err != nil {
		return nil, fmt.Errorf("error fetching oauth2 token: %s", err)
	}

	h.oauth2Token = token

	return token, nil
}
chore: embed sample configurations into README for outputs (#11182) 2022-05-25 22:48:59 +08:00			`//go:generate ../../../tools/readme_config_includer/generator`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`package http`

			`import (`
fix: Add error message logging to outputs.http (#9727) 2021-09-15 05:04:34 +08:00			`"bufio"`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`"bytes"`
Add OAuth2 support to HTTP output plugin (#4536) 2018-09-07 01:54:05 +08:00			`"context"`
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`"crypto/sha256"`
chore: embed sample configurations into README for outputs (#11182) 2022-05-25 22:48:59 +08:00			`_ "embed"`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`"fmt"`
Add entity-body compression to http output (#4807) 2018-10-06 06:06:41 +08:00			`"io"`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`"net/http"`
			`"strings"`
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`"time"`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`awsV2 "github.com/aws/aws-sdk-go-v2/aws"`
feat: migrate output plugins to new sample config format (#10910) 2022-04-08 05:55:03 +08:00			`v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"`
chore: embed sample configurations into README for outputs (#11182) 2022-05-25 22:48:59 +08:00
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`"github.com/influxdata/telegraf"`
feat(secretstores): convert many output plugins (#12497) 2023-01-26 04:02:29 +08:00			`"github.com/influxdata/telegraf/config"`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`"github.com/influxdata/telegraf/internal"`
chore: Move aws credentials to plugins/common. (#11681) 2022-08-17 01:04:30 +08:00			`internalaws "github.com/influxdata/telegraf/plugins/common/aws"`
Add OAuth2 to HTTP input (#9138) * add oauth2 to http input * linter fixes * add http config to common plugin * address linter changes * Update README.md * add log for user if fields are missing * add correct logger * alter output plugin as well * fix formatting * add oauth2 separate package * fix package naming * remove unnecessary logger 2021-04-23 21:37:27 +08:00			`httpconfig "github.com/influxdata/telegraf/plugins/common/http"`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`"github.com/influxdata/telegraf/plugins/outputs"`
			`"github.com/influxdata/telegraf/plugins/serializers"`
feat: Google API Auth (#11084) 2022-05-25 07:33:02 +08:00			`"golang.org/x/oauth2"`
			`"google.golang.org/api/idtoken"`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`)`

chore: embed sample configurations into README for outputs (#11182) 2022-05-25 22:48:59 +08:00			`//go:embed sample.conf`
			`var sampleConfig string`

Add default url for http output (#5976) 2019-06-15 02:29:58 +08:00			`const (`
fix: Add error message logging to outputs.http (#9727) 2021-09-15 05:04:34 +08:00			`maxErrMsgLen = 1024`
			`defaultURL = "http://127.0.0.1:8080/telegraf"`
Add default url for http output (#5976) 2019-06-15 02:29:58 +08:00			`)`

Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`const (`
feat: Add use_batch_format for HTTP output plugin (#8184) 2021-10-29 22:05:28 +08:00			`defaultContentType = "text/plain; charset=utf-8"`
			`defaultMethod = http.MethodPost`
			`defaultUseBatchFormat = true`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`)`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`type HTTP struct {`
feat: adds optional list of non retryable http statuscodes to http output plugin (#10186) 2021-12-21 01:16:23 +08:00			URL string `toml:"url"`
			Method string `toml:"method"`
feat(secretstores): convert many output plugins (#12497) 2023-01-26 04:02:29 +08:00			Username config.Secret `toml:"username"`
			Password config.Secret `toml:"password"`
feat: adds optional list of non retryable http statuscodes to http output plugin (#10186) 2021-12-21 01:16:23 +08:00			Headers map[string]string `toml:"headers"`
			ContentEncoding string `toml:"content_encoding"`
			UseBatchFormat bool `toml:"use_batch_format"`
			AwsService string `toml:"aws_service"`
			NonRetryableStatusCodes []int `toml:"non_retryable_statuscodes"`
Add OAuth2 to HTTP input (#9138) * add oauth2 to http input * linter fixes * add http config to common plugin * address linter changes * Update README.md * add log for user if fields are missing * add correct logger * alter output plugin as well * fix formatting * add oauth2 separate package * fix package naming * remove unnecessary logger 2021-04-23 21:37:27 +08:00			`httpconfig.HTTPClientConfig`
Http plugin add cookie auth (#9395) 2021-07-14 05:58:49 +08:00			Log telegraf.Logger `toml:"-"`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`client *http.Client`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`serializer serializers.Serializer`
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00
			`awsCfg *awsV2.Config`
			`internalaws.CredentialConfig`
feat: Google API Auth (#11084) 2022-05-25 07:33:02 +08:00
			`// Google API Auth`
			CredentialsFile string `toml:"google_application_credentials"`
			`oauth2Token *oauth2.Token`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`

chore: embed sample configurations into README for outputs (#11182) 2022-05-25 22:48:59 +08:00			`func (*HTTP) SampleConfig() string {`
			`return sampleConfig`
			`}`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`func (h *HTTP) SetSerializer(serializer serializers.Serializer) {`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`h.serializer = serializer`
			`}`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`func (h *HTTP) Connect() error {`
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`if h.AwsService != "" {`
			`cfg, err := h.CredentialConfig.Credentials()`
			`if err == nil {`
			`h.awsCfg = &cfg`
			`}`
			`}`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`if h.Method == "" {`
			`h.Method = http.MethodPost`
			`}`
			`h.Method = strings.ToUpper(h.Method)`
			`if h.Method != http.MethodPost && h.Method != http.MethodPut {`
			`return fmt.Errorf("invalid method [%s] %s", h.URL, h.Method)`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`

Add OAuth2 support to HTTP output plugin (#4536) 2018-09-07 01:54:05 +08:00			`ctx := context.Background()`
Http plugin add cookie auth (#9395) 2021-07-14 05:58:49 +08:00			`client, err := h.HTTPClientConfig.CreateClient(ctx, h.Log)`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`if err != nil {`
			`return err`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`

Add OAuth2 support to HTTP output plugin (#4536) 2018-09-07 01:54:05 +08:00			`h.client = client`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00
			`return nil`
			`}`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`func (h *HTTP) Close() error {`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`return nil`
			`}`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`func (h *HTTP) Write(metrics []telegraf.Metric) error {`
feat: Add use_batch_format for HTTP output plugin (#8184) 2021-10-29 22:05:28 +08:00			`var reqBody []byte`

			`if h.UseBatchFormat {`
			`var err error`
			`reqBody, err = h.serializer.SerializeBatch(metrics)`
			`if err != nil {`
			`return err`
			`}`

fix: Linter fixes for plugins/outputs/[g-m]* (#10127) Co-authored-by: Pawel Zak <Pawel Zak> 2021-11-25 03:40:25 +08:00			`return h.writeMetric(reqBody)`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`

feat: Add use_batch_format for HTTP output plugin (#8184) 2021-10-29 22:05:28 +08:00			`for _, metric := range metrics {`
			`var err error`
			`reqBody, err = h.serializer.Serialize(metric)`
			`if err != nil {`
			`return err`
			`}`

fix: Linter fixes for plugins/outputs/[g-m]* (#10127) Co-authored-by: Pawel Zak <Pawel Zak> 2021-11-25 03:40:25 +08:00			`if err := h.writeMetric(reqBody); err != nil {`
feat: Add use_batch_format for HTTP output plugin (#8184) 2021-10-29 22:05:28 +08:00			`return err`
			`}`
			`}`
			`return nil`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`

fix: Linter fixes for plugins/outputs/[g-m]* (#10127) Co-authored-by: Pawel Zak <Pawel Zak> 2021-11-25 03:40:25 +08:00			`func (h *HTTP) writeMetric(reqBody []byte) error {`
Add entity-body compression to http output (#4807) 2018-10-06 06:06:41 +08:00			`var reqBodyBuffer io.Reader = bytes.NewBuffer(reqBody)`

			`var err error`
			`if h.ContentEncoding == "gzip" {`
chore(internal.gzip): cleanup CompressWithGzip (#12587) 2023-02-02 02:20:11 +08:00			`rc := internal.CompressWithGzip(reqBodyBuffer)`
Fix influxdb output serialization on connection closed (#6621) 2019-11-14 04:56:01 +08:00			`defer rc.Close()`
			`reqBodyBuffer = rc`
Add entity-body compression to http output (#4807) 2018-10-06 06:06:41 +08:00			`}`

feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`var payloadHash *string`
			`if h.awsCfg != nil {`
			`// We need a local copy of the full buffer, the signature scheme requires a sha256 of the request body.`
			`buf := new(bytes.Buffer)`
			`_, err = io.Copy(buf, reqBodyBuffer)`
			`if err != nil {`
			`return err`
			`}`

			`sum := sha256.Sum256(buf.Bytes())`
			`reqBodyBuffer = buf`

			`// sha256 is hex encoded`
			`hash := fmt.Sprintf("%x", sum)`
			`payloadHash = &hash`
			`}`

Add entity-body compression to http output (#4807) 2018-10-06 06:06:41 +08:00			`req, err := http.NewRequest(h.Method, h.URL, reqBodyBuffer)`
Return error if NewRequest fails in http output (#4429) 2018-07-18 05:54:10 +08:00			`if err != nil {`
			`return err`
			`}`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00
feat: support aws managed service for prometheus (#10202) 2021-12-11 04:06:33 +08:00			`if h.awsCfg != nil {`
			`signer := v4.NewSigner()`
			`ctx := context.Background()`

			`credentials, err := h.awsCfg.Credentials.Retrieve(ctx)`
			`if err != nil {`
			`return err`
			`}`

			`err = signer.SignHTTP(ctx, credentials, req, *payloadHash, h.AwsService, h.Region, time.Now().UTC())`
			`if err != nil {`
			`return err`
			`}`
			`}`

feat(secretstores): convert many output plugins (#12497) 2023-01-26 04:02:29 +08:00			`if !h.Username.Empty() \|\| !h.Password.Empty() {`
			`username, err := h.Username.Get()`
			`if err != nil {`
			`return fmt.Errorf("getting username failed: %w", err)`
			`}`
			`defer config.ReleaseSecret(username)`
			`password, err := h.Password.Get()`
			`if err != nil {`
			`return fmt.Errorf("getting password failed: %w", err)`
			`}`
			`defer config.ReleaseSecret(password)`

			`req.SetBasicAuth(string(username), string(password))`
Fix sending of basic auth credentials in http output (#4609) 2018-08-30 03:28:29 +08:00			`}`

feat: Google API Auth (#11084) 2022-05-25 07:33:02 +08:00			`// google api auth`
			`if h.CredentialsFile != "" {`
			`token, err := h.getAccessToken(context.Background(), h.URL)`
			`if err != nil {`
			`return err`
			`}`
			`token.SetAuthHeader(req)`
			`}`

Use the product token for the user agent in more locations (#7378) 2020-04-22 01:02:18 +08:00			`req.Header.Set("User-Agent", internal.ProductToken())`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`req.Header.Set("Content-Type", defaultContentType)`
Add entity-body compression to http output (#4807) 2018-10-06 06:06:41 +08:00			`if h.ContentEncoding == "gzip" {`
			`req.Header.Set("Content-Encoding", "gzip")`
			`}`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`for k, v := range h.Headers {`
Set host header if configured on http output (#5810) 2019-05-07 03:13:51 +08:00			`if strings.ToLower(k) == "host" {`
			`req.Host = v`
			`}`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`req.Header.Set(k, v)`
			`}`

			`resp, err := h.client.Do(req)`
			`if err != nil {`
			`return err`
			`}`
			`defer resp.Body.Close()`

Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`if resp.StatusCode < 200 \|\| resp.StatusCode >= 300 {`
feat: adds optional list of non retryable http statuscodes to http output plugin (#10186) 2021-12-21 01:16:23 +08:00			`for _, nonRetryableStatusCode := range h.NonRetryableStatusCodes {`
			`if resp.StatusCode == nonRetryableStatusCode {`
			`h.Log.Errorf("Received non-retryable status %v. Metrics are lost.", resp.StatusCode)`
			`return nil`
			`}`
			`}`

fix: Add error message logging to outputs.http (#9727) 2021-09-15 05:04:34 +08:00			`errorLine := ""`
			`scanner := bufio.NewScanner(io.LimitReader(resp.Body, maxErrMsgLen))`
			`if scanner.Scan() {`
			`errorLine = scanner.Text()`
			`}`

			`return fmt.Errorf("when writing to [%s] received status code: %d. body: %s", h.URL, resp.StatusCode, errorLine)`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`
fix: Add error message logging to outputs.http (#9727) 2021-09-15 05:04:34 +08:00
refactor: move from io/ioutil to io and os package (#9811) 2021-09-29 05:16:32 +08:00			`_, err = io.ReadAll(resp.Body)`
Clearing LGTM alerts and warnings (#8923) 2021-03-04 03:56:31 +08:00			`if err != nil {`
			`return fmt.Errorf("when writing to [%s] received error: %v", h.URL, err)`
			`}`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00
			`return nil`
			`}`

			`func init() {`
			`outputs.Add("http", func() telegraf.Output {`
Add method, basic auth, and tls support to http output 2018-05-15 08:11:44 +08:00			`return &HTTP{`
feat: Add use_batch_format for HTTP output plugin (#8184) 2021-10-29 22:05:28 +08:00			`Method: defaultMethod,`
			`URL: defaultURL,`
			`UseBatchFormat: defaultUseBatchFormat,`
Add HTTP output plugin (#2491) 2018-05-15 08:15:40 +08:00			`}`
			`})`
			`}`
feat: Google API Auth (#11084) 2022-05-25 07:33:02 +08:00
			`func (h HTTP) getAccessToken(ctx context.Context, audience string) (oauth2.Token, error) {`
			`if h.oauth2Token.Valid() {`
			`return h.oauth2Token, nil`
			`}`

			`ts, err := idtoken.NewTokenSource(ctx, audience, idtoken.WithCredentialsFile(h.CredentialsFile))`
			`if err != nil {`
			`return nil, fmt.Errorf("error creating oauth2 token source: %s", err)`
			`}`

			`token, err := ts.Token()`
			`if err != nil {`
			`return nil, fmt.Errorf("error fetching oauth2 token: %s", err)`
			`}`

			`h.oauth2Token = token`

			`return token, nil`
			`}`