decorateEnvVarName exempts AZURE_STORAGE-prefixed env vars (and AWS_-prefixed vars per #832) from having the FLAGD_ prefix applied. However, GCS auth env vars like GOOGLE_APPLICATION_CREDENTIALS and GOOGLE_CLOUD_PROJECT are not exempted.
This means GCS sync setups using env-var-based auth (as opposed to Workload Identity) will have their Google env vars incorrectly prefixed (e.g., FLAGD_GOOGLE_APPLICATION_CREDENTIALS), breaking authentication.
Relevant code: api/core/v1beta1/featureflagsource_types.go:268-273
func (fc *FeatureFlagSourceSpec) decorateEnvVarName(original string) string {
if strings.HasPrefix(original, "AZURE_STORAGE") {
return original
}
return common.EnvVarKey(fc.EnvVarPrefix, original)
}Requirements
- Add a
GOOGLE_ (or similar) prefix exemption to decorateEnvVarName, consistent with the AZURE_STORAGE and AWS_ exemptions.
- Document the env var prefix exemption behavior for all three cloud providers (Azure Blob, GCS, S3) so users understand which env vars are passed through undecorated. If this is already documented for some providers, ensure consistency across all three.
decorateEnvVarNameexemptsAZURE_STORAGE-prefixed env vars (andAWS_-prefixed vars per #832) from having theFLAGD_prefix applied. However, GCS auth env vars likeGOOGLE_APPLICATION_CREDENTIALSandGOOGLE_CLOUD_PROJECTare not exempted.This means GCS sync setups using env-var-based auth (as opposed to Workload Identity) will have their Google env vars incorrectly prefixed (e.g.,
FLAGD_GOOGLE_APPLICATION_CREDENTIALS), breaking authentication.Relevant code:
api/core/v1beta1/featureflagsource_types.go:268-273Requirements
GOOGLE_(or similar) prefix exemption todecorateEnvVarName, consistent with theAZURE_STORAGEandAWS_exemptions.