From be6c56a1948a57eb0300613a70ef608330ca36e0 Mon Sep 17 00:00:00 2001
From: Andy Zhao <andyzhao@google.com>
Date: Mon, 1 Feb 2021 14:56:21 -0800
Subject: [PATCH] fix(transport): expand OS environment variables in cert
 provider command (#852)

Environment variables in the cert provider command such as "$HOME" needs to be expanded. This logic was accidentally removed in an earlier patch, so it is being added back now. It impacts scenarios using customized context_aware_metadata.json.
---
 transport/cert/default_cert.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/transport/cert/default_cert.go b/transport/cert/default_cert.go
index 141ae457936..04aefec0afa 100644
--- a/transport/cert/default_cert.go
+++ b/transport/cert/default_cert.go
@@ -110,6 +110,10 @@ func (s *secureConnectSource) getClientCertificate(info *tls.CertificateRequestI
 	if defaultCert.cachedCert != nil && !isCertificateExpired(defaultCert.cachedCert) {
 		return defaultCert.cachedCert, nil
 	}
+	// Expand OS environment variables in the cert provider command such as "$HOME".
+	for i := 0; i < len(s.metadata.Cmd); i++ {
+		s.metadata.Cmd[i] = os.ExpandEnv(s.metadata.Cmd[i])
+	}
 	command := s.metadata.Cmd
 	data, err := exec.Command(command[0], command[1:]...).Output()
 	if err != nil {