From c22f001a1b146c1a5a43a68bb81ac7558eccf6d9 Mon Sep 17 00:00:00 2001
From: Jeremy Edwards <jeremyedwards@google.com>
Date: Thu, 15 Apr 2021 23:30:19 +0000
Subject: [PATCH] GCE Windows: Use authenticated HTTP GET against GCS if VM has
 cloud-platform scope.

---
 cluster/gce/windows/common.psm1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cluster/gce/windows/common.psm1 b/cluster/gce/windows/common.psm1
index 74fe8c267d1..83566ee9c29 100644
--- a/cluster/gce/windows/common.psm1
+++ b/cluster/gce/windows/common.psm1
@@ -248,7 +248,7 @@ function Get-RemoteFile {
     $httpResponseMessage.Wait()
     if (-not $httpResponseMessage.IsCanceled) {
       # Check if the request was successful.
-      # 
+      #
       # DO NOT replace with EnsureSuccessStatusCode(), it prints the
       # OAuth2 bearer token.
       if (-not $httpResponseMessage.Result.IsSuccessStatusCode) {
@@ -295,7 +295,7 @@ function Check-StorageScope {
   While($true) {
     $data = Get-InstanceMetadata -Key "service-accounts/default/scopes"
     if ($data) {
-      return ($data -match "auth/devstorage")
+      return ($data -match "auth/devstorage") -or ($data -match "auth/cloud-platform")
     }
     Start-Sleep -Seconds 1
   }