From a73cff1478516484764f55f2891a6db7917d8e3e Mon Sep 17 00:00:00 2001
From: Darren Dowker <darren@arize.com>
Date: Wed, 24 Apr 2024 19:41:51 -0700
Subject: [PATCH] refactor

---
 broker/fragment/store_gcs.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/broker/fragment/store_gcs.go b/broker/fragment/store_gcs.go
index dcec760d..8f7d4aa9 100644
--- a/broker/fragment/store_gcs.go
+++ b/broker/fragment/store_gcs.go
@@ -44,12 +44,7 @@ func (s *gcsBackend) SignGet(ep *url.URL, fragment pb.Fragment, d time.Duration)
 	opts.Method = "GET"
 	opts.Expires = time.Now().Add(d)
 
-	if opts.GoogleAccessID == "" {
-		// workload identity approach
-		return client.Bucket(cfg.bucket).SignedURL(cfg.rewritePath(cfg.prefix, fragment.ContentPath()), &opts)
-	} else {
-		return storage.SignedURL(cfg.bucket, cfg.rewritePath(cfg.prefix, fragment.ContentPath()), &opts)
-	}
+	return client.Bucket(cfg.bucket).SignedURL(cfg.rewritePath(cfg.prefix, fragment.ContentPath()), &opts)
 }
 
 func (s *gcsBackend) Exists(ctx context.Context, ep *url.URL, fragment pb.Fragment) (exists bool, err error) {
@@ -189,7 +184,8 @@ func (s *gcsBackend) gcsClient(ep *url.URL) (cfg GSStoreConfig, client *storage.
 			return
 		}
 
-		// workload identity approach which aligns with a path in SignGet() method
+		// workload identity approach which SignGet() method accepts if you have
+		// "iam.serviceAccounts.signBlob" permissions against your service account.
 		opts = storage.SignedURLOptions{}
 		s.client, s.signedURLOptions = client, opts