-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(gax): add API key authentication to ClientSettings #3137
Open
ldetmer
wants to merge
13
commits into
main
Choose a base branch
from
api-keys
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 10 commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
558af8e
added setApiKey() method to client settings
ldetmer dad48d4
cleaned up and added logic for throwing error if both api key and cre…
ldetmer f6afbef
fixed formatting
ldetmer a516d95
fixed formatting
ldetmer f7ec0fa
wip
ldetmer db1674b
wip
ldetmer 9a13951
wip
ldetmer 62a3956
clean up
ldetmer f0a98e0
Merge branch 'main' into api-keys
ldetmer fa251cf
clean up
ldetmer 334a4e8
cleaned up tests/logic
ldetmer edb658f
cleaned up formatting
ldetmer 33f64a1
updated to use assertThrows
ldetmer File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,6 +43,7 @@ | |
import com.google.api.gax.rpc.internal.QuotaProjectIdHidingCredentials; | ||
import com.google.api.gax.tracing.ApiTracerFactory; | ||
import com.google.api.gax.tracing.BaseApiTracerFactory; | ||
import com.google.auth.ApiKeyCredentials; | ||
import com.google.auth.Credentials; | ||
import com.google.auth.oauth2.GdchCredentials; | ||
import com.google.auto.value.AutoValue; | ||
|
@@ -175,9 +176,19 @@ public static ClientContext create(StubSettings settings) throws IOException { | |
// A valid EndpointContext should have been created in the StubSettings | ||
EndpointContext endpointContext = settings.getEndpointContext(); | ||
String endpoint = endpointContext.resolvedEndpoint(); | ||
String apiKey = settings.getApiKey(); | ||
Credentials credentials = settings.getCredentialsProvider().getCredentials(); | ||
if (apiKey != null && credentials != null) { | ||
throw new IllegalArgumentException( | ||
"You can not provide both ApiKey and Credentials for a client."); | ||
} | ||
if (apiKey != null) { | ||
// if API key exists it becomes the default credential | ||
credentials = ApiKeyCredentials.create(settings.getApiKey()); | ||
} | ||
|
||
// check if need to adjust credentials/endpoint/endpointContext for GDC-H | ||
String settingsGdchApiAudience = settings.getGdchApiAudience(); | ||
Credentials credentials = settings.getCredentialsProvider().getCredentials(); | ||
boolean usingGDCH = credentials instanceof GdchCredentials; | ||
if (usingGDCH) { | ||
// Can only determine if the GDC-H is being used via the Credentials. The Credentials object | ||
|
@@ -187,22 +198,7 @@ public static ClientContext create(StubSettings settings) throws IOException { | |
// Resolve the new endpoint with the GDC-H flow | ||
endpoint = endpointContext.resolvedEndpoint(); | ||
// We recompute the GdchCredentials with the audience | ||
String audienceString; | ||
if (!Strings.isNullOrEmpty(settingsGdchApiAudience)) { | ||
audienceString = settingsGdchApiAudience; | ||
} else if (!Strings.isNullOrEmpty(endpoint)) { | ||
audienceString = endpoint; | ||
} else { | ||
throw new IllegalArgumentException("Could not infer GDCH api audience from settings"); | ||
} | ||
|
||
URI gdchAudienceUri; | ||
try { | ||
gdchAudienceUri = URI.create(audienceString); | ||
} catch (IllegalArgumentException ex) { // thrown when passing a malformed uri string | ||
throw new IllegalArgumentException("The GDC-H API audience string is not a valid URI", ex); | ||
} | ||
credentials = ((GdchCredentials) credentials).createWithGdchAudience(gdchAudienceUri); | ||
credentials = getGdchCredentials(settingsGdchApiAudience, endpoint, credentials); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. created helper method for readability, no change to logic |
||
} else if (!Strings.isNullOrEmpty(settingsGdchApiAudience)) { | ||
throw new IllegalArgumentException( | ||
"GDC-H API audience can only be set when using GdchCredentials"); | ||
|
@@ -291,6 +287,30 @@ public static ClientContext create(StubSettings settings) throws IOException { | |
.build(); | ||
} | ||
|
||
/** | ||
* Constructs a new {@link Credentials} object based on credentials provided with a GDC-H audience | ||
*/ | ||
private static Credentials getGdchCredentials( | ||
String settingsGdchApiAudience, String endpoint, Credentials credentials) throws IOException { | ||
String audienceString; | ||
if (!Strings.isNullOrEmpty(settingsGdchApiAudience)) { | ||
audienceString = settingsGdchApiAudience; | ||
} else if (!Strings.isNullOrEmpty(endpoint)) { | ||
audienceString = endpoint; | ||
} else { | ||
throw new IllegalArgumentException("Could not infer GDCH api audience from settings"); | ||
} | ||
|
||
URI gdchAudienceUri; | ||
try { | ||
gdchAudienceUri = URI.create(audienceString); | ||
} catch (IllegalArgumentException ex) { // thrown when passing a malformed uri string | ||
throw new IllegalArgumentException("The GDC-H API audience string is not a valid URI", ex); | ||
} | ||
credentials = ((GdchCredentials) credentials).createWithGdchAudience(gdchAudienceUri); | ||
return credentials; | ||
} | ||
|
||
/** | ||
* Getting a header map from HeaderProvider and InternalHeaderProvider from settings with Quota | ||
* Project Id. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added logic here to handle null check snd setting credentials (instead of in builder) as I thought it would be more discoverable/debuggable here since the rest of credential logic lives here