Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: jwt authentication on batch-bigtable.googleapis.com (#892)
* fix: jwt authentication on batch-bigtable.googleapis.com In general jwt audiences and service endpoints align. However in some cases like batch-bigtable.googleapis.com, they diverge. This PR workaround the issue by patching the JWT audience for batch-bigtable.googleapis.com * remove abandoned tst strategy * deps * fix settings * fix batch tests
- Loading branch information
1 parent
9290cd0
commit d2ca9c6
Showing
8 changed files
with
321 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
.../src/main/java/com/google/cloud/bigtable/data/v2/internal/JwtCredentialsWithAudience.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package com.google.cloud.bigtable.data.v2.internal; | ||
|
||
import com.google.api.core.InternalApi; | ||
import com.google.auth.Credentials; | ||
import com.google.auth.RequestMetadataCallback; | ||
import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials; | ||
import java.io.IOException; | ||
import java.net.URI; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.concurrent.Executor; | ||
|
||
/** | ||
* Internal helper to fix the mapping between JWT audiences and service endpoints. | ||
* | ||
* <p>In most cases JWT audiences correspond to service endpoints. However, in some cases they | ||
* diverge. To workaround this, this class hardcodes the audience and forces the underlying | ||
* implementation to use it. | ||
* | ||
* <p>Internal Only - public for technical reasons | ||
*/ | ||
@InternalApi | ||
public class JwtCredentialsWithAudience extends Credentials { | ||
private final ServiceAccountJwtAccessCredentials delegate; | ||
|
||
public JwtCredentialsWithAudience(ServiceAccountJwtAccessCredentials delegate, URI audience) { | ||
this.delegate = delegate.toBuilder().setDefaultAudience(audience).build(); | ||
} | ||
|
||
@Override | ||
public String getAuthenticationType() { | ||
return delegate.getAuthenticationType(); | ||
} | ||
|
||
@Override | ||
public Map<String, List<String>> getRequestMetadata() throws IOException { | ||
return delegate.getRequestMetadata(); | ||
} | ||
|
||
@Override | ||
public void getRequestMetadata(URI ignored, Executor executor, RequestMetadataCallback callback) { | ||
delegate.getRequestMetadata(null, executor, callback); | ||
} | ||
|
||
@Override | ||
public Map<String, List<String>> getRequestMetadata(URI ignored) throws IOException { | ||
return delegate.getRequestMetadata(null); | ||
} | ||
|
||
@Override | ||
public boolean hasRequestMetadata() { | ||
return delegate.hasRequestMetadata(); | ||
} | ||
|
||
@Override | ||
public boolean hasRequestMetadataOnly() { | ||
return delegate.hasRequestMetadataOnly(); | ||
} | ||
|
||
@Override | ||
public void refresh() throws IOException { | ||
delegate.refresh(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.