-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using google-auth-library-oauth2-http to get default credentials #151
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,11 +17,12 @@ | |
package com.google.cloud.sql; | ||
|
||
import com.google.api.client.auth.oauth2.Credential; | ||
import com.google.api.client.http.HttpRequestInitializer; | ||
|
||
/** Factory for creating {@link Credential}s for interaction with Cloud SQL Admin API. */ | ||
public interface CredentialFactory { | ||
/** Name of system property that can specify an alternative credential factory. */ | ||
String CREDENTIAL_FACTORY_PROPERTY = "cloudSql.socketFactory.credentialFactory"; | ||
|
||
Credential create(); | ||
HttpRequestInitializer create(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a breaking changing to a public interface. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It might break binary compatibility, but it's source compatible There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I didn't realize |
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,8 +16,6 @@ | |
|
||
package com.google.cloud.sql.core; | ||
|
||
import com.google.api.client.auth.oauth2.Credential; | ||
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; | ||
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; | ||
import com.google.api.client.http.HttpRequestInitializer; | ||
import com.google.api.client.http.HttpTransport; | ||
|
@@ -26,6 +24,8 @@ | |
import com.google.api.services.sqladmin.SQLAdmin; | ||
import com.google.api.services.sqladmin.SQLAdmin.Builder; | ||
import com.google.api.services.sqladmin.SQLAdminScopes; | ||
import com.google.auth.http.HttpCredentialsAdapter; | ||
import com.google.auth.oauth2.GoogleCredentials; | ||
import com.google.cloud.sql.CredentialFactory; | ||
import com.google.common.annotations.VisibleForTesting; | ||
import com.google.common.base.Preconditions; | ||
|
@@ -40,8 +40,6 @@ | |
import java.security.KeyPair; | ||
import java.security.KeyPairGenerator; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.cert.CertificateException; | ||
import java.security.cert.CertificateFactory; | ||
import java.util.ArrayList; | ||
import java.util.Collections; | ||
import java.util.List; | ||
|
@@ -50,7 +48,6 @@ | |
import java.util.concurrent.Executors; | ||
import java.util.concurrent.ScheduledThreadPoolExecutor; | ||
import java.util.logging.Logger; | ||
import javax.annotation.Nullable; | ||
import javax.net.ssl.SSLSocket; | ||
import jnr.unixsocket.UnixSocketAddress; | ||
import jnr.unixsocket.UnixSocketChannel; | ||
|
@@ -90,9 +87,7 @@ public final class CoreSocketFactory { | |
|
||
private static CoreSocketFactory coreSocketFactory; | ||
|
||
private final CertificateFactory certificateFactory; | ||
private final ListenableFuture<KeyPair> localKeyPair; | ||
private final Credential credential; | ||
private final ConcurrentHashMap<String, CloudSqlInstance> instances = new ConcurrentHashMap<>(); | ||
private final ListeningScheduledExecutorService executor; | ||
private final SQLAdmin adminApi; | ||
|
@@ -101,12 +96,9 @@ public final class CoreSocketFactory { | |
@VisibleForTesting | ||
CoreSocketFactory( | ||
ListenableFuture<KeyPair> localKeyPair, | ||
Credential credential, | ||
SQLAdmin adminApi, | ||
int serverProxyPort, | ||
ListeningScheduledExecutorService executor) { | ||
this.certificateFactory = x509CertificateFactory(); | ||
this.credential = credential; | ||
this.adminApi = adminApi; | ||
this.serverProxyPort = serverProxyPort; | ||
this.executor = executor; | ||
|
@@ -131,30 +123,20 @@ public static synchronized CoreSocketFactory getInstance() { | |
credentialFactory = new ApplicationDefaultCredentialFactory(); | ||
} | ||
|
||
Credential credential = credentialFactory.create(); | ||
HttpRequestInitializer credential = credentialFactory.create(); | ||
SQLAdmin adminApi = createAdminApiClient(credential); | ||
ListeningScheduledExecutorService executor = getDefaultExecutor(); | ||
|
||
coreSocketFactory = | ||
new CoreSocketFactory( | ||
executor.submit(CoreSocketFactory::generateRsaKeyPair), | ||
credential, | ||
adminApi, | ||
DEFAULT_SERVER_PROXY_PORT, | ||
executor); | ||
} | ||
return coreSocketFactory; | ||
} | ||
|
||
// Returns a factory used to create X.509 public certificates | ||
private static CertificateFactory x509CertificateFactory() { | ||
try { | ||
return CertificateFactory.getInstance("X.509"); | ||
} catch (CertificateException err) { | ||
throw new RuntimeException("X509 implementation not available", err); | ||
} | ||
} | ||
|
||
// TODO(kvg): Figure out better executor to use for testing | ||
@VisibleForTesting | ||
// Returns a listenable, scheduled executor that exits upon shutdown. | ||
|
@@ -283,13 +265,6 @@ private static List<String> listIpTypes(String cloudSqlIpTypes) { | |
return result; | ||
} | ||
|
||
@Nullable | ||
private String getCredentialServiceAccount(Credential credential) { | ||
return credential instanceof GoogleCredential | ||
? ((GoogleCredential) credential).getServiceAccountId() | ||
: null; | ||
} | ||
|
||
private static SQLAdmin createAdminApiClient(HttpRequestInitializer requestInitializer) { | ||
HttpTransport httpTransport; | ||
try { | ||
|
@@ -318,19 +293,19 @@ private static SQLAdmin createAdminApiClient(HttpRequestInitializer requestIniti | |
|
||
private static class ApplicationDefaultCredentialFactory implements CredentialFactory { | ||
@Override | ||
public Credential create() { | ||
GoogleCredential credential; | ||
public HttpRequestInitializer create() { | ||
GoogleCredentials credentials; | ||
try { | ||
credential = GoogleCredential.getApplicationDefault(); | ||
credentials = GoogleCredentials.getApplicationDefault(); | ||
} catch (IOException err) { | ||
throw new RuntimeException( | ||
"Unable to obtain credentials to communicate with the Cloud SQL API", err); | ||
} | ||
if (credential.createScopedRequired()) { | ||
credential = | ||
credential.createScoped(Collections.singletonList(SQLAdminScopes.SQLSERVICE_ADMIN)); | ||
if (credentials.createScopedRequired()) { | ||
credentials = | ||
credentials.createScoped(Collections.singletonList(SQLAdminScopes.SQLSERVICE_ADMIN)); | ||
} | ||
return credential; | ||
return new HttpCredentialsAdapter(credentials); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So why not make this method return There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That would be a source code breaking change, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You right. Thanks for the clarification. |
||
} | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unused import?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's actually used in the class comment but maybe the comment should be updated? I left it as is because I figured that in most cases it would be a
Credential
that is returned.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, yeah that's fine then.