Query S2A Address from MDS #1400
Conversation
rmehta19
force-pushed
the
s2a-java-integration
branch
from
0f96e86
to
ddac7aa
Compare
|
cc: @xmenxk |
| public static final String GOOGLE = "Google"; | ||
| private static final String PARSE_ERROR_S2A = "Error parsing Mtls Auto Config response."; | ||
|
|
||
| private MtlsConfig config; |
| if (transportFactory == null) { | ||
| transportFactory = | ||
| Iterables.getFirst( | ||
| ServiceLoader.load(HttpTransportFactory.class), OAuth2Utils.HTTP_TRANSPORT_FACTORY); | ||
| } | ||
| String url = getMdsMtlsEndpoint(); | ||
| GenericUrl genericUrl = new GenericUrl(url); | ||
| HttpRequest request = | ||
| transportFactory.create().createRequestFactory().buildGetRequest(genericUrl); | ||
| JsonObjectParser parser = new JsonObjectParser(OAuth2Utils.JSON_FACTORY); | ||
| request.setParser(parser); | ||
| request.getHeaders().set(METADATA_FLAVOR, GOOGLE); | ||
| request.setThrowExceptionOnExecuteError(false); | ||
| HttpResponse response = request.execute(); | ||
|
|
||
| if (!response.isSuccessStatusCode()) { | ||
| return MtlsConfig.createBuilder().build(); | ||
| } | ||
|
|
||
| InputStream content = response.getContent(); | ||
| if (content == null) { | ||
| return MtlsConfig.createBuilder().build(); | ||
| } |
There was a problem hiding this comment.
is it possible to reuse the code below for querying mds endpoint?
There was a problem hiding this comment.
We could use this function to get the MDS HttpResponse, but it would only replace a few lines (~7) in this function:
creating the HttpRequest and executing it to get the response, replaced with
response = getMetadataResponse(url).
However, in order to do this, we would also have to:
- ignore the
ComputeEngineCredentialsspecific errors thrown by the function, because we only care if we are able to successfully create a response (aligning with Go implementation, return empty S2A Address if any error). This technically works, although I am not sure it is best practice. getMetadataResponse(String url)is not static, so we would have to create an instance ofComputeEngineCredentialsto use it.
WDYT?
|
|
@westarle, friendly ping :). Please review when you get a chance. |
| import com.google.errorprone.annotations.CanIgnoreReturnValue; | ||
|
|
||
| /** Holds an mTLS configuration (consists of address of S2A) retrieved from the Metadata Server. */ | ||
| public final class MtlsConfig { |
There was a problem hiding this comment.
I think this should be re-branded to S2AConfig. MtlsConfig is much more generic than the settings in this class.
| public static final String METADATA_FLAVOR = "Metadata-Flavor"; | ||
| public static final String GOOGLE = "Google"; | ||
| private static final int MAX_MDS_PING_TRIES = 3; | ||
| private static final String PARSE_ERROR_S2A = "Error parsing Mtls Auto Config response."; |
There was a problem hiding this comment.
Is there any existing code for these constants?
| */ | ||
| @ThreadSafe | ||
| public final class S2A { | ||
| public static final String MTLS_CONFIG_ENDPOINT = |
There was a problem hiding this comment.
| public static final String MTLS_CONFIG_ENDPOINT = | |
| public static final String S2A_CONFIG_ENDPOINT_POSTFIX = |
| public static final String METADATA_FLAVOR = "Metadata-Flavor"; | ||
| public static final String GOOGLE = "Google"; | ||
| private static final int MAX_MDS_PING_TRIES = 3; | ||
| private static final String PARSE_ERROR_S2A = "Error parsing Mtls Auto Config response."; |
There was a problem hiding this comment.
I think this error message should be expanded to explain what went wrong and how it can be triaged.
| if (config == null) { | ||
| config = getMdsMtlsConfig(); | ||
| } | ||
| return config.getMtlsS2AAddress(); |
There was a problem hiding this comment.
Could a valid config be a requirement to instantiate this class?
| * | ||
| * @return the {@link MtlsConfig}. | ||
| */ | ||
| private MtlsConfig getMdsMtlsConfig() { |
There was a problem hiding this comment.
| private MtlsConfig getMdsMtlsConfig() { | |
| private MtlsConfig getS2AConfigFromMDS() { |
| if (transportFactory == null) { | ||
| transportFactory = | ||
| Iterables.getFirst( | ||
| ServiceLoader.load(HttpTransportFactory.class), OAuth2Utils.HTTP_TRANSPORT_FACTORY); | ||
| } |
There was a problem hiding this comment.
Should this be outside of the loop?
| } | ||
| HttpRequest request = | ||
| transportFactory.create().createRequestFactory().buildGetRequest(genericUrl); | ||
| JsonObjectParser parser = new JsonObjectParser(OAuth2Utils.JSON_FACTORY); |
There was a problem hiding this comment.
Should this be outside of the loop?
| .setMtlsS2AAddress(mtlsS2AAddress) | ||
| .build(); | ||
| } | ||
| return MtlsConfig.createBuilder().build(); |
There was a problem hiding this comment.
How will callers know if a valid config is returned?
Add utility to get S2A address from MDS MTLS autoconfiguration endpoint.
This utility will be used when creating mTLS channel using S2A Java Client, which takes S2A Address as input to create S2AChannelCredentials.
Parallel change in go: googleapis/google-api-go-client#1874
S2A Java client: grpc/grpc-java#11113