From 309c23b1a68d50fe33d004128d39dae0e85eaafe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Olav=20L=C3=B8ite?= Date: Wed, 8 Oct 2025 10:49:48 +0200 Subject: [PATCH 1/2] feat: add connection property for gRPC interceptor provider Add a connection property for setting a gRPC interceptor provider to use for connections. This allows JDBC and PGAdapter users to set a gRPC interceptor that should be used for the underlying Spanner client. This property is a guarded property, as it dynamically invokes the constructor of the class that is specified in the connection URL. A user must set the Java System property ENABLE_GRPC_INTERCEPTOR_PROVIDER=true when using this connection property. It should only be enabled in applications where an untrusted user cannot modify the connection URL that is being used, as that would allow an untrusted user to dynamically invoke code on the application host. --- .../ClientSideStatementValueConverters.java | 49 ++++++++ .../spanner/connection/ConnectionOptions.java | 49 ++++++-- .../connection/ConnectionProperties.java | 16 +++ .../cloud/spanner/connection/SpannerPool.java | 11 +- .../GrpcInterceptorProviderTest.java | 115 ++++++++++++++++++ 5 files changed, 225 insertions(+), 15 deletions(-) create mode 100644 google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ClientSideStatementValueConverters.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ClientSideStatementValueConverters.java index 57916aae58..3d796af4f0 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ClientSideStatementValueConverters.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ClientSideStatementValueConverters.java @@ -20,6 +20,7 @@ import static com.google.cloud.spanner.connection.ReadOnlyStalenessUtil.toChronoUnit; import com.google.api.gax.core.CredentialsProvider; +import com.google.api.gax.grpc.GrpcInterceptorProvider; import com.google.cloud.spanner.Dialect; import com.google.cloud.spanner.ErrorCode; import com.google.cloud.spanner.Options.RpcPriority; @@ -827,6 +828,54 @@ public CredentialsProvider convert(String credentialsProviderName) { } } + static class GrpcInterceptorProviderConverter + implements ClientSideStatementValueConverter { + static final GrpcInterceptorProviderConverter INSTANCE = new GrpcInterceptorProviderConverter(); + + private GrpcInterceptorProviderConverter() {} + + @Override + public Class getParameterClass() { + return GrpcInterceptorProvider.class; + } + + @Override + public GrpcInterceptorProvider convert(String interceptorProviderName) { + if (!Strings.isNullOrEmpty(interceptorProviderName)) { + try { + Class clazz = + (Class) Class.forName(interceptorProviderName); + Constructor constructor = + clazz.getDeclaredConstructor(); + return constructor.newInstance(); + } catch (ClassNotFoundException classNotFoundException) { + throw SpannerExceptionFactory.newSpannerException( + ErrorCode.INVALID_ARGUMENT, + "Unknown or invalid GrpcInterceptorProvider class name: " + interceptorProviderName, + classNotFoundException); + } catch (NoSuchMethodException noSuchMethodException) { + throw SpannerExceptionFactory.newSpannerException( + ErrorCode.INVALID_ARGUMENT, + "GrpcInterceptorProvider " + + interceptorProviderName + + " does not have a public no-arg constructor.", + noSuchMethodException); + } catch (InvocationTargetException + | InstantiationException + | IllegalAccessException exception) { + throw SpannerExceptionFactory.newSpannerException( + ErrorCode.INVALID_ARGUMENT, + "Failed to create an instance of " + + interceptorProviderName + + ": " + + exception.getMessage(), + exception); + } + } + return null; + } + } + /** Converter for converting strings to {@link Dialect} values. */ static class DialectConverter implements ClientSideStatementValueConverter { static final DialectConverter INSTANCE = new DialectConverter(); diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java index b12cd21fa7..741989ff5b 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java @@ -33,6 +33,7 @@ import static com.google.cloud.spanner.connection.ConnectionProperties.ENABLE_EXTENDED_TRACING; import static com.google.cloud.spanner.connection.ConnectionProperties.ENCODED_CREDENTIALS; import static com.google.cloud.spanner.connection.ConnectionProperties.ENDPOINT; +import static com.google.cloud.spanner.connection.ConnectionProperties.GRPC_INTERCEPTOR_PROVIDER; import static com.google.cloud.spanner.connection.ConnectionProperties.IS_EXPERIMENTAL_HOST; import static com.google.cloud.spanner.connection.ConnectionProperties.LENIENT; import static com.google.cloud.spanner.connection.ConnectionProperties.MAX_COMMIT_DELAY; @@ -59,6 +60,7 @@ import com.google.api.core.InternalApi; import com.google.api.gax.core.CredentialsProvider; +import com.google.api.gax.grpc.GrpcInterceptorProvider; import com.google.api.gax.rpc.TransportChannelProvider; import com.google.auth.Credentials; import com.google.auth.oauth2.AccessToken; @@ -75,6 +77,7 @@ import com.google.cloud.spanner.SpannerException; import com.google.cloud.spanner.SpannerExceptionFactory; import com.google.cloud.spanner.SpannerOptions; +import com.google.cloud.spanner.connection.ClientSideStatementValueConverters.GrpcInterceptorProviderConverter; import com.google.cloud.spanner.connection.StatementExecutor.StatementExecutorType; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.MoreObjects; @@ -256,6 +259,9 @@ public class ConnectionOptions { public static final String ENABLE_CHANNEL_PROVIDER_SYSTEM_PROPERTY = "ENABLE_CHANNEL_PROVIDER"; + public static final String ENABLE_GRPC_INTERCEPTOR_PROVIDER_SYSTEM_PROPERTY = + "ENABLE_GRPC_INTERCEPTOR_PROVIDER"; + /** Custom user agent string is only for other Google libraries. */ static final String USER_AGENT_PROPERTY_NAME = "userAgent"; @@ -656,19 +662,6 @@ private ConnectionOptions(Builder builder) { // Create the initial connection state from the parsed properties in the connection URL. this.initialConnectionState = new ConnectionState(connectionPropertyValues); - // Check that at most one of credentials location, encoded credentials, credentials provider and - // OUAuth token has been specified in the connection URI. - Preconditions.checkArgument( - Stream.of( - getInitialConnectionPropertyValue(CREDENTIALS_URL), - getInitialConnectionPropertyValue(ENCODED_CREDENTIALS), - getInitialConnectionPropertyValue(CREDENTIALS_PROVIDER), - getInitialConnectionPropertyValue(OAUTH_TOKEN)) - .filter(Objects::nonNull) - .count() - <= 1, - "Specify only one of credentialsUrl, encodedCredentials, credentialsProvider and OAuth" - + " token"); checkGuardedProperty( getInitialConnectionPropertyValue(ENCODED_CREDENTIALS), ENABLE_ENCODED_CREDENTIALS_SYSTEM_PROPERTY, @@ -683,6 +676,23 @@ private ConnectionOptions(Builder builder) { getInitialConnectionPropertyValue(CHANNEL_PROVIDER), ENABLE_CHANNEL_PROVIDER_SYSTEM_PROPERTY, CHANNEL_PROVIDER_PROPERTY_NAME); + checkGuardedProperty( + getInitialConnectionPropertyValue(GRPC_INTERCEPTOR_PROVIDER), + ENABLE_GRPC_INTERCEPTOR_PROVIDER_SYSTEM_PROPERTY, + GRPC_INTERCEPTOR_PROVIDER.getName()); + // Check that at most one of credentials location, encoded credentials, credentials provider and + // OUAuth token has been specified in the connection URI. + Preconditions.checkArgument( + Stream.of( + getInitialConnectionPropertyValue(CREDENTIALS_URL), + getInitialConnectionPropertyValue(ENCODED_CREDENTIALS), + getInitialConnectionPropertyValue(CREDENTIALS_PROVIDER), + getInitialConnectionPropertyValue(OAUTH_TOKEN)) + .filter(Objects::nonNull) + .count() + <= 1, + "Specify only one of credentialsUrl, encodedCredentials, credentialsProvider and OAuth" + + " token"); boolean usePlainText = getInitialConnectionPropertyValue(AUTO_CONFIG_EMULATOR) @@ -999,6 +1009,19 @@ public TransportChannelProvider getChannelProvider() { } } + String getGrpcInterceptorProviderName() { + return getInitialConnectionPropertyValue(GRPC_INTERCEPTOR_PROVIDER); + } + + /** Returns the gRPC interceptor provider that has been configured. */ + public GrpcInterceptorProvider getGrpcInterceptorProvider() { + String interceptorProvider = getInitialConnectionPropertyValue(GRPC_INTERCEPTOR_PROVIDER); + if (interceptorProvider == null) { + return null; + } + return GrpcInterceptorProviderConverter.INSTANCE.convert(interceptorProvider); + } + /** * The database role that is used for this connection. Assigning a role to a connection can be * used to for example restrict the access of a connection to a specific set of tables. diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index ae64f44ebc..512a60d9de 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -75,6 +75,7 @@ import static com.google.cloud.spanner.connection.ConnectionOptions.ENABLE_API_TRACING_PROPERTY_NAME; import static com.google.cloud.spanner.connection.ConnectionOptions.ENABLE_END_TO_END_TRACING_PROPERTY_NAME; import static com.google.cloud.spanner.connection.ConnectionOptions.ENABLE_EXTENDED_TRACING_PROPERTY_NAME; +import static com.google.cloud.spanner.connection.ConnectionOptions.ENABLE_GRPC_INTERCEPTOR_PROVIDER_SYSTEM_PROPERTY; import static com.google.cloud.spanner.connection.ConnectionOptions.ENCODED_CREDENTIALS_PROPERTY_NAME; import static com.google.cloud.spanner.connection.ConnectionOptions.ENDPOINT_PROPERTY_NAME; import static com.google.cloud.spanner.connection.ConnectionOptions.IS_EXPERIMENTAL_HOST_PROPERTY_NAME; @@ -101,6 +102,7 @@ import static com.google.cloud.spanner.connection.ConnectionProperty.castProperty; import com.google.api.gax.core.CredentialsProvider; +import com.google.api.gax.grpc.GrpcInterceptorProvider; import com.google.cloud.spanner.Dialect; import com.google.cloud.spanner.DmlBatchUpdateCountVerificationFailedException; import com.google.cloud.spanner.Options.RpcPriority; @@ -286,6 +288,20 @@ public class ConnectionProperties { null, CredentialsProviderConverter.INSTANCE, Context.STARTUP); + static final ConnectionProperty GRPC_INTERCEPTOR_PROVIDER = + create( + "grpc_interceptor_provider", + "The class name of a " + + GrpcInterceptorProvider.class.getName() + + " implementation that should be used to provide interceptors for the underlying Spanner client. " + + "This is a guarded property that can only be set if the Java System Property " + + ENABLE_GRPC_INTERCEPTOR_PROVIDER_SYSTEM_PROPERTY + + " has been set to true. This property should only be set to true on systems where an untrusted user cannot modify the connection URL, " + + "as using this property will dynamically invoke the constructor of the class specified. This means that any user that can modify " + + "the connection URL, can also dynamically invoke code on the host where the application is running.", + null, + StringValueConverter.INSTANCE, + Context.STARTUP); static final ConnectionProperty USER_AGENT = create( diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/SpannerPool.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/SpannerPool.java index c1cf3ae679..e78a646f07 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/SpannerPool.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/SpannerPool.java @@ -166,6 +166,7 @@ static class SpannerPoolKey { private final boolean isExperimentalHost; private final Boolean enableDirectAccess; private final String universeDomain; + private final String grpcInterceptorProvider; @VisibleForTesting static SpannerPoolKey of(ConnectionOptions options) { @@ -202,6 +203,7 @@ private SpannerPoolKey(ConnectionOptions options) throws IOException { this.isExperimentalHost = options.isExperimentalHost(); this.enableDirectAccess = options.isEnableDirectAccess(); this.universeDomain = options.getUniverseDomain(); + this.grpcInterceptorProvider = options.getGrpcInterceptorProviderName(); } @Override @@ -229,7 +231,8 @@ public boolean equals(Object o) { && Objects.equals(this.clientCertificateKey, other.clientCertificateKey) && Objects.equals(this.isExperimentalHost, other.isExperimentalHost) && Objects.equals(this.enableDirectAccess, other.enableDirectAccess) - && Objects.equals(this.universeDomain, other.universeDomain); + && Objects.equals(this.universeDomain, other.universeDomain) + && Objects.equals(this.grpcInterceptorProvider, other.grpcInterceptorProvider); } @Override @@ -253,7 +256,8 @@ public int hashCode() { this.clientCertificateKey, this.isExperimentalHost, this.enableDirectAccess, - this.universeDomain); + this.universeDomain, + this.grpcInterceptorProvider); } } @@ -426,6 +430,9 @@ Spanner createSpanner(SpannerPoolKey key, ConnectionOptions options) { if (key.universeDomain != null) { builder.setUniverseDomain(key.universeDomain); } + if (key.grpcInterceptorProvider != null) { + builder.setInterceptorProvider(options.getGrpcInterceptorProvider()); + } if (options.getConfigurator() != null) { options.getConfigurator().configure(builder); } diff --git a/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java b/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java new file mode 100644 index 0000000000..e4568bdb96 --- /dev/null +++ b/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java @@ -0,0 +1,115 @@ +/* + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.cloud.spanner.connection; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + +import com.google.api.gax.grpc.GrpcInterceptorProvider; +import com.google.cloud.spanner.ErrorCode; +import com.google.cloud.spanner.ResultSet; +import com.google.cloud.spanner.SpannerException; +import com.google.common.collect.ImmutableList; +import io.grpc.CallOptions; +import io.grpc.Channel; +import io.grpc.ClientCall; +import io.grpc.ClientInterceptor; +import io.grpc.MethodDescriptor; +import java.util.List; +import java.util.concurrent.atomic.AtomicBoolean; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public class GrpcInterceptorProviderTest extends AbstractMockServerTest { + private static final AtomicBoolean INTERCEPTOR_CALLED = new AtomicBoolean(false); + + public static final class TestGrpcInterceptorProvider implements GrpcInterceptorProvider { + @Override + public List getInterceptors() { + return ImmutableList.of( + new ClientInterceptor() { + @Override + public ClientCall interceptCall( + MethodDescriptor method, CallOptions callOptions, Channel next) { + INTERCEPTOR_CALLED.set(true); + return next.newCall(method, callOptions); + } + }); + } + } + + @Before + public void clearInterceptorUsedFlag() { + INTERCEPTOR_CALLED.set(false); + } + + @Test + public void testGrpcInterceptorProviderIsNotUsedByDefault() { + assertFalse(INTERCEPTOR_CALLED.get()); + try (Connection connection = createConnection()) { + try (ResultSet resultSet = connection.executeQuery(SELECT1_STATEMENT)) { + while (resultSet.next()) { + // ignore + } + } + } + assertFalse(INTERCEPTOR_CALLED.get()); + } + + @Test + public void testGrpcInterceptorProviderIsUsedWhenConfigured() { + System.setProperty("ENABLE_GRPC_INTERCEPTOR_PROVIDER", "true"); + assertFalse(INTERCEPTOR_CALLED.get()); + try (Connection connection = + createConnection( + ";grpc_interceptor_provider=" + TestGrpcInterceptorProvider.class.getName())) { + try (ResultSet resultSet = connection.executeQuery(SELECT1_STATEMENT)) { + while (resultSet.next()) { + // ignore + } + } + } finally { + System.clearProperty("ENABLE_GRPC_INTERCEPTOR_PROVIDER"); + } + assertTrue(INTERCEPTOR_CALLED.get()); + } + + @Test + public void testGrpcInterceptorProviderRequiresSystemProperty() { + assertFalse(INTERCEPTOR_CALLED.get()); + SpannerException exception = + assertThrows( + SpannerException.class, + () -> + createConnection( + ";grpc_interceptor_provider=" + TestGrpcInterceptorProvider.class.getName())); + assertEquals(ErrorCode.FAILED_PRECONDITION, exception.getErrorCode()); + assertTrue( + exception.getMessage(), + exception + .getMessage() + .contains( + "grpc_interceptor_provider can only be used if the system property ENABLE_GRPC_INTERCEPTOR_PROVIDER has been set to true. " + + "Start the application with the JVM command line option -DENABLE_GRPC_INTERCEPTOR_PROVIDER=true")); + assertFalse(INTERCEPTOR_CALLED.get()); + } +} From 43149c7500bc8702750566ce8b7f0a1c3c6495e2 Mon Sep 17 00:00:00 2001 From: cloud-java-bot Date: Wed, 8 Oct 2025 08:55:27 +0000 Subject: [PATCH 2/2] chore: generate libraries at Wed Oct 8 08:52:47 UTC 2025 --- .../spanner/connection/ConnectionProperties.java | 13 ++++++++----- .../connection/GrpcInterceptorProviderTest.java | 6 ++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java index 512a60d9de..200de9bec8 100644 --- a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java +++ b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionProperties.java @@ -293,12 +293,15 @@ public class ConnectionProperties { "grpc_interceptor_provider", "The class name of a " + GrpcInterceptorProvider.class.getName() - + " implementation that should be used to provide interceptors for the underlying Spanner client. " - + "This is a guarded property that can only be set if the Java System Property " + + " implementation that should be used to provide interceptors for the underlying" + + " Spanner client. This is a guarded property that can only be set if the Java" + + " System Property " + ENABLE_GRPC_INTERCEPTOR_PROVIDER_SYSTEM_PROPERTY - + " has been set to true. This property should only be set to true on systems where an untrusted user cannot modify the connection URL, " - + "as using this property will dynamically invoke the constructor of the class specified. This means that any user that can modify " - + "the connection URL, can also dynamically invoke code on the host where the application is running.", + + " has been set to true. This property should only be set to true on systems where" + + " an untrusted user cannot modify the connection URL, as using this property will" + + " dynamically invoke the constructor of the class specified. This means that any" + + " user that can modify the connection URL, can also dynamically invoke code on the" + + " host where the application is running.", null, StringValueConverter.INSTANCE, Context.STARTUP); diff --git a/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java b/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java index e4568bdb96..0845d1d9c3 100644 --- a/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java +++ b/google-cloud-spanner/src/test/java/com/google/cloud/spanner/connection/GrpcInterceptorProviderTest.java @@ -108,8 +108,10 @@ public void testGrpcInterceptorProviderRequiresSystemProperty() { exception .getMessage() .contains( - "grpc_interceptor_provider can only be used if the system property ENABLE_GRPC_INTERCEPTOR_PROVIDER has been set to true. " - + "Start the application with the JVM command line option -DENABLE_GRPC_INTERCEPTOR_PROVIDER=true")); + "grpc_interceptor_provider can only be used if the system property" + + " ENABLE_GRPC_INTERCEPTOR_PROVIDER has been set to true. Start the" + + " application with the JVM command line option" + + " -DENABLE_GRPC_INTERCEPTOR_PROVIDER=true")); assertFalse(INTERCEPTOR_CALLED.get()); } }