Query S2A Address from MDS #1400
Conversation
rmehta19
force-pushed
the
s2a-java-integration
branch
from
0f96e86
to
ddac7aa
Compare
|
cc: @xmenxk |
| public static final String GOOGLE = "Google"; | ||
| private static final String PARSE_ERROR_S2A = "Error parsing Mtls Auto Config response."; | ||
|
|
||
| private MtlsConfig config; |
| request.setParser(parser); | ||
| request.getHeaders().set(METADATA_FLAVOR, GOOGLE); | ||
| request.setThrowExceptionOnExecuteError(false); | ||
| HttpResponse response = request.execute(); |
There was a problem hiding this comment.
Would it be useful to have retry logic here?
There was a problem hiding this comment.
I added retry logic, similar to
| */ | ||
| @ThreadSafe | ||
| public final class S2A { | ||
| public static final String DEFAULT_METADATA_SERVER_URL = "http://169.254.169.254"; |
There was a problem hiding this comment.
It seems like getting metadata server address is already implemented here:
should we reuse that definition?
There was a problem hiding this comment.
Done. Used ComputeEngineCredentials.getMeadataServerUrl()
| if (transportFactory == null) { | ||
| transportFactory = | ||
| Iterables.getFirst( | ||
| ServiceLoader.load(HttpTransportFactory.class), OAuth2Utils.HTTP_TRANSPORT_FACTORY); | ||
| } | ||
| String url = getMdsMtlsEndpoint(); | ||
| GenericUrl genericUrl = new GenericUrl(url); | ||
| HttpRequest request = | ||
| transportFactory.create().createRequestFactory().buildGetRequest(genericUrl); | ||
| JsonObjectParser parser = new JsonObjectParser(OAuth2Utils.JSON_FACTORY); | ||
| request.setParser(parser); | ||
| request.getHeaders().set(METADATA_FLAVOR, GOOGLE); | ||
| request.setThrowExceptionOnExecuteError(false); | ||
| HttpResponse response = request.execute(); | ||
|
|
||
| if (!response.isSuccessStatusCode()) { | ||
| return MtlsConfig.createBuilder().build(); | ||
| } | ||
|
|
||
| InputStream content = response.getContent(); | ||
| if (content == null) { | ||
| return MtlsConfig.createBuilder().build(); | ||
| } |
There was a problem hiding this comment.
is it possible to reuse the code below for querying mds endpoint?
There was a problem hiding this comment.
We could use this function to get the MDS HttpResponse, but it would only replace a few lines (~7) in this function:
creating the HttpRequest and executing it to get the response, replaced with
response = getMetadataResponse(url).
However, in order to do this, we would also have to:
- ignore the
ComputeEngineCredentialsspecific errors thrown by the function, because we only care if we are able to successfully create a response (aligning with Go implementation, return empty S2A Address if any error). This technically works, although I am not sure it is best practice. getMetadataResponse(String url)is not static, so we would have to create an instance ofComputeEngineCredentialsto use it.
WDYT?
|
Add utility to get S2A address from MDS MTLS autoconfiguration endpoint.
This utility will be used when creating mTLS channel using S2A Java Client, which takes S2A Address as input to create S2AChannelCredentials.
Parallel change in go: googleapis/google-api-go-client#1874
S2A Java client: grpc/grpc-java#11113