Skip to content

s2a fix: fix NPE. #3401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rmehta19 wants to merge 2 commits into from
Closed

s2a fix: fix NPE. #3401

rmehta19 wants to merge 2 commits into from

Conversation

@rmehta19
Copy link
Contributor

@rmehta19 rmehta19 commented Nov 27, 2024

No description provided.

@conventional-commit-lint-gcf
Copy link

conventional-commit-lint-gcf bot commented Nov 27, 2024
edited
Loading

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Nov 27, 2024
rmehta19 added a commit to rmehta19/sdk-platform-java that referenced this pull request Jan 7, 2025
@rmehta19
Path googleapis#3401.
39380c5
rmehta19 added a commit to rmehta19/sdk-platform-java that referenced this pull request Jan 7, 2025
@rmehta19
Path googleapis#3401.
9b4b405
@rmehta19 rmehta19 mentioned this pull request Jan 7, 2025
Merged
@product-auto-label product-auto-label bot added size: s Pull request size is small. and removed size: xs Pull request size is extra small. labels Jan 7, 2025
@rmehta19
Copy link
Contributor Author

rmehta19 commented Jan 7, 2025

Closing this and patching this into #3548

@rmehta19 rmehta19 closed this Jan 7, 2025
@rmehta19 rmehta19 reopened this Jan 7, 2025
@rmehta19
Copy link
Contributor Author

rmehta19 commented Jan 7, 2025

Closing this and patching this into #3548

@rmehta19 rmehta19 closed this Jan 7, 2025
lqiu96 pushed a commit that referenced this pull request Jan 24, 2025
@rmehta19
feat: revert #3400: reintroduce experimental S2A integration in clien…
65a0f11 
…t libraries grpc transport (#3548)

**Revert #3400.**

**This PR re-introduces the S2A integration the Java Cloud SDK
(initially introduced in #3326, and temporarily reverted in #3400).**

**This PR does this by reverting #3400 with the following patches:**
- load the S2A APIs via reflection. This allows us to merge the code
while the [S2A API is still experimental in
gRPC-Java](https://github.com/grpc/grpc-java/blob/master/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java)
without introducing a diamond dependency conflict. Once the S2A APIs are
stable, the reflection logic can be removed and the S2A API can be used
directly (via a dependency on S2A API)
- fix NPE (#3401)
- use a different env var name for enabling the feature


**Below is the original description from #3326**

Modify the Client Libraries gRPC Channel builder to use mTLS via S2A if
the experimental environment variable is set, S2A is available (We check
this by using [SecureSessionAgent
utility](https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java)),
and a few more conditions (see `shouldUseS2A`).

Following https://google.aip.dev/auth/4115, Only attempt to use S2A
after DirectPath and DCA (https://google.aip.dev/auth/4114) are ruled
out as options. If conditions to use S2A are not met (env variable not
set, or S2A is not running in environment, etc (`shouldUseS2A` returns
false)), fall back to default TLS connection.

When we are creating S2A-enabled Grpc Channel Credentials, we first try
to secure the connection between the client and the S2A via MTLS, using
[MTLS-MDS](https://cloud.google.com/compute/docs/metadata/overview#https-mds)
credentials. If MTLS-MDS credentials can't be loaded, then we fallback
to a plaintext connection between the client and S2A.

The parallel go implementation : googleapis/google-api-go-client#1874
(now lives here:
https://github.com/googleapis/google-cloud-go/blob/main/auth/internal/transport/cba.go)

S2A Java client: https://github.com/grpc/grpc-java/tree/master/s2a

Resolving b/376258193 means that S2A.java is no longer experimental
lqiu96 pushed a commit that referenced this pull request Feb 20, 2025
@rmehta19 @lqiu96
feat: revert #3400: reintroduce experimental S2A integration in clien…
fdeef5e 
…t libraries grpc transport (#3548)

**Revert #3400.**

**This PR re-introduces the S2A integration the Java Cloud SDK
(initially introduced in #3326, and temporarily reverted in #3400).**

**This PR does this by reverting #3400 with the following patches:**
- load the S2A APIs via reflection. This allows us to merge the code
while the [S2A API is still experimental in
gRPC-Java](https://github.com/grpc/grpc-java/blob/master/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java)
without introducing a diamond dependency conflict. Once the S2A APIs are
stable, the reflection logic can be removed and the S2A API can be used
directly (via a dependency on S2A API)
- fix NPE (#3401)
- use a different env var name for enabling the feature


**Below is the original description from #3326**

Modify the Client Libraries gRPC Channel builder to use mTLS via S2A if
the experimental environment variable is set, S2A is available (We check
this by using [SecureSessionAgent
utility](https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java)),
and a few more conditions (see `shouldUseS2A`).

Following https://google.aip.dev/auth/4115, Only attempt to use S2A
after DirectPath and DCA (https://google.aip.dev/auth/4114) are ruled
out as options. If conditions to use S2A are not met (env variable not
set, or S2A is not running in environment, etc (`shouldUseS2A` returns
false)), fall back to default TLS connection.

When we are creating S2A-enabled Grpc Channel Credentials, we first try
to secure the connection between the client and the S2A via MTLS, using
[MTLS-MDS](https://cloud.google.com/compute/docs/metadata/overview#https-mds)
credentials. If MTLS-MDS credentials can't be loaded, then we fallback
to a plaintext connection between the client and S2A.

The parallel go implementation : googleapis/google-api-go-client#1874
(now lives here:
https://github.com/googleapis/google-cloud-go/blob/main/auth/internal/transport/cba.go)

S2A Java client: https://github.com/grpc/grpc-java/tree/master/s2a

Resolving b/376258193 means that S2A.java is no longer experimental
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size: s Pull request size is small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rmehta19