From ec1cb63a83e1951511247245e42992ec34856972 Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Thu, 3 Oct 2024 13:49:20 -0400 Subject: [PATCH 1/4] chore: Disable fetching Universe Domain from MDS --- .../src/main/java/com/google/api/gax/rpc/EndpointContext.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java index efe0f517f5..b0caf9e90d 100644 --- a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java +++ b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java @@ -32,6 +32,7 @@ import com.google.api.core.InternalApi; import com.google.api.gax.rpc.mtls.MtlsProvider; import com.google.auth.Credentials; +import com.google.auth.oauth2.ComputeEngineCredentials; import com.google.auto.value.AutoValue; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Strings; @@ -147,7 +148,8 @@ public void validateUniverseDomain( } String credentialsUniverseDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE; // If credentials is not NoCredentialsProvider, use the Universe Domain inside Credentials - if (credentials != null) { + // (TODO: b/349488459) - Disable automatic retries until 01/2025 + if (credentials != null && (!(credentials instanceof ComputeEngineCredentials))) { credentialsUniverseDomain = credentials.getUniverseDomain(); } if (!resolvedUniverseDomain().equals(credentialsUniverseDomain)) { From fce6e87eb85adcb832445a320f207cbbaba9a1d0 Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Thu, 3 Oct 2024 15:10:51 -0400 Subject: [PATCH 2/4] chore: Update wording --- .../src/main/java/com/google/api/gax/rpc/EndpointContext.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java index b0caf9e90d..e766ac9351 100644 --- a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java +++ b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java @@ -148,7 +148,7 @@ public void validateUniverseDomain( } String credentialsUniverseDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE; // If credentials is not NoCredentialsProvider, use the Universe Domain inside Credentials - // (TODO: b/349488459) - Disable automatic retries until 01/2025 + // (TODO: b/349488459) - Disable automatic requests to MDS until 01/2025 if (credentials != null && (!(credentials instanceof ComputeEngineCredentials))) { credentialsUniverseDomain = credentials.getUniverseDomain(); } From 99beb836cee24983dfefe80c2d734e0bf8710a30 Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Thu, 3 Oct 2024 17:14:58 -0400 Subject: [PATCH 3/4] chore: Update to remove validation for ComputeEngineCredentials --- .../com/google/api/gax/rpc/EndpointContext.java | 6 +++++- .../google/api/gax/rpc/EndpointContextTest.java | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java index e766ac9351..0736f49c64 100644 --- a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java +++ b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java @@ -146,9 +146,13 @@ public void validateUniverseDomain( // GDC-H has no universe domain, return return; } + // (TODO: b/349488459) - Disable automatic requests to MDS until 01/2025 + // If MDS is required for Universe Domain, do not do any validation + if (credentials instanceof ComputeEngineCredentials) { + return; + } String credentialsUniverseDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE; // If credentials is not NoCredentialsProvider, use the Universe Domain inside Credentials - // (TODO: b/349488459) - Disable automatic requests to MDS until 01/2025 if (credentials != null && (!(credentials instanceof ComputeEngineCredentials))) { credentialsUniverseDomain = credentials.getUniverseDomain(); } diff --git a/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java b/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java index 98a32bc05a..3276e4a73e 100644 --- a/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java +++ b/gax-java/gax/src/test/java/com/google/api/gax/rpc/EndpointContextTest.java @@ -29,12 +29,14 @@ */ package com.google.api.gax.rpc; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.api.gax.core.NoCredentialsProvider; import com.google.api.gax.rpc.mtls.MtlsProvider; import com.google.api.gax.rpc.testing.FakeMtlsProvider; import com.google.auth.Credentials; +import com.google.auth.oauth2.ComputeEngineCredentials; import com.google.common.truth.Truth; import io.grpc.Status; import java.io.IOException; @@ -437,4 +439,19 @@ void hasValidUniverseDomain_credentialsInGDU_configNonGDU() throws IOException { UnauthenticatedException.class, () -> endpointContext.validateUniverseDomain(credentials, statusCode)); } + + // (TODO: b/349488459) - Disable automatic requests to MDS until 01/2025 + // Test is to ensure that no validation is being run for ComputeEngineCredentials + @Test + void hasValidUniverseDomain_computeEngineCredentials_noValidationOnUniverseDomain() + throws IOException { + Credentials credentials = Mockito.mock(ComputeEngineCredentials.class); + Mockito.when(credentials.getUniverseDomain()).thenReturn(Credentials.GOOGLE_DEFAULT_UNIVERSE); + EndpointContext endpointContext = + defaultEndpointContextBuilder + // Set a custom Universe Domain that doesn't match + .setUniverseDomain("test.com") + .build(); + assertDoesNotThrow(() -> endpointContext.validateUniverseDomain(credentials, statusCode)); + } } From 6ada9017dce0ec215b940288b911c9687f250fac Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Thu, 3 Oct 2024 17:15:20 -0400 Subject: [PATCH 4/4] chore: Update to remove validation for ComputeEngineCredentials --- .../src/main/java/com/google/api/gax/rpc/EndpointContext.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java index 0736f49c64..dd6c199b35 100644 --- a/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java +++ b/gax-java/gax/src/main/java/com/google/api/gax/rpc/EndpointContext.java @@ -153,7 +153,7 @@ public void validateUniverseDomain( } String credentialsUniverseDomain = Credentials.GOOGLE_DEFAULT_UNIVERSE; // If credentials is not NoCredentialsProvider, use the Universe Domain inside Credentials - if (credentials != null && (!(credentials instanceof ComputeEngineCredentials))) { + if (credentials != null) { credentialsUniverseDomain = credentials.getUniverseDomain(); } if (!resolvedUniverseDomain().equals(credentialsUniverseDomain)) {