Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.x: Adjusts CDI OciExtension to use runtime OciExtension for certain authentication tasks #7373

Merged
merged 6 commits into from
Sep 13, 2023

Conversation

ljnelson
Copy link
Member

@ljnelson ljnelson commented Aug 14, 2023

Per request, this PR adjusts the CDI OciExtension to use the runtime OciExtension for authentication tasks.

(One thing I'd like feedback on is the change in behavior that will result in the absence of any configuration. In the existing CDI OciExtension, in the absence of configuration, a simple AbstractAuthenticationDetailsProvider (ADP) implementation will be tried first, followed by a configuration file-based ADP attempt, followed by an "instance principals"-based ADP attempt, followed, finally, by a "resource principal"-based ADP attempt. (This is governed by the enum order and is currently documented).

The runtime OciExtension changes the ordering.

I'm happy to make any changes that need to be made, or to allow this (maybe?) backwards-incompatible change to occur. Just let me know. (If the new ordering is fine, then I'll need to change a lot of Javadoc documentation.)

The PR is simple. The bulk of it simply checks (as before) to see if the user has registered any custom CDI beans for certain pieces (very unlikely, but if she has, we must respect them). (In the "sunny day" case this will of course not happen.) Then, in this case, which will be the ordinary case, as requested I've changed things so that the runtime OciExtension's ociAuthenticationProvider method will be called and its return value will be used.

@ljnelson ljnelson added the 4.x Version 4.x label Aug 14, 2023
@ljnelson ljnelson self-assigned this Aug 14, 2023
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 14, 2023
@ljnelson ljnelson marked this pull request as ready for review August 14, 2023 23:43
@ljnelson ljnelson linked an issue Aug 15, 2023 that may be closed by this pull request
@tomas-langer tomas-langer changed the title 4.x/main: Adjusts CDI OciExtension to use runtime OciExtension for certain authentication tasks 4.x: Adjusts CDI OciExtension to use runtime OciExtension for certain authentication tasks Aug 17, 2023
@barchetta
Copy link
Member

The change in ordering looks like a gratuitous incompatibility. Is there a justification for changing the ordering? I think our principle should be to stay compatible unless we have a justification to break compatibility.

@ljnelson
Copy link
Member Author

ljnelson commented Sep 6, 2023

I see two broad approaches:

  1. Change the in-the-absence-of-configuration ordering in the runtime OCI extension to match the existing CDI extension's behavior
  2. Somewhat laboriously interrogate the runtime extension's notion of what is available and effectively re-implement its default ordering in the CDI extension to preserve backwards compatibility (so bypass the in-the-absence-of-configuration ociAuthenticationProvider() logic (but that may be very method that drove the requesting of this change in the first place?))

I'm happy to make any changes that the community wants.

tomas-langer
tomas-langer previously approved these changes Sep 8, 2023
@ljnelson
Copy link
Member Author

ljnelson commented Sep 8, 2023

@tomas-langer Thanks for the approval. Do you have any feedback on the behavior change? Or is your feedback: "the behavior change is fine"?

@ljnelson
Copy link
Member Author

ljnelson commented Sep 8, 2023

Pausing this PR per request until changes are made to the "runtime" OciExtension.

@ljnelson ljnelson marked this pull request as draft September 8, 2023 18:25
…rtain authentication tasks

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@ljnelson ljnelson force-pushed the oci-extension-work-0 branch from d108b24 to f56c827 Compare September 12, 2023 17:10
@ljnelson ljnelson marked this pull request as ready for review September 12, 2023 17:11
@ljnelson
Copy link
Member Author

Unpausing/undrafting now that, per consensus, I've amended this PR to make requested calls to newly available methods in the runtime OCI extension.

TypeAndQualifiers serviceClient = serviceTaqs.serviceClient();
installServiceClientBuilder(event, bm, serviceClientBuilder, serviceClient, this.lenientClassloading);
installServiceClient(event, bm, serviceClient, serviceTaqs.serviceInterface(), serviceClientBuilder);
if (!this.serviceTaqs.isEmpty()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a test to ensure we are falling back to microprofile config?

Copy link
Member Author

@ljnelson ljnelson Sep 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like:

// in a unit test somewhere
io.helidon.config.Config c = toHelidonConfig(ConfigProvider.getConfig());
OciExtension.fallbackConfigSupplier(() -> c);
assertThat(OciExtension.configSupplier().get(), is(c));

…? Or did you have something else in mind?

Copy link
Member

@trentjeff trentjeff Sep 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, put something into the microprofile-config.properties file, and ensure that it got picked up by your code (which will internally use OciExtension, etc.). This will ensure that the fallback config is working to MP/CDI, and your code does not regress (i.e., confirms it is wired into the right OciExtension etc for auth)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK…I can do this, but isn't this testing the io.helidon.integrations.oci.sdk.runtime.OciExtension class? Are you sure you want the test of how that class should behave in this Java module? There's no place in my code that could regress in this area (I just hand you a converted MicroProfile Config Config object and you go from there).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a test that hopefully gets at what you're looking for; not sure.

…ations.oci.sdk.runtime.OciExtension class per request

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…er number of lines

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Copy link
Member

@tomas-langer tomas-langer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@tomas-langer tomas-langer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ljnelson ljnelson merged commit fefc66d into helidon-io:main Sep 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
4.x Version 4.x cdi CDI microprofile MP OCA Verified All contributors have signed the Oracle Contributor Agreement. OCI P4
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

[4.x] OCI/CDI Refactor to use oci.yaml
4 participants