use of com.google.auth.oauth2.ServiceAccountJwtAccessCredentials in project java-bigtable by googleapis.
the class EnhancedBigtableStub method patchCredentials.
private static void patchCredentials(EnhancedBigtableStubSettings.Builder settings) throws IOException {
int i = settings.getEndpoint().lastIndexOf(":");
String host = settings.getEndpoint().substring(0, i);
String audience = settings.getJwtAudienceMapping().get(host);
if (audience == null) {
return;
}
URI audienceUri = null;
try {
audienceUri = new URI(audience);
} catch (URISyntaxException e) {
throw new IllegalStateException("invalid JWT audience override", e);
}
CredentialsProvider credentialsProvider = settings.getCredentialsProvider();
if (credentialsProvider == null) {
return;
}
Credentials credentials = credentialsProvider.getCredentials();
if (credentials == null) {
return;
}
if (!(credentials instanceof ServiceAccountJwtAccessCredentials)) {
return;
}
ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials;
JwtCredentialsWithAudience patchedCreds = new JwtCredentialsWithAudience(jwtCreds, audienceUri);
settings.setCredentialsProvider(FixedCredentialsProvider.create(patchedCreds));
}
use of com.google.auth.oauth2.ServiceAccountJwtAccessCredentials in project java-bigtable by googleapis.
the class EnhancedBigtableStubTest method testBatchJwtAudience.
@Test
public void testBatchJwtAudience() throws InterruptedException, IOException, NoSuchAlgorithmException, ExecutionException {
// close default stub - need to create custom one
enhancedBigtableStub.close();
// Create fake jwt creds
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.genKeyPair();
ServiceAccountJwtAccessCredentials jwtCreds = ServiceAccountJwtAccessCredentials.newBuilder().setClientId("fake-id").setClientEmail("fake@example.com").setPrivateKey(keyPair.getPrivate()).setPrivateKeyId("fake-private-key").build();
// Create a fixed channel that will ignore the default endpoint and connect to the emulator
ManagedChannel emulatorChannel = ManagedChannelBuilder.forAddress("localhost", serviceHelper.getPort()).usePlaintext().build();
Metadata metadata;
try {
EnhancedBigtableStubSettings settings = EnhancedBigtableStubSettings.newBuilder().setProjectId("fake-project").setInstanceId("fake-instance").setEndpoint("batch-bigtable.googleapis.com:443").setCredentialsProvider(FixedCredentialsProvider.create(jwtCreds)).setTransportChannelProvider(FixedTransportChannelProvider.create(GrpcTransportChannel.create(emulatorChannel))).build();
enhancedBigtableStub = EnhancedBigtableStub.create(settings);
// Send rpc and grab the credentials sent
enhancedBigtableStub.readRowCallable().futureCall(Query.create("fake-table")).get();
metadata = metadataInterceptor.headers.take();
} finally {
emulatorChannel.shutdown();
}
String authValue = metadata.get(Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER));
String expectedPrefix = "Bearer ";
assertThat(authValue).startsWith(expectedPrefix);
String jwtStr = authValue.substring(expectedPrefix.length());
JsonWebSignature parsed = JsonWebSignature.parse(GsonFactory.getDefaultInstance(), jwtStr);
assertThat(parsed.getPayload().getAudience()).isEqualTo("https://bigtable.googleapis.com/");
}
use of com.google.auth.oauth2.ServiceAccountJwtAccessCredentials in project java-bigtable by googleapis.
the class EnhancedBigtableStubTest method testJwtAudience.
@Test
public void testJwtAudience() throws InterruptedException, IOException, NoSuchAlgorithmException, ExecutionException {
// close default stub - need to create custom one
enhancedBigtableStub.close();
// Create fake jwt creds
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.genKeyPair();
ServiceAccountJwtAccessCredentials jwtCreds = ServiceAccountJwtAccessCredentials.newBuilder().setClientId("fake-id").setClientEmail("fake@example.com").setPrivateKey(keyPair.getPrivate()).setPrivateKeyId("fake-private-key").build();
// Create a stub with overridden audience
String expectedAudience = "http://localaudience";
EnhancedBigtableStubSettings settings = defaultSettings.toBuilder().setJwtAudienceMapping(ImmutableMap.of("localhost", expectedAudience)).setCredentialsProvider(FixedCredentialsProvider.create(jwtCreds)).build();
enhancedBigtableStub = EnhancedBigtableStub.create(settings);
// Send rpc and grab the credentials sent
enhancedBigtableStub.readRowCallable().futureCall(Query.create("fake-table")).get();
Metadata metadata = metadataInterceptor.headers.take();
String authValue = metadata.get(Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER));
String expectedPrefix = "Bearer ";
assertThat(authValue).startsWith(expectedPrefix);
String jwtStr = authValue.substring(expectedPrefix.length());
JsonWebSignature parsed = JsonWebSignature.parse(GsonFactory.getDefaultInstance(), jwtStr);
assertThat(parsed.getPayload().getAudience()).isEqualTo(expectedAudience);
}
use of com.google.auth.oauth2.ServiceAccountJwtAccessCredentials in project java-bigtable-hbase by googleapis.
the class TestAuth method testBatchJwt.
@Test
public void testBatchJwt() throws IOException {
Assume.assumeTrue("Batch JWT can only run against Bigtable", sharedTestEnv.isBigtable());
String currentEndpoint = sharedTestEnv.getConfiguration().get("google.bigtable.endpoint.host");
Assume.assumeTrue("Batch JWT test can only run in prod", currentEndpoint == null || "bigtable.googleapis.com".equals(currentEndpoint));
Credentials credentials = GoogleCredentials.getApplicationDefault();
if (credentials instanceof ServiceAccountCredentials) {
ServiceAccountCredentials svcCreds = (ServiceAccountCredentials) credentials;
credentials = ServiceAccountJwtAccessCredentials.newBuilder().setClientId(svcCreds.getClientId()).setClientEmail(svcCreds.getClientEmail()).setPrivateKeyId(svcCreds.getPrivateKeyId()).setPrivateKey(svcCreds.getPrivateKey()).build();
}
Assume.assumeTrue("Service account credentials are required", credentials instanceof ServiceAccountJwtAccessCredentials);
BigtableExtendedConfiguration config = new BigtableExtendedConfiguration(sharedTestEnv.getConfiguration(), credentials);
config.set("google.bigtable.use.batch", "true");
// Prevent the test from hanging if auth fails
config.set("google.bigtable.rpc.use.timeouts", "true");
config.set("google.bigtable.rpc.timeout.ms", "10000");
config.set("google.bigtable.grpc.channel.count", "1");
// Create a new connection using JWT auth & batch settings
try (Connection connection = BigtableConfiguration.connect(config)) {
// Reuse the default test table
Table table = connection.getTable(sharedTestEnv.getDefaultTableName());
Exception actualError = null;
// Perform any RPC
try {
table.get(new Get("any-key".getBytes()));
} catch (Exception e) {
actualError = e;
}
// Verify that it succeeded.
Assert.assertNull("No error when getting a key with JWT", actualError);
}
}
Aggregations