Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows #3591

Merged
merged 14 commits into from
Feb 5, 2025
Merged

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows #3591

merged 14 commits into from
Feb 5, 2025

Conversation

rmehta19
Copy link
Contributor

Similar to implementation for DirectPath in #3572.

This is part of the experimental S2A feature (see #3400)

@product-auto-label product-auto-label bot added the size: s Pull request size is small. label Jan 27, 2025
@product-auto-label product-auto-label bot added size: m Pull request size is medium. and removed size: s Pull request size is small. labels Jan 28, 2025
@rmehta19
Copy link
Contributor Author

@lqiu96 , @blakeli0 , @zhumin8 would you all be able to review this PR? Thanks!

@rmehta19
Copy link
Contributor Author

cc: @rockspore

lqiu96
lqiu96 reviewed Jan 30, 2025
View reviewed changes
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java Outdated
@@ -592,6 +593,41 @@ ChannelCredentials createS2ASecuredChannelCredentials() {
}
}

boolean isMtlsS2AHardBoundTokensEnabled() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a thought (nothing that needs to be changed in this PR): With how many helper methods we have for S2A and hard bound tokens, I wonder if we can split these methods into a helper class in Gax-Grpc (something like S2AMtlsContext or something)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think this would be help to reduce the complexity in the InstantiatingGrpcChannelProvider file. I'm happy to do the cleanup of that in a followup CL.

@rockspore rockspore mentioned this pull request Jan 31, 2025
Merged
lqiu96
lqiu96 approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Can the title be updated to be something like:

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows

So users who use gRPC don't need to worry.

@rmehta19 rmehta19 changed the title feat: Enable MTLS_S2A bound token in InstantiatingGrpcChannelProvider feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows Feb 3, 2025
@rmehta19
Copy link
Contributor Author

rmehta19 commented Feb 3, 2025

Thanks @lqiu96 for the review!

lqiu96
lqiu96 approved these changes Feb 5, 2025
View reviewed changes
Copy link
Contributor

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. In a future PR, I think we can try and see if we can clean up the S2A logic and move it into a helper/ util class.

@lqiu96
Copy link
Contributor

lqiu96 commented Feb 5, 2025

/gcbrun

@rockspore
Copy link
Contributor

@lqiu96 Could you merge this if it's ready to do so? Thanks. I will update my #3572 after that and let you know when that's ready for a look.

@lqiu96 lqiu96 merged commit 81e21f2 into googleapis:main Feb 5, 2025
45 of 47 checks passed
@release-please release-please bot mentioned this pull request Feb 5, 2025
Merged
lqiu96 pushed a commit that referenced this pull request Feb 10, 2025
@release-please
chore(main): release 2.53.0 (#3594)
0bc9cce 
🤖 I have created a release *beep* *boop*
---


<details><summary>2.53.0</summary>

##
[2.53.0](v2.52.0...v2.53.0)
(2025-02-10)


### Features

* enable DirectPath bound token in InstantiatingGrpcChannelProvider
([#3572](#3572))
([5080495](5080495))
* Enable MTLS_S2A bound token by default for gRPC S2A enabled flows
([#3591](#3591))
([81e21f2](81e21f2))
* migrate away from deprecated graal-sdk dependency to use nativeimage
([#2706](#2706))
([757801a](757801a))


### Bug Fixes

* Avoid creating message string prematurely for streaming calls
([#3622](#3622))
([f805e70](f805e70))


### Dependencies

* update dependency com.google.code.gson:gson to v2.12.0
([#3595](#3595))
([1f1b119](1f1b119))
* update dependency com.google.code.gson:gson to v2.12.0
([#3596](#3596))
([af62f53](af62f53))
* update dependency com.google.code.gson:gson to v2.12.1
([#3599](#3599))
([18917ee](18917ee))
* update dependency com.google.code.gson:gson to v2.12.1
([#3600](#3600))
([3f82836](3f82836))
* update dependency commons-codec:commons-codec to v1.18.0
([#3590](#3590))
([cd46ba5](cd46ba5))
* update dependency io.netty:netty-tcnative-boringssl-static to
v2.0.70.final
([#3623](#3623))
([a4d1f95](a4d1f95))
* update dependency lxml to v5.3.1
([#3624](#3624))
([5407646](5407646))
* update dependency net.bytebuddy:byte-buddy to v1.17.0
([#3582](#3582))
([54d99e9](54d99e9))
* update dependency org.checkerframework:checker-qual to v3.49.0
([#3604](#3604))
([390cffa](390cffa))
* update dependency org.graalvm.sdk:nativeimage to v24.1.2
([#3597](#3597))
([9d151c4](9d151c4))
* update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker
digest to 456f60c
([#3607](#3607))
([c2d2768](c2d2768))
* update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker
digest to d323c2b
([#3601](#3601))
([ed35c23](ed35c23))
* update docker.io/library/python docker tag to v3.13.2
([#3615](#3615))
([ba007c2](ba007c2))
* update docker.io/library/python:3.13.1-alpine3.20 docker digest to
7788ec8
([#3586](#3586))
([a24d1ba](a24d1ba))
* update google api dependencies
([#3584](#3584))
([08f2b7b](08f2b7b))
* update google auth library dependencies to v1.32.0
([#3611](#3611))
([9436eb0](9436eb0))
* update google auth library dependencies to v1.32.1
([#3618](#3618))
([88c78e2](88c78e2))
* update google http client dependencies to v1.46.1
([#3616](#3616))
([2462105](2462105))
* update googleapis/java-cloud-bom digest to 47ad868
([#3608](#3608))
([2bcf9e0](2bcf9e0))
* update googleapis/java-cloud-bom digest to 514a644
([#3602](#3602))
([172d4da](172d4da))
* update googleapis/java-cloud-bom digest to 7752ecd
([#3603](#3603))
([06be924](06be924))
* update netty dependencies to v4.1.117.final
([#3581](#3581))
([2734dc0](2734dc0))
* update netty dependencies to v4.1.118.final
([#3625](#3625))
([16ff6bd](16ff6bd))
* update netty dependencies to v4.1.118.final
([#3626](#3626))
([316c425](316c425))
* Update OpenTelemetry semantic convention packages in the shared
dependencies
([#3402](#3402))
([0e69784](0e69784))
* update opentelemetry-java monorepo to v1.46.0
([#3585](#3585))
([ac214be](ac214be))
* update opentelemetry-java monorepo to v1.47.0
([#3619](#3619))
([66901df](66901df))
* update repo-automation-bots digest to 35eff2c
([#3609](#3609))
([b962a01](b962a01))
* update repo-automation-bots digest to 3a68a9c
([#3620](#3620))
([1d79552](1d79552))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rockspore rockspore rockspore left review comments

@lqiu96 lqiu96 lqiu96 approved these changes

Assignees
No one assigned
Labels
size: m Pull request size is medium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rmehta19 @lqiu96 @rockspore