From 1f3cdc9bc9efdc12cfe0255d22646abc5ec6f28a Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 21 Feb 2025 16:09:55 -0800 Subject: [PATCH 1/4] create new ComputeEngineCredentials via newBuilder. --- .../grpc/InstantiatingGrpcChannelProvider.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java index b75ba746f9..155658e254 100644 --- a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java +++ b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java @@ -1199,14 +1199,18 @@ boolean isDirectPathBoundTokenEnabled() { CallCredentials createHardBoundTokensCallCredentials( ComputeEngineCredentials.GoogleAuthTransport googleAuthTransport, ComputeEngineCredentials.BindingEnforcement bindingEnforcement) { + ComputeEngineCredentials.Builder credsBuilder = + ((ComputeEngineCredentials) credentials).toBuilder(); // We only set scopes and HTTP transport factory from the original credentials because // only those are used in gRPC CallCredentials to fetch request metadata. - return MoreCallCredentials.from( - ((ComputeEngineCredentials) this.credentials) - .toBuilder() - .setGoogleAuthTransport(googleAuthTransport) - .setBindingEnforcement(bindingEnforcement) - .build()); + CallCredentials callCreds = + MoreCallCredentials.from( + ComputeEngineCredentials.newBuilder() + .setScopes(credsBuilder.getScopes()) + .setHttpTransportFactory(credsBuilder.getHttpTransportFactory()) + .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) + .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) + .build()); } public InstantiatingGrpcChannelProvider build() { From f26b07b456d615ebd930244098d146d65aca7d43 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 21 Feb 2025 16:15:24 -0800 Subject: [PATCH 2/4] set parameter values. --- .../google/api/gax/grpc/InstantiatingGrpcChannelProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java index 155658e254..95dc42305f 100644 --- a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java +++ b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java @@ -1208,8 +1208,8 @@ CallCredentials createHardBoundTokensCallCredentials( ComputeEngineCredentials.newBuilder() .setScopes(credsBuilder.getScopes()) .setHttpTransportFactory(credsBuilder.getHttpTransportFactory()) - .setGoogleAuthTransport(ComputeEngineCredentials.GoogleAuthTransport.MTLS) - .setBindingEnforcement(ComputeEngineCredentials.BindingEnforcement.ON) + .setGoogleAuthTransport(googleAuthTransport) + .setBindingEnforcement(bindingEnforcement) .build()); } From cf27512206e2d33f2dd96df4a6884a10c066fe2f Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 21 Feb 2025 16:18:50 -0800 Subject: [PATCH 3/4] return cred. --- .../grpc/InstantiatingGrpcChannelProvider.java | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java index 95dc42305f..41b60aafc6 100644 --- a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java +++ b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java @@ -1203,14 +1203,13 @@ CallCredentials createHardBoundTokensCallCredentials( ((ComputeEngineCredentials) credentials).toBuilder(); // We only set scopes and HTTP transport factory from the original credentials because // only those are used in gRPC CallCredentials to fetch request metadata. - CallCredentials callCreds = - MoreCallCredentials.from( - ComputeEngineCredentials.newBuilder() - .setScopes(credsBuilder.getScopes()) - .setHttpTransportFactory(credsBuilder.getHttpTransportFactory()) - .setGoogleAuthTransport(googleAuthTransport) - .setBindingEnforcement(bindingEnforcement) - .build()); + return MoreCallCredentials.from( + ComputeEngineCredentials.newBuilder() + .setScopes(credsBuilder.getScopes()) + .setHttpTransportFactory(credsBuilder.getHttpTransportFactory()) + .setGoogleAuthTransport(googleAuthTransport) + .setBindingEnforcement(bindingEnforcement) + .build()); } public InstantiatingGrpcChannelProvider build() { From dbe590f297174fcfa2095138af59d4490f835c35 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Fri, 21 Feb 2025 16:23:18 -0800 Subject: [PATCH 4/4] update comment. --- .../api/gax/grpc/InstantiatingGrpcChannelProvider.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java index 41b60aafc6..19a405272f 100644 --- a/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java +++ b/gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java @@ -1202,7 +1202,13 @@ CallCredentials createHardBoundTokensCallCredentials( ComputeEngineCredentials.Builder credsBuilder = ((ComputeEngineCredentials) credentials).toBuilder(); // We only set scopes and HTTP transport factory from the original credentials because - // only those are used in gRPC CallCredentials to fetch request metadata. + // only those are used in gRPC CallCredentials to fetch request metadata. We create a new + // credential + // via {@code newBuilder} as opposed to {@code toBuilder} because we don't want a reference to + // the + // access token held by {@code credentials}; we want this new credential to fetch a new access + // token + // from MDS using the {@param googleAuthTransport} and {@param bindingEnforcement}. return MoreCallCredentials.from( ComputeEngineCredentials.newBuilder() .setScopes(credsBuilder.getScopes())