Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows #3591

Merged
merged 14 commits into from
Feb 5, 2025
Merged

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows #3591

merged 14 commits into from
Feb 5, 2025

Conversation

rmehta19
Copy link
Contributor

Similar to implementation for DirectPath in #3572.

This is part of the experimental S2A feature (see #3400)

@product-auto-label product-auto-label bot added the size: s Pull request size is small. label Jan 27, 2025
@product-auto-label product-auto-label bot added size: m Pull request size is medium. and removed size: s Pull request size is small. labels Jan 28, 2025
@rmehta19
Copy link
Contributor Author

@lqiu96 , @blakeli0 , @zhumin8 would you all be able to review this PR? Thanks!

@rmehta19
Copy link
Contributor Author

cc: @rockspore

lqiu96
lqiu96 reviewed Jan 30, 2025
View reviewed changes
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java Outdated
@@ -592,6 +593,41 @@ ChannelCredentials createS2ASecuredChannelCredentials() {
}
}

boolean isMtlsS2AHardBoundTokensEnabled() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a thought (nothing that needs to be changed in this PR): With how many helper methods we have for S2A and hard bound tokens, I wonder if we can split these methods into a helper class in Gax-Grpc (something like S2AMtlsContext or something)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think this would be help to reduce the complexity in the InstantiatingGrpcChannelProvider file. I'm happy to do the cleanup of that in a followup CL.

@rockspore rockspore mentioned this pull request Jan 31, 2025
Open
lqiu96
lqiu96 approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Can the title be updated to be something like:

feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows

So users who use gRPC don't need to worry.

@rmehta19 rmehta19 changed the title feat: Enable MTLS_S2A bound token in InstantiatingGrpcChannelProvider feat: Enable MTLS_S2A bound token by default for gRPC S2A enabled flows Feb 3, 2025
@rmehta19
Copy link
Contributor Author

rmehta19 commented Feb 3, 2025

Thanks @lqiu96 for the review!

lqiu96
lqiu96 approved these changes Feb 5, 2025
View reviewed changes
Copy link
Contributor

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. In a future PR, I think we can try and see if we can clean up the S2A logic and move it into a helper/ util class.

@lqiu96
Copy link
Contributor

lqiu96 commented Feb 5, 2025

/gcbrun

@rockspore
Copy link

@lqiu96 Could you merge this if it's ready to do so? Thanks. I will update my #3572 after that and let you know when that's ready for a look.

@lqiu96 lqiu96 merged commit 81e21f2 into googleapis:main Feb 5, 2025
45 of 47 checks passed
@release-please release-please bot mentioned this pull request Feb 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rockspore rockspore rockspore left review comments

@lqiu96 lqiu96 lqiu96 approved these changes

Assignees
No one assigned
Labels
size: m Pull request size is medium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rmehta19 @lqiu96 @rockspore