Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Add support for autodiscovering default credentials #292

Merged
merged 1 commit into from
Jan 16, 2024
Merged

Add support for autodiscovering default credentials #292

merged 1 commit into from
Jan 16, 2024

Conversation

markallanson
Copy link
Contributor

This change reversed one made in PR #228 that broke automatic credential discovery and instead replaced it with a "No Credentials" implementation.

Autodiscovery is a better default, and matches the behaviour documented by the properties gcs.credentials.path and gcs.credentials.json which state

If not provided, the connector will try to detect the credentials
automatically

Closes #291

@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from 447916e to b9908cb Compare August 2, 2023 08:31
@markallanson
Copy link
Contributor Author

Fixed spotless linting errors.

@markallanson
Copy link
Contributor Author

Are there any tips for debugging these test failures? All the tests pass locally, so need to try and figure out the problem in the build system.

@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from b9908cb to e0ebef5 Compare October 16, 2023 13:20
@markallanson markallanson requested review from a team as code owners October 16, 2023 13:20
@markallanson
Copy link
Contributor Author

Pushed a rebased copy of the changes on top of latest main.

@ivanyu
Copy link
Contributor

ivanyu commented Dec 13, 2023

@markallanson thank you for this PR. It would be great to have the forth mode of "no credentials", which is useful for e.g. working through some proxies, fake-gcs-server, etc. Would you consider adding it?
We have something similar in another repo, which could be used as a reference: link 1, link 2, link 3

@markallanson
Copy link
Contributor Author

@markallanson thank you for this PR. It would be great to have the forth mode of "no credentials", which is useful for e.g. working through some proxies, fake-gcs-server, etc. Would you consider adding it? We have something similar in another repo, which could be used as a reference: link 1, link 2, link 3

I am open to this. Will take a look at the links and implement something the same.

@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from e0ebef5 to afe80e2 Compare January 10, 2024 14:40
@markallanson
Copy link
Contributor Author

This PR has been updated to introduce a new property, gcs.credentials.default which matches that
supported by the TieredStorageManager for configuring autodiscovery of default credentials as suggested by @ivanyu.

When this property is set to false, or omitted entirely the NoCredentials option will be
used, but when it is defined and set to true it will autodiscover credentials.

@markallanson markallanson changed the title Autodiscover default credentials when nothing is explicitly specified. Add support for autodiscovering default credentials Jan 10, 2024
@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch 3 times, most recently from 3c415e9 to 9ce904f Compare January 12, 2024 16:41
@markallanson
Copy link
Contributor Author

I have revised the code to avoid the PMD warning regarding inline constants.

@markallanson
Copy link
Contributor Author

I'll tackle the remaining PMD violations on Monday - they appear to be mostly in code I didn't change as part of this PR, but am happy to fix them.

jeqo
jeqo suggested changes Jan 12, 2024
View reviewed changes
Copy link
Contributor

@jeqo jeqo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @markallanson! Took a first look at the PR. Overall I agree with the changes and new configs.

Few chores to fix issues on CI:

  • Run ./gradlew :spotlessApply and reformat as needed
  • Run ./gradlew :pmdTest before pushing to validate changes.
  • Avoid using import static of constants, instead use GcsSinkConfig.<CONSTANT> on methods to reduce number of imports.
  • Consider creating a new test class for credentials e.g. GcsSinkConfigCredentialsTest -- and move the ~6 tests related to credentials there.

src/test/java/io/aiven/kafka/connect/gcs/config/GcsSinkConfigTest.java Outdated Show resolved Hide resolved
src/test/java/io/aiven/kafka/connect/gcs/config/GcsSinkConfigTest.java Outdated Show resolved Hide resolved
src/test/java/io/aiven/kafka/connect/gcs/config/GcsSinkConfigTest.java Outdated Show resolved Hide resolved
@jeqo jeqo self-assigned this Jan 12, 2024
@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from 9ce904f to 323f706 Compare January 12, 2024 17:26
@markallanson
Copy link
Contributor Author

markallanson commented Jan 12, 2024
edited
Loading

@jeqo Addressed all your comments I believe. Thanks for the feedback and helping us get this through, it's very appreciated!

@markallanson
Copy link
Contributor Author

@jeqo It looks like the default credentials test is failing. Without being able to see any detailed information about the failure I have to assume this is because there's no google credentials in the gitlab runner's environment so the google cloud sdk is throwing a missing credentials error (throw new IOException(CLOUDSDK_MISSING_CREDENTIALS);).

In order to avoid going around in circles, can you please let me know which of the two options you'd prefer I use:

  1. Switch back to using a mock, or
  2. Try and configure some google cloud sdk credentials in the gitlab workflow runner

@jeqo
Copy link
Contributor

jeqo commented Jan 15, 2024

@markallanson you're right, it's failing because no default credentials were found.
I was thinking on creating default credentials if they don't exist or passing it via env variable on GH actions, but it could get messy.
Let's switch back to the mock approach then, I'm afraid. And let's add some comment on why the mock is required on the test case.

@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from 323f706 to d1eabbd Compare January 15, 2024 16:30
@markallanson
Copy link
Contributor Author

@markallanson you're right, it's failing because no default credentials were found. I was thinking on creating default credentials if they don't exist or passing it via env variable on GH actions, but it could get messy. Let's switch back to the mock approach then, I'm afraid. And let's add some comment on why the mock is required on the test case.

Ok done - converted back to using mocks.

@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from d1eabbd to 0be4883 Compare January 16, 2024 08:45
@markallanson
Restore support for autodiscovering credentials
357ba87 
PR Aiven-Open#228 removed support for autodiscovered credentials by replacing the same configuration
with a NoCredentials implementation.

This change introduces a new property, `gcs.credentials.default` which matches that
supported by the TieredStorageManager for configuring autodiscovery of default credentials.

When this property is set to `false`, or omitted entirely the NoCredentials option will be
used, but when it is defined and set to `true` it will autodiscover credentials.

Closes Aiven-Open#291
@markallanson markallanson force-pushed the task/291/autodiscover-credentials branch from 0be4883 to 357ba87 Compare January 16, 2024 09:07
jeqo
jeqo approved these changes Jan 16, 2024
View reviewed changes
Copy link
Contributor

@jeqo jeqo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT, thanks @markallanson !

@jeqo jeqo merged commit 8e7db9b into Aiven-Open:main Jan 16, 2024
4 checks passed
@martinzuern martinzuern mentioned this pull request Jul 10, 2024
Open
@AnatolyPopov AnatolyPopov mentioned this pull request Sep 17, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jeqo jeqo jeqo approved these changes

Assignees

@jeqo jeqo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Connector does not allow connecting with default credentials.
3 participants
@markallanson @ivanyu @jeqo