Change in asterixdb[master]: Testing attached service account

AsterixDB Code Review Fri, 03 Feb 2023 01:09:38 -0800

>From Hussain Towaileb <[email protected]>:

Hussain Towaileb has uploaded this change for review. ( 
https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17359 )



Change subject: Testing attached service account
......................................................................

Testing attached service account

Change-Id: I93eb3a19d799f70c00c0a40efe3d484c1967ad3e
---
M 
asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSConstants.java
M 
asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSUtils.java
2 files changed, 27 insertions(+), 11 deletions(-)



  git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb 
refs/changes/59/17359/1

diff --git 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSConstants.java
 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSConstants.java
index 6bf2266..70c2b7b 100644
--- 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSConstants.java
+++ 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSConstants.java
@@ -23,6 +23,7 @@
         throw new AssertionError("do not instantiate");
     }

+    public static final String ATTACHED_SERVICE_ACCOUNT = 
"attachedServiceAccount";
     public static final String JSON_CREDENTIALS_FIELD_NAME = "jsonCredentials";
     public static final String ENDPOINT_FIELD_NAME = "endpoint";

diff --git 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSUtils.java
 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSUtils.java
index 93dc272..274645a 100644
--- 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSUtils.java
+++ 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/google/gcs/GCSUtils.java
@@ -21,14 +21,7 @@
 import static 
org.apache.asterix.common.exceptions.ErrorCode.EXTERNAL_SOURCE_ERROR;
 import static org.apache.asterix.external.util.ExternalDataUtils.getPrefix;
 import static 
org.apache.asterix.external.util.ExternalDataUtils.validateIncludeExclude;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.ENDPOINT_FIELD_NAME;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_AUTH_SERVICE_ACCOUNT_JSON_KEY_FILE;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_AUTH_SERVICE_ACCOUNT_JSON_KEY_FILE_PATH;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_AUTH_TYPE;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_AUTH_UNAUTHENTICATED;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_ENDPOINT;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.HADOOP_GCS_PROTOCOL;
-import static 
org.apache.asterix.external.util.google.gcs.GCSConstants.JSON_CREDENTIALS_FIELD_NAME;
+import static org.apache.asterix.external.util.google.gcs.GCSConstants.*;
 import static org.apache.hyracks.api.util.ExceptionUtils.getMessageOrToString;

 import java.io.ByteArrayInputStream;
@@ -53,7 +46,7 @@
 import org.apache.hyracks.api.exceptions.Warning;

 import com.google.api.gax.paging.Page;
-import com.google.auth.oauth2.ServiceAccountCredentials;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.BaseServiceException;
 import com.google.cloud.storage.Blob;
 import com.google.cloud.storage.Storage;
@@ -73,15 +66,28 @@
      * @throws CompilationException CompilationException
      */
     public static Storage buildClient(Map<String, String> configuration) 
throws CompilationException {
+        String attachedServiceAccount = 
configuration.get(ATTACHED_SERVICE_ACCOUNT);
         String jsonCredentials = 
configuration.get(JSON_CREDENTIALS_FIELD_NAME);
         String endpoint = configuration.get(ENDPOINT_FIELD_NAME);
+        attachedServiceAccount = "true";

         StorageOptions.Builder builder = StorageOptions.newBuilder();

-        // Use credentials if available
+        // attached service account
+        if (attachedServiceAccount != null) {
+            try {
+                
builder.setCredentials(GoogleCredentials.getApplicationDefault());
+            } catch (IOException ex) {
+                // TODO(htowaileb): failed to get credentials error
+                throw CompilationException.create(EXTERNAL_SOURCE_ERROR,
+                        "Failed to load credentials: " + 
getMessageOrToString(ex));
+            }
+        }
+
+        // credentials
         if (jsonCredentials != null) {
             try (InputStream credentialsStream = new 
ByteArrayInputStream(jsonCredentials.getBytes())) {
-                
builder.setCredentials(ServiceAccountCredentials.fromStream(credentialsStream));
+                
builder.setCredentials(GoogleCredentials.fromStream(credentialsStream));
             } catch (IOException ex) {
                 throw new CompilationException(EXTERNAL_SOURCE_ERROR, 
getMessageOrToString(ex));
             }

--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17359
To unsubscribe, or for help writing mail filters, visit 
https://asterix-gerrit.ics.uci.edu/settings

Gerrit-Project: asterixdb
Gerrit-Branch: master
Gerrit-Change-Id: I93eb3a19d799f70c00c0a40efe3d484c1967ad3e
Gerrit-Change-Number: 17359
Gerrit-PatchSet: 1
Gerrit-Owner: Hussain Towaileb <[email protected]>
Gerrit-MessageType: newchange

Change in asterixdb[master]: Testing attached service account

Reply via email to