Change in asterixdb[neo]: [ASTERIXDB-3112][EXT]: Add support to GCS Default Authentictation Pro...

AsterixDB Code Review Sun, 12 Feb 2023 04:47:27 -0800

>From Hussain Towaileb <[email protected]>:

Hussain Towaileb has uploaded this change for review. ( 
https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17379 )



Change subject: [ASTERIXDB-3112][EXT]: Add support to GCS Default 
Authentictation Provider
......................................................................

[ASTERIXDB-3112][EXT]: Add support to GCS Default Authentictation Provider

Details:
- Selecting default authentication provider enables the SDK to
  search for credentials in the following locatinos (in order):
  - environment variable
  - gcloud cli credentials file
  - attach service account to google compute engine
  - attach service account to google app engine

Change-Id: I93eb3a19d799f70c00c0a40efe3d484c1967ad3e
---
M 
asterixdb/asterix-common/src/main/java/org/apache/asterix/common/exceptions/ErrorCode.java
M 
asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java
M 
asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataConstants.java
M asterixdb/asterix-common/src/main/resources/asx_errormsg/en.properties
4 files changed, 41 insertions(+), 6 deletions(-)



  git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb 
refs/changes/79/17379/1

diff --git 
a/asterixdb/asterix-common/src/main/java/org/apache/asterix/common/exceptions/ErrorCode.java
 
b/asterixdb/asterix-common/src/main/java/org/apache/asterix/common/exceptions/ErrorCode.java
index fc234ef..2235005 100644
--- 
a/asterixdb/asterix-common/src/main/java/org/apache/asterix/common/exceptions/ErrorCode.java
+++ 
b/asterixdb/asterix-common/src/main/java/org/apache/asterix/common/exceptions/ErrorCode.java
@@ -265,6 +265,7 @@
     S3_REGION_NOT_SUPPORTED(1170),
     COMPILATION_SET_OPERATION_ERROR(1171),
     INVALID_TIMEZONE(1172),
+    INVALID_PARAM_VALUE_ALLOWED_VALUE(1173),

     // Feed errors
     DATAFLOW_ILLEGAL_STATE(3001),
diff --git 
a/asterixdb/asterix-common/src/main/resources/asx_errormsg/en.properties 
b/asterixdb/asterix-common/src/main/resources/asx_errormsg/en.properties
index b98dc43..7455a3b 100644
--- a/asterixdb/asterix-common/src/main/resources/asx_errormsg/en.properties
+++ b/asterixdb/asterix-common/src/main/resources/asx_errormsg/en.properties
@@ -267,6 +267,7 @@
 1170 = Provided S3 region is not supported: '%1$s'
 1171 = Unable to process %1$s clause. %2$s
 1172 = Provided timezone is invalid: '%1$s'
+1173 = Invalid value for parameter '%1$s', allowed value(s): %2$s

 # Feed Errors
 3001 = Illegal state.
diff --git 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataConstants.java
 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataConstants.java
index f0b9c90..71f40db 100644
--- 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataConstants.java
+++ 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataConstants.java
@@ -434,6 +434,7 @@
             throw new AssertionError("do not instantiate");
         }

+        public static final String DEFAULT_CREDENTIALS_PROVIDER_FIELD_NAME = 
"defaultCredentialsProvider";
         public static final String JSON_CREDENTIALS_FIELD_NAME = 
"jsonCredentials";
     }
 }
diff --git 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java
 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java
index 8e38eed..28d3e63 100644
--- 
a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java
+++ 
b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java
@@ -21,6 +21,7 @@
 import static com.google.cloud.storage.Storage.BlobListOption;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static 
org.apache.asterix.common.exceptions.ErrorCode.EXTERNAL_SOURCE_ERROR;
+import static 
org.apache.asterix.common.exceptions.ErrorCode.INVALID_PARAM_VALUE_ALLOWED_VALUE;
 import static 
org.apache.asterix.common.exceptions.ErrorCode.INVALID_REQ_PARAM_VAL;
 import static 
org.apache.asterix.common.exceptions.ErrorCode.PARAMETERS_NOT_ALLOWED_AT_SAME_TIME;
 import static 
org.apache.asterix.common.exceptions.ErrorCode.PARAMETERS_REQUIRED;
@@ -54,6 +55,7 @@
 import static 
org.apache.asterix.external.util.ExternalDataConstants.Azure.RECURSIVE_FIELD_NAME;
 import static 
org.apache.asterix.external.util.ExternalDataConstants.Azure.SHARED_ACCESS_SIGNATURE_FIELD_NAME;
 import static 
org.apache.asterix.external.util.ExternalDataConstants.Azure.TENANT_ID_FIELD_NAME;
+import static 
org.apache.asterix.external.util.ExternalDataConstants.GCS.DEFAULT_CREDENTIALS_PROVIDER_FIELD_NAME;
 import static 
org.apache.asterix.external.util.ExternalDataConstants.GCS.JSON_CREDENTIALS_FIELD_NAME;
 import static 
org.apache.asterix.external.util.ExternalDataConstants.KEY_ADAPTER_NAME_GCS;
 import static 
org.apache.asterix.external.util.ExternalDataConstants.KEY_DELIMITER;
@@ -147,7 +149,7 @@
 import com.azure.storage.file.datalake.models.ListPathsOptions;
 import com.azure.storage.file.datalake.models.PathItem;
 import com.google.api.gax.paging.Page;
-import com.google.auth.oauth2.ServiceAccountCredentials;
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.storage.Blob;
 import com.google.cloud.storage.Storage;
 import com.google.cloud.storage.StorageOptions;
@@ -1838,16 +1840,29 @@
          * @throws CompilationException CompilationException
          */
         public static Storage buildClient(Map<String, String> configuration) 
throws CompilationException {
+            String defaultCredentialsProvider = 
configuration.get(DEFAULT_CREDENTIALS_PROVIDER_FIELD_NAME);
             String jsonCredentials = 
configuration.get(JSON_CREDENTIALS_FIELD_NAME);

             StorageOptions.Builder builder = StorageOptions.newBuilder();

-            // Use credentials if available
-            if (jsonCredentials != null) {
-                try (InputStream credentialsStream = new 
ByteArrayInputStream(jsonCredentials.getBytes())) {
-                    
builder.setCredentials(ServiceAccountCredentials.fromStream(credentialsStream));
+            // default credentials provider
+            if (defaultCredentialsProvider != null) {
+                // only "true" value is allowed
+                if (!defaultCredentialsProvider.equalsIgnoreCase("true")) {
+                    throw new 
CompilationException(INVALID_PARAM_VALUE_ALLOWED_VALUE,
+                            DEFAULT_CREDENTIALS_PROVIDER_FIELD_NAME, "true");
+                }
+
+                // no other authentication parameters are allowed
+                if (jsonCredentials != null) {
+                    throw new 
CompilationException(PARAM_NOT_ALLOWED_IF_PARAM_IS_PRESENT, 
JSON_CREDENTIALS_FIELD_NAME,
+                            DEFAULT_CREDENTIALS_PROVIDER_FIELD_NAME);
+                }
+
+                try {
+                    
builder.setCredentials(GoogleCredentials.getApplicationDefault());
                 } catch (IOException ex) {
-                    throw new CompilationException(EXTERNAL_SOURCE_ERROR, 
getMessageOrToString(ex));
+                    throw CompilationException.create(EXTERNAL_SOURCE_ERROR, 
getMessageOrToString(ex));
                 }
             }


--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17379
To unsubscribe, or for help writing mail filters, visit 
https://asterix-gerrit.ics.uci.edu/settings

Gerrit-Project: asterixdb
Gerrit-Branch: neo
Gerrit-Change-Id: I93eb3a19d799f70c00c0a40efe3d484c1967ad3e
Gerrit-Change-Number: 17379
Gerrit-PatchSet: 1
Gerrit-Owner: Hussain Towaileb <[email protected]>
Gerrit-MessageType: newchange

Change in asterixdb[neo]: [ASTERIXDB-3112][EXT]: Add support to GCS Default Authentictation Pro...

Reply via email to