[xDS] A97 - JWT token file call creds #12242
Conversation
Zgoda91
force-pushed
the
A97_jwt_token_call_creds
branch
3 times, most recently
from
a4317bd to
a8f76b0
Compare
Zgoda91
force-pushed
the
A97_jwt_token_call_creds
branch
from
a8f76b0 to
c781460
Compare
|
@ejona86 Could you please review this PR when you get a chance? Thanks! |
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.grpc.alts; |
There was a problem hiding this comment.
Why were these files added to alts? I'd have expected xds.
| import java.nio.charset.StandardCharsets; | ||
| import org.junit.rules.TemporaryFolder; | ||
|
|
||
| public class JwtTokenFileTestUtils { |
There was a problem hiding this comment.
These are only used by one test, and I don't expect many other tests to use this. We'd typically just have these as private methods in the test class. But if you do really want this in a separate file, that's fine, but just have it sit next to the test until it seems like it is going to be used.
If you are going to keep this as a separate file, you probably should remove the TemporaryFolder usages in the class. That is mixing responsibilities and reduces the reusability.
| return jwtToken; | ||
| } | ||
|
|
||
| public static File createValidJwtToken(TemporaryFolder tempFolder, Long expTime) |
There was a problem hiding this comment.
s/Long/long/. It doesn't look like null is valid.
| String target, Object implSpecificConfig, boolean ignoreResourceDeletion, | ||
| String target, | ||
| Object implSpecificChannelCredConfig, | ||
| @Nullable Object implSpecificCallCredConfig, |
There was a problem hiding this comment.
Instead of having separate Channel and Call creds explicitly here, can we use io.grpc.CompositeChannelCredentials instead to just continue using the implSpecificChannelCredConfig? I've not tried to follow the data flow yet.
| * A wrapper class that supports {@link JwtTokenFileXdsCredentialsProvider} for | ||
| * Xds by implementing {@link XdsCredentialsProvider}. | ||
| */ | ||
| public class JwtTokenFileXdsCredentialsProvider extends XdsCredentialsProvider { |
There was a problem hiding this comment.
final. Almost every (non-test) class should be final; we had lots of problems with users mocks doing impossible things, and final makes it harder for people to mess it up. Even places you think "it's impossible for a mocking framework to extend this class" like if the class isn't public... mocking frameworks can still do surprising things.
| * See gRFC A97 (https://github.com/grpc/proposal/pull/492). | ||
| */ | ||
| public final class JwtTokenFileCallCredentials extends OAuth2Credentials { | ||
| private static final long serialVersionUID = 452556614608513984L; |
There was a problem hiding this comment.
FYI: You can just use the value 0 or 1, or your favorite number 42. The ugly computed number is necessary when you were previously relying on the JVM to calculate the version for you, and you want to remain compatible with the previously-computed value.
| */ | ||
| public final class JwtTokenFileCallCredentials extends OAuth2Credentials { | ||
| private static final long serialVersionUID = 452556614608513984L; | ||
| private String path = null; |
| private String path = null; | ||
|
|
||
| private JwtTokenFileCallCredentials(String path) { | ||
| this.path = path; |
There was a problem hiding this comment.
checkNotNull(path, "path")
Any time we save a value for later, we should be checking for null if it shouldn't be null. That means it is more likely the stack trace will tell us who provided the wrong value. The "path" string is an arbitrary semi-unique string, and useful just because line numbers can be unreliable (the number of times users don't know the version they are running or are incorrect...). We just repeat the variable name because it is unique (for the function), short, and requires zero thought.
implementing gRFC A97 grpc/proposal#492