Comments (15)
@meltsufin You or someone else on the App Engine flex runtime might want to take a look at this.
from google-auth-library-java.
@isdal I see now that it refers to the compat runtime. The compat runtimes are deprecated.
from google-auth-library-java.
It still needs to be fixed ASAP.
from google-auth-library-java.
Also, it might be important to address this for the new Java8 Standard runtime under development.
It supports of course the GAE Standard APIs, but as well the new Cloud APIs. In such new environment, it would be preferable to opt for the new API path, if/when possible.
from google-auth-library-java.
This looks like a tricky issue. The order of checks (app engine before GCE) is intentional, and the suggested fix here is to change the order, which could be a breaking change (I'm not sure). Is there a reliable way to check for app engine flex?
from google-auth-library-java.
@isdal @ludoch Could you say why? (We are trying to discuss this, but it turns out going to GCE takes a while (order 30 sec))
from google-auth-library-java.
Flex is setting a few environment variables that you potentially could check for to determine if GCE should be checked first. In compat mode (which is when we get these false positives) we always set "GAE_VM=true".
from google-auth-library-java.
Some of the runtime leads have proposed the introduction of a single environment variable that would identify the environment GOOGLE_CLOUD_ENVIRONMENT
or GCP_ENVIRONMENT
. The variable would distinguish among App Engine Standard, App Engine Flexible, GKE, GCE, etc. I'm not sure if the PMs are onboard though.
from google-auth-library-java.
@meltsufin That sounds ideal. There are definitely occasions where the cloud client libraries need to distinguish the environment. Especially for logging. (Python, Java) Currently the client libraries look at the GAE_INSTANCE
variable, but this makes it impossible to distinguish the flexible environment from the standard environment.
from google-auth-library-java.
Flex compat is deprecated and should not be corrected.
But the code is https://github.com/google/google-auth-library-java/blob/7e7119cff208a8a5a31504ed971b75e215ddf9d7/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L65
while working for Java7 GAE Standard, may work with Java8 GAE Standard, but Java8 GAE Standard client libraries should try not to rely on GAE Standard APIs, but instead, rely on Cloud APIs.
Soon, we will also support the Metadata server in GAE Java8 Standard.
from google-auth-library-java.
@tcoffee-google it looks like some of the stuff referenced in the present issue were addressed in your PR #110 - could you take look here and see what still needs to be addressed?
from google-auth-library-java.
Given the number of proposed alternatives, I've arranged an offline discussion tomorrow.
from google-auth-library-java.
Potentially #103 is the intended workaround
from google-auth-library-java.
@lesv can you verify if this issue is fixed by #103 ?
from google-auth-library-java.
This appears to have been solved in #103. Closing this out, but feel free to re-open if this is not the case.
from google-auth-library-java.
Related Issues (20)
- Google Login: Library v1.12.1 and later are broken on Android API 21 HOT 2
- External Cloud RAD Pages are outdated and show v1.7.0 as the latest release
- Integrating google-auth-library-java into OSS-Fuzz HOT 1
- Warning: a recent release failed
- Support for GCP Application Default Credentials strategy HOT 1
- Add support for reading GOOGLE_APPLICATION_CREDENTIALS as a property HOT 1
- Missing scopes using WIF when upgrading google-auth-library-java-oauth2-http from 1.13.0 to 1.14.0 HOT 8
- google-auth-library-java-oauth2-http: refresh() doesn't generate new token on each call in GKE HOT 5
- Add reactor Bindings HOT 3
- The horror of chain reaction (GoogleCredentials) HOT 1
- Allow usage of ExternalAccountCredentials custom implementation HOT 2
- unchecked casts are bad practice, but allowed globally in pom.xml
- Add native image support for credentials and appengine modules
- impersonated_service_account not recognized HOT 1
- ExternalAccountCredentials serialization is broken HOT 1
- com.google.firebase.messaging.FirebaseMessagingException: Unknown error while making a remote service call: Error getting access token for service account: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 405 Method Not Allowed", HOT 2
- [kms]: Missing credentials leads to misleading exception and pointless retry loop HOT 4
- DefaultPKCEProvider challenge rejected HOT 4
- Method implementation and logic isOnGAEStandard7() is incorrect for java21 jetty which does not define the old jetty logging class. HOT 2
- External documentation is outdated - latest published version is 1.20.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-auth-library-java.