DefaultCredentialsProvider is detecting AppEngine when running on GAE Flex about google-auth-library-java HOT 15 CLOSED

@meltsufin You or someone else on the App Engine flex runtime might want to take a look at this.

from google-auth-library-java.

@isdal I see now that it refers to the compat runtime. The compat runtimes are deprecated.

from google-auth-library-java.

It still needs to be fixed ASAP.

from google-auth-library-java.

Also, it might be important to address this for the new Java8 Standard runtime under development.
It supports of course the GAE Standard APIs, but as well the new Cloud APIs. In such new environment, it would be preferable to opt for the new API path, if/when possible.

from google-auth-library-java.

This looks like a tricky issue. The order of checks (app engine before GCE) is intentional, and the suggested fix here is to change the order, which could be a breaking change (I'm not sure). Is there a reliable way to check for app engine flex?

from google-auth-library-java.

@isdal @ludoch Could you say why? (We are trying to discuss this, but it turns out going to GCE takes a while (order 30 sec))

from google-auth-library-java.

Flex is setting a few environment variables that you potentially could check for to determine if GCE should be checked first. In compat mode (which is when we get these false positives) we always set "GAE_VM=true".

from google-auth-library-java.

Some of the runtime leads have proposed the introduction of a single environment variable that would identify the environment GOOGLE_CLOUD_ENVIRONMENT or GCP_ENVIRONMENT. The variable would distinguish among App Engine Standard, App Engine Flexible, GKE, GCE, etc. I'm not sure if the PMs are onboard though.

from google-auth-library-java.

@meltsufin That sounds ideal. There are definitely occasions where the cloud client libraries need to distinguish the environment. Especially for logging. (Python, Java) Currently the client libraries look at the GAE_INSTANCE variable, but this makes it impossible to distinguish the flexible environment from the standard environment.

from google-auth-library-java.

Flex compat is deprecated and should not be corrected.

But the code is https://github.com/google/google-auth-library-java/blob/7e7119cff208a8a5a31504ed971b75e215ddf9d7/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L65
while working for Java7 GAE Standard, may work with Java8 GAE Standard, but Java8 GAE Standard client libraries should try not to rely on GAE Standard APIs, but instead, rely on Cloud APIs.

Soon, we will also support the Metadata server in GAE Java8 Standard.

from google-auth-library-java.

@tcoffee-google it looks like some of the stuff referenced in the present issue were addressed in your PR #110 - could you take look here and see what still needs to be addressed?

from google-auth-library-java.

Given the number of proposed alternatives, I've arranged an offline discussion tomorrow.

from google-auth-library-java.

Potentially #103 is the intended workaround

from google-auth-library-java.

@lesv can you verify if this issue is fixed by #103 ?

from google-auth-library-java.

This appears to have been solved in #103. Closing this out, but feel free to re-open if this is not the case.

from google-auth-library-java.