Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UnauthenticationException when customizing universe-domain when quota project id is set #3256

Closed
mpeddada1 opened this issue Sep 30, 2024 · 0 comments · Fixed by #3257 or #3261
Closed

UnauthenticationException when customizing universe-domain when quota project id is set #3256

mpeddada1 opened this issue Sep 30, 2024 · 0 comments · Fixed by #3257 or #3261
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@mpeddada1
Copy link
Contributor

Reproduced locally with the following code snippet:

 BigQueryWriteClient bigQueryWriteClient =
        BigQueryWriteClient.create(BigQueryWriteSettings.newBuilder()
            .setQuotaProjectId(<project-id>)
            .setUniverseDomain("example.com")
            .build());
    TableName parent = TableName.of("<project>", "<dataset>", "<table>");
    TableSchema schema = TableSchema.newBuilder().build();
    WriteStream writeStream = WriteStream.newBuilder().setType(
        WriteStream.Type.COMMITTED).setTableSchema(schema).build();
    WriteStream response = bigQueryWriteClient.createWriteStream(parent, writeStream);

Which results in the following stacktrace despite the user configured universe domain matching the underlying credential's universe domain.

com.google.api.gax.rpc.UnauthenticatedException: java.lang.Throwable: The configured universe domain (example.com) does not match the universe domain found in the credentials (googleapis.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default.
	at com.google.api.gax.rpc.ApiExceptionFactory.createException(ApiExceptionFactory.java:116) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.ApiExceptionFactory.createException(ApiExceptionFactory.java:41) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.EndpointContext.validateUniverseDomain(EndpointContext.java:154) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.grpc.GrpcCallContext.validateUniverseDomain(GrpcCallContext.java:691) ~[gax-grpc-2.51.0.jar:2.51.0]
	at com.google.api.gax.grpc.GrpcClientCalls.newCall(GrpcClientCalls.java:100) ~[gax-grpc-2.51.0.jar:2.51.0]
	at com.google.api.gax.grpc.GrpcDirectCallable.futureCall(GrpcDirectCallable.java:62) ~[gax-grpc-2.51.0.jar:2.51.0]
	at com.google.api.gax.grpc.GrpcUnaryRequestParamCallable.futureCall(GrpcUnaryRequestParamCallable.java:68) ~[gax-grpc-2.51.0.jar:2.51.0]
	at com.google.api.gax.grpc.GrpcExceptionCallable.futureCall(GrpcExceptionCallable.java:64) ~[gax-grpc-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.AttemptCallable.call(AttemptCallable.java:86) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.RetryingCallable.futureCall(RetryingCallable.java:78) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.RetryingCallable.futureCall(RetryingCallable.java:41) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.tracing.TracedUnaryCallable.futureCall(TracedUnaryCallable.java:75) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.UnaryCallable$1.futureCall(UnaryCallable.java:126) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.UnaryCallable.futureCall(UnaryCallable.java:87) ~[gax-2.51.0.jar:2.51.0]
	at com.google.api.gax.rpc.UnaryCallable.call(UnaryCallable.java:112) ~[gax-2.51.0.jar:2.51.0]
	at com.google.cloud.bigquery.storage.v1.BigQueryWriteClient.createWriteStream(BigQueryWriteClient.java:373) ~[google-cloud-bigquerystorage-3.8.0.jar:3.8.0]
	at com.google.cloud.bigquery.storage.v1.BigQueryWriteClient.createWriteStream(BigQueryWriteClient.java:308) ~[google-cloud-bigquerystorage-3.8.0.jar:3.8.0]

Adding a breakpoint in the EndpointContext#validateUniverseDomain() method shows that the getUniverseDomain() is called on QuotaProjectIdHidingCredentials which is a wrapper around the configured credentials implementation. At the moment, this class always returns googleapis.com instead of relying on universe domain configured in the wrapped Credentials class
Screenshot 2024-09-30 at 6 07 55 PM.

Proposed solution: Expose getUniverseDomain() of the wrapped credentials class in QuotaProjectIdHidingCredentials
@mpeddada1 mpeddada1 added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Sep 30, 2024
@mpeddada1 mpeddada1 mentioned this issue Sep 30, 2024
Merged
mpeddada1 added a commit that referenced this issue Oct 2, 2024
@mpeddada1
fix: address incorrect universe domain validation when quota project …
6e70c37 
…id is set (#3257)

Fixes #3256
@release-please release-please bot mentioned this issue Oct 2, 2024
Merged
zhumin8 pushed a commit that referenced this issue Oct 4, 2024
@release-please
chore(main): release 2.47.0 (#3261)
9ad9591 
🤖 I have created a release *beep* *boop*
---


<details><summary>2.47.0</summary>

##
[2.47.0](v2.46.1...v2.47.0)
(2024-10-04)


### Features

* **gax:** add API key authentication to ClientSettings
([#3137](#3137))
([df08956](df08956))
* **gax:** append cred-type header for auth metrics
([#3186](#3186))
([ca3ec24](ca3ec24))


### Bug Fixes

* address incorrect universe domain validation when quota project id is
set
([#3257](#3257))
([6e70c37](6e70c37)),
closes
[#3256](#3256)
* Disable automatically retrieving Universe Domain from Metadata Server
([#3272](#3272))
([f4402bf](f4402bf))


### Dependencies

* update dependency com.fasterxml.jackson:jackson-bom to v2.18.0
([#3248](#3248))
([821e83d](821e83d))
* update dependency com.google.errorprone:error_prone_annotations to
v2.33.0
([#3265](#3265))
([94450a9](94450a9))
* update dependency com.google.errorprone:error_prone_annotations to
v2.33.0
([#3266](#3266))
([8235463](8235463))
* update dependency com.google.guava:guava to v33.3.1-jre
([#3228](#3228))
([4e76207](4e76207))
* update dependency net.bytebuddy:byte-buddy to v1.15.3
([#3246](#3246))
([2aad71d](2aad71d))
* update google api dependencies
([#3242](#3242))
([02aae9d](02aae9d))
* update google auth library dependencies to v1.28.0
([#3267](#3267))
([6d85864](6d85864))
* update googleapis/java-cloud-bom digest to 0cd97b7
([#3260](#3260))
([2d54a5d](2d54a5d))
* update grpc dependencies to v1.67.1
([#3258](#3258))
([e08906c](e08906c))
* update grpc dependencies to v1.67.1 in dependencies.properties
([#3279](#3279))
([5b46e70](5b46e70))
* update junit5 monorepo to v5.11.2
([#3276](#3276))
([6b10f94](6b10f94))
* update netty dependencies to v4.1.114.final
([#3263](#3263))
([8bd83d9](8bd83d9))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
1 participant
@mpeddada1