diff --git a/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java b/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java index 0885066606..ea11be7ce9 100644 --- a/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java +++ b/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java @@ -25,6 +25,8 @@ import io.grpc.Channel; import io.grpc.ClientInterceptors; import io.grpc.ManagedChannel; +import io.grpc.Status.Code; +import io.grpc.StatusRuntimeException; import java.util.Optional; import java.util.concurrent.ScheduledExecutorService; import java.util.logging.Level; @@ -76,15 +78,22 @@ public boolean check(Channel channel) { private boolean evaluateEligibility(Channel channel) { MetadataExtractorInterceptor interceptor = createInterceptor(); Channel interceptedChannel = ClientInterceptors.intercept(channel, interceptor); - channelPrimer.primeChannel(interceptedChannel); MetadataExtractorInterceptor.SidebandData sidebandData = interceptor.getSidebandData(); - - boolean isEligible = - Optional.ofNullable(sidebandData) - .map(MetadataExtractorInterceptor.SidebandData::getPeerInfo) - .map(PeerInfo::getTransportType) - .map(type -> type == PeerInfo.TransportType.TRANSPORT_TYPE_DIRECT_ACCESS) - .orElse(false); + boolean isEligible = false; + try { + channelPrimer.primeChannel(interceptedChannel); + isEligible = + Optional.ofNullable(sidebandData.getPeerInfo()) + .map(PeerInfo::getTransportType) + .map(type -> type == PeerInfo.TransportType.TRANSPORT_TYPE_DIRECT_ACCESS) + .orElse(false); + } catch (StatusRuntimeException e) { + if (e.getStatus().getCode() != Code.PERMISSION_DENIED) { + throw e; + } + // Failed with permission error, resorting to ALTS check. + isEligible = sidebandData.isAlts(); + } if (isEligible) { // getIp should be non-null as isEligible is true diff --git a/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/stub/MetadataExtractorInterceptor.java b/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/stub/MetadataExtractorInterceptor.java index 3c4735d2d0..abf4192cf8 100644 --- a/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/stub/MetadataExtractorInterceptor.java +++ b/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/stub/MetadataExtractorInterceptor.java @@ -77,7 +77,7 @@ public void onHeaders(Metadata headers) { @Override public void onClose(Status status, Metadata trailers) { - sidebandData.onClose(status, trailers); + sidebandData.onClose(status, trailers, getAttributes()); super.onClose(status, trailers); } }, @@ -112,6 +112,7 @@ public static SidebandData from(CallOptions callOptions) { @Nullable private volatile PeerInfo peerInfo; @Nullable private volatile Duration gfeTiming; @Nullable private volatile Util.IpProtocol ipProtocol; + private boolean isAlts = false; @Nullable public ResponseParams getResponseParams() { @@ -133,6 +134,10 @@ public Util.IpProtocol getIpProtocol() { return ipProtocol; } + public boolean isAlts() { + return isAlts; + } + private void reset() { responseParams = null; peerInfo = null; @@ -147,7 +152,11 @@ void onResponseHeaders(Metadata md, Attributes attributes) { ipProtocol = extractIpProtocol(attributes); } - void onClose(Status status, Metadata trailers) { + void onClose(Status status, Metadata trailers, Attributes attributes) { + isAlts = AltsContextUtil.check(attributes); + if (ipProtocol == null) { + ipProtocol = extractIpProtocol(attributes); + } if (responseParams == null) { responseParams = extractResponseParams(trailers); }