chore: create util method for reading token from file

olavloite · olavloite · commit 6ec5a8e51d84 · 2025-02-25T10:21:58.000+01:00
diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/SpannerOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/SpannerOptions.java
@@ -855,8 +855,15 @@ default boolean isEnableEndToEndTracing() {
     default String getMonitoringHost() {
       return null;
     }
+
+    default GoogleCredentials getDefaultExternalHostCredentials() {
+      return null;
+    }
   }
 
+  static final String DEFAULT_SPANNER_EXTERNAL_HOST_CREDENTIALS =
+      "SPANNER_EXTERNAL_HOST_AUTH_TOKEN";
+
   /**
    * Default implementation of {@link SpannerEnvironment}. Reads all configuration from environment
    * variables.
@@ -912,6 +919,11 @@ public boolean isEnableEndToEndTracing() {
     public String getMonitoringHost() {
       return System.getenv(SPANNER_MONITORING_HOST);
     }
+
+    @Override
+    public GoogleCredentials getDefaultExternalHostCredentials() {
+      return getOAuthTokenFromFile(System.getenv(DEFAULT_SPANNER_EXTERNAL_HOST_CREDENTIALS));
+    }
   }
 
   /** Builder for {@link SpannerOptions} instances. */
@@ -1646,18 +1658,7 @@ public SpannerOptions build() {
         // As we are using plain text, we should never send any credentials.
         this.setCredentials(NoCredentials.getInstance());
       } else if (isExternalHost && credentials == null) {
-        String externalHostTokenPath = System.getenv("SPANNER_EXTERNAL_HOST_AUTH_TOKEN");
-        if (!Strings.isNullOrEmpty(externalHostTokenPath)) {
-          String token;
-          try {
-            token =
-                Base64.getEncoder()
-                    .encodeToString(Files.readAllBytes(Paths.get(externalHostTokenPath)));
-          } catch (IOException e) {
-            throw SpannerExceptionFactory.newSpannerException(e);
-          }
-          credentials = GoogleCredentials.create(new AccessToken(token, null));
-        }
+        credentials = environment.getDefaultExternalHostCredentials();
       }
       if (this.numChannels == null) {
         this.numChannels =
@@ -1698,6 +1699,24 @@ public static void useDefaultEnvironment() {
     SpannerOptions.environment = SpannerEnvironmentImpl.INSTANCE;
   }
 
+  @InternalApi
+  public static GoogleCredentials getDefaultExternalHostCredentialsFromSysEnv() {
+    return getOAuthTokenFromFile(System.getenv(DEFAULT_SPANNER_EXTERNAL_HOST_CREDENTIALS));
+  }
+
+  private static @Nullable GoogleCredentials getOAuthTokenFromFile(@Nullable String file) {
+    if (!Strings.isNullOrEmpty(file)) {
+      String token;
+      try {
+        token = Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get(file)));
+      } catch (IOException e) {
+        throw SpannerExceptionFactory.newSpannerException(e);
+      }
+      return GoogleCredentials.create(new AccessToken(token, null));
+    }
+    return null;
+  }
+
   /**
    * Enables OpenTelemetry traces. Enabling OpenTelemetry traces will disable OpenCensus traces. By
    * default, OpenCensus traces are enabled.
diff --git a/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java b/google-cloud-spanner/src/main/java/com/google/cloud/spanner/connection/ConnectionOptions.java
@@ -82,12 +82,9 @@
 import io.opentelemetry.api.OpenTelemetry;
 import java.io.IOException;
 import java.net.URL;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -924,7 +921,8 @@ private ConnectionOptions(Builder builder) {
             getInitialConnectionPropertyValue(AUTO_CONFIG_EMULATOR),
             usePlainText,
             System.getenv());
-    String externalHostTokenPath = System.getenv("SPANNER_EXTERNAL_HOST_AUTH_TOKEN");
+    GoogleCredentials defaultExternalHostCredentials =
+        SpannerOptions.getDefaultExternalHostCredentialsFromSysEnv();
     // Using credentials on a plain text connection is not allowed, so if the user has not specified
     // any credentials and is using a plain text connection, we should not try to get the
     // credentials from the environment, but default to NoCredentials.
@@ -939,16 +937,8 @@ && getInitialConnectionPropertyValue(OAUTH_TOKEN) == null
       this.credentials =
           new GoogleCredentials(
               new AccessToken(getInitialConnectionPropertyValue(OAUTH_TOKEN), null));
-    } else if (isExternalHost && !Strings.isNullOrEmpty(externalHostTokenPath)) {
-      String token;
-      try {
-        token =
-            Base64.getEncoder()
-                .encodeToString(Files.readAllBytes(Paths.get(externalHostTokenPath)));
-      } catch (IOException e) {
-        throw SpannerExceptionFactory.newSpannerException(e);
-      }
-      this.credentials = GoogleCredentials.create(new AccessToken(token, null));
+    } else if (isExternalHost && defaultExternalHostCredentials != null) {
+      this.credentials = defaultExternalHostCredentials;
     } else if (getInitialConnectionPropertyValue(CREDENTIALS_PROVIDER) != null) {
       try {
         this.credentials = getInitialConnectionPropertyValue(CREDENTIALS_PROVIDER).getCredentials();
