googleapis · olavloite · Aug 18, 2025 · Aug 26, 2025 · Aug 28, 2025
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.auth.mtls;
+
+import java.io.IOException;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+// TODO: Remove once the actual implementation of this class in the auth library has a config
+//       option that allows us to skip the most expensive code paths during tests.
+public class DefaultMtlsProviderFactory {
+  public static final AtomicBoolean SKIP_MTLS = new AtomicBoolean(false);
+
+  public static MtlsProvider create() throws IOException {
+    if (SKIP_MTLS.get()) {
+      return null;
+    }
+    // Note: The caller should handle CertificateSourceUnavailableException gracefully, since
+    // it is an expected error case. All other IOExceptions are unexpected and should be surfaced
+    // up the call stack.
+    MtlsProvider mtlsProvider = new X509Provider();
+    if (mtlsProvider.isAvailable()) {
+      return mtlsProvider;
+    }
+    mtlsProvider = new SecureConnectProvider();
+    if (mtlsProvider.isAvailable()) {
+      return mtlsProvider;
+    }
+    throw new CertificateSourceUnavailableException(
+        "No Certificate Source is available on this device.");
+  }
+}
@@ -30,6 +30,7 @@
 import static com.google.cloud.spanner.MockSpannerTestUtil.UPDATE_COUNT;
 import static com.google.cloud.spanner.MockSpannerTestUtil.UPDATE_STATEMENT;
 
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
 import io.grpc.ManagedChannelBuilder;
@@ -54,8 +55,12 @@ public abstract class AbstractAsyncTransactionTest {
   Spanner spanner;
   Spanner spannerWithEmptySessionPool;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void setup() throws Exception {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D);
     mockSpanner.putStatementResult(
@@ -85,6 +90,7 @@ public static void teardown() throws Exception {
     server.shutdown();
     server.awaitTermination();
     executor.shutdown();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -17,6 +17,7 @@
 package com.google.cloud.spanner;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.admin.database.v1.MockDatabaseAdminImpl;
 import com.google.cloud.spanner.admin.instance.v1.MockInstanceAdminImpl;
@@ -48,8 +49,12 @@ abstract class AbstractMockServerTest {
 
   protected Spanner spanner;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startMockServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockInstanceAdmin = new MockInstanceAdminImpl();
@@ -93,6 +98,7 @@ public void getOperation(
   public static void stopMockServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -17,6 +17,7 @@
 package com.google.cloud.spanner;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import io.grpc.ForwardingServerCall;
 import io.grpc.ManagedChannelBuilder;
@@ -51,8 +52,12 @@ abstract class AbstractNettyMockServerTest {
 
   protected Spanner spanner;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startMockServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
 
@@ -93,6 +98,7 @@ public static void stopMockServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
     executor.shutdown();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.grpc.GrpcTransportOptions;
 import com.google.cloud.grpc.GrpcTransportOptions.ExecutorFactory;
@@ -88,8 +89,12 @@ public class BackendExhaustedTest {
   private Spanner spanner;
   private DatabaseClientImpl client;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.update(UPDATE_STATEMENT, UPDATE_COUNT));
@@ -115,6 +120,7 @@ public static void stopServer() throws InterruptedException {
     // Force a shutdown as there are still requests stuck in the server.
     server.shutdownNow();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -23,6 +23,7 @@
 import static org.junit.Assume.assumeFalse;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.SimulatedExecutionTime;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
@@ -58,8 +59,12 @@ public class BatchCreateSessionsSlowTest {
   private static LocalChannelProvider channelProvider;
   private Spanner spanner;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(
@@ -82,6 +87,7 @@ public static void startStaticServer() throws IOException {
   public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -21,6 +21,7 @@
 import static org.hamcrest.MatcherAssert.assertThat;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.SimulatedExecutionTime;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
@@ -77,8 +78,12 @@ public class BatchCreateSessionsTest {
   private static Server server;
   private static LocalChannelProvider channelProvider;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.query(SELECT1AND2, SELECT1_RESULTSET));
@@ -97,6 +102,7 @@ public static void startStaticServer() throws IOException {
   public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -21,6 +21,7 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assume.assumeFalse;
 
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
 import com.google.common.util.concurrent.ListeningExecutorService;
@@ -112,8 +113,12 @@ public static Collection<Object[]> data() {
 
   private static Level originalLogLevel;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.query(SELECT1, SELECT1_RESULTSET));
@@ -166,6 +171,7 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
   public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @BeforeClass

@@ -46,6 +46,7 @@
 import com.google.api.gax.rpc.ApiCallContext;
 import com.google.api.gax.rpc.ServerStream;
 import com.google.api.gax.rpc.StatusCode;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.ByteArray;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.Timestamp;
@@ -208,8 +209,12 @@ public class DatabaseClientImplTest {
   private Spanner spannerWithEmptySessionPool;
   private static ExecutorService executor;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.update(UPDATE_STATEMENT, UPDATE_COUNT));
@@ -262,6 +267,7 @@ public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
     executor.shutdown();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -25,6 +25,7 @@
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
 import com.google.cloud.spanner.Options.RpcPriority;
@@ -82,8 +83,12 @@ public class DatabaseClientImplWithDefaultRWTransactionOptionsTest {
   private DatabaseClient clientWithSerializableOption;
   private DatabaseClient clientWithSerOptimisticOption;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.update(UPDATE_STATEMENT, UPDATE_COUNT));
@@ -112,6 +117,7 @@ public static void startStaticServer() throws IOException {
   public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -28,6 +28,7 @@
 import com.google.api.core.ApiFutures;
 import com.google.api.core.SettableApiFuture;
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.AsyncResultSet.CallbackResponse;
 import com.google.cloud.spanner.AsyncTransactionManager.AsyncTransactionStep;
@@ -139,8 +140,12 @@ public class InlineBeginTransactionTest {
 
   protected Spanner spanner;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void startStaticServer() throws IOException {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.update(UPDATE_STATEMENT, UPDATE_COUNT));
@@ -177,6 +182,7 @@ public static void startStaticServer() throws IOException {
   public static void stopServer() throws InterruptedException {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -23,6 +23,7 @@
 
 import com.google.api.gax.core.GaxProperties;
 import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
 import com.google.common.base.Stopwatch;
@@ -166,6 +167,8 @@ public class OpenTelemetrySpanTest {
 
   private int expectedReadWriteTransactionErrorWithBeginTransactionEventsCount = 11;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void setupOpenTelemetry() {
     SpannerOptions.resetActiveTracingFramework();
@@ -192,6 +195,9 @@ public static void startStaticServer() throws Exception {
     modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
     field.set(null, failOnOverkillTraceComponent);
 
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
+
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D); // We don't want any unpredictable aborted transactions.
     mockSpanner.putStatementResult(StatementResult.query(SELECT1, SELECT1_RESULTSET));
@@ -217,6 +223,7 @@ public static void stopServer() throws InterruptedException {
       server.shutdown();
       server.awaitTermination();
     }
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before

@@ -19,6 +19,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import com.google.auth.mtls.DefaultMtlsProviderFactory;
 import com.google.cloud.NoCredentials;
 import com.google.cloud.spanner.MockSpannerServiceImpl.StatementResult;
 import com.google.common.collect.ImmutableMap;
@@ -81,8 +82,12 @@ public class PgNumericTest {
   private Spanner spanner;
   private DatabaseClient databaseClient;
 
+  private static boolean originalSkipMtls;
+
   @BeforeClass
   public static void beforeClass() throws Exception {
+    originalSkipMtls = DefaultMtlsProviderFactory.SKIP_MTLS.get();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(true);
     mockSpanner = new MockSpannerServiceImpl();
     mockSpanner.setAbortProbability(0.0D);
 
@@ -94,6 +99,7 @@ public static void beforeClass() throws Exception {
   public static void afterClass() throws Exception {
     server.shutdown();
     server.awaitTermination();
+    DefaultMtlsProviderFactory.SKIP_MTLS.set(originalSkipMtls);
   }
 
   @Before