gax-nodejs icon indicating copy to clipboard operation
gax-nodejs copied to clipboard
verified publisher icon googleapis

FR: gax-fallback support for `options.sslCreds` and "insecure credentials"

Open MarkDuckworth opened this issue 2 years ago • 2 comments

When using gax-fallback we would like support for passing credentials via options.sslCreds. These ssl creds will be used by the fallback instead of initializing the auth client (as done in gax grpc).

Additionally, the gax fallback needs a method similar to grpc.credentials.createInsecure(), which creates a credential that when passed via options.sslCreds, will be detected by the fallback transport and cause it to use the fake auth client. As Alex suggested, a possible solution is to create getInsecureCredentials() in google-gax (both in grpc and fallback) that creates and returns these credentials.

Why? In nodejs-firestore customers are facing an issue where the client is unable to generate credentials when connecting to the emulator using REST transport over http (1811). Several workarounds were investigated, including (1812). But the workarounds faced their own challenges with the initialization of GoogleAuth. Ultimately, we believe it's better to have gax and gax-fallback behavior be consistent with respect to support for options.sslCreds.

MarkDuckworth avatar Jan 19 '23 16:01 MarkDuckworth

@MarkDuckworth if you could share a one pager that describes what the interface would look like in gax-nodejs, and a consuming library like nodejs-firestore, we'd happily take this contribution.

bcoe avatar Jan 31 '23 17:01 bcoe

Just to give you some details, right now, if we want to initiate an insecure connection (without any authentication, which is useful in tests and/or against an emulator), we need to jump through some hoops:

// Fake auth client for fallback
const authStub = {
  async getClient() {
    return {
      async getRequestHeaders() {
        return {Authorization: 'Bearer SOME_TOKEN'};
      }
    };
  },
};

// initialize HTTP client with no authentication
const client = new Library.SomeClient({auth: authStub, fallback: 'rest'});

The proposed change will make it look something like

const client = new Library.SomeClient({fallback: 'rest', sslCreds: gax.fallback.getInsecureCredentials()});

For comparison, right now, to achieve this with gRPC, one would need to do

const client = new Library.SomeClient({sslCreds: grpc.credentials.createInsecure()});

and the proposed interface (gax.getInsecureCredentials() and gax.fallback.getInsecureCredentials()) would replace the need to import grpc directly, and will make the initialization similar for both gRPC and HTTP.

alexander-fenster avatar Jan 31 '23 18:01 alexander-fenster