Make API calls to Datastore work without the request security ticket in HTTP connector mode, so that the backend can only use the clone ticket.

PiperOrigin-RevId: 781674406
Change-Id: I3088b8c3d5748668f312a0c84e3439eea8873ba4

Author: ludoch

runtime/runtime_impl_jetty12/src/main/java/com/google/apphosting/runtime/http/HttpApiHostClient.java

@@ -16,6 +16,8 @@
 
 package com.google.apphosting.runtime.http;
 
+import static com.google.apphosting.runtime.AppEngineConstants.HTTP_CONNECTOR_MODE;
+
 import com.google.apphosting.base.protos.RuntimePb.APIRequest;
 import com.google.apphosting.base.protos.RuntimePb.APIResponse;
 import com.google.apphosting.base.protos.RuntimePb.APIResponse.ERROR;
@@ -252,13 +254,22 @@ public void call(AnyRpcClientContext ctx, APIRequest req, AnyRpcCallback<APIResp
       requestTooBig(cb);
       return;
     }
-    RemoteApiPb.Request requestPb = RemoteApiPb.Request.newBuilder()
-        .setServiceName(req.getApiPackage())
-        .setMethod(req.getCall())
-        .setRequest(payload)
-        .setRequestId(req.getSecurityTicket())
-        .setTraceContext(req.getTraceContext().toByteString())
-        .build();
+    RemoteApiPb.Request requestPb =
+        req.getApiPackage().startsWith("datastore") && Boolean.getBoolean(HTTP_CONNECTOR_MODE)
+            ? RemoteApiPb.Request.newBuilder()
+                .setServiceName(req.getApiPackage())
+                .setMethod(req.getCall())
+                .setRequest(payload)
+                // No request ID security ticket for HTTP connector mode.
+                .setTraceContext(req.getTraceContext().toByteString())
+                .build()
+            : RemoteApiPb.Request.newBuilder()
+                .setServiceName(req.getApiPackage())
+                .setMethod(req.getCall())
+                .setRequest(payload)
+                .setRequestId(req.getSecurityTicket())
+                .setTraceContext(req.getTraceContext().toByteString())
+                .build();
     send(requestPb.toByteArray(), context, cb);
   }
 

runtime/runtime_impl_jetty9/src/main/java/com/google/apphosting/runtime/http/HttpApiHostClient.java

@@ -16,6 +16,8 @@
 
 package com.google.apphosting.runtime.http;
 
+import static com.google.apphosting.runtime.AppEngineConstants.HTTP_CONNECTOR_MODE;
+
 import com.google.apphosting.base.protos.RuntimePb.APIRequest;
 import com.google.apphosting.base.protos.RuntimePb.APIResponse;
 import com.google.apphosting.base.protos.RuntimePb.APIResponse.ERROR;
@@ -252,13 +254,22 @@ public void call(AnyRpcClientContext ctx, APIRequest req, AnyRpcCallback<APIResp
       requestTooBig(cb);
       return;
     }
-    RemoteApiPb.Request requestPb = RemoteApiPb.Request.newBuilder()
-        .setServiceName(req.getApiPackage())
-        .setMethod(req.getCall())
-        .setRequest(payload)
-        .setRequestId(req.getSecurityTicket())
-        .setTraceContext(req.getTraceContext().toByteString())
-        .build();
+    RemoteApiPb.Request requestPb =
+        req.getApiPackage().startsWith("datastore") && Boolean.getBoolean(HTTP_CONNECTOR_MODE)
+            ? RemoteApiPb.Request.newBuilder()
+                .setServiceName(req.getApiPackage())
+                .setMethod(req.getCall())
+                .setRequest(payload)
+                // No request ID security ticket for HTTP connector mode.
+                .setTraceContext(req.getTraceContext().toByteString())
+                .build()
+            : RemoteApiPb.Request.newBuilder()
+                .setServiceName(req.getApiPackage())
+                .setMethod(req.getCall())
+                .setRequest(payload)
+                .setRequestId(req.getSecurityTicket())
+                .setTraceContext(req.getTraceContext().toByteString())
+                .build();
     send(requestPb.toByteArray(), context, cb);
   }