Skip to content

Commit e8c428d

Browse files
authored
fix: fallback on VPC (#13567)
1 parent 8ac1a03 commit e8c428d

1 file changed

Lines changed: 17 additions & 2 deletions

File tree

java-bigtable/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
import io.grpc.ManagedChannel;
2828
import io.grpc.Status.Code;
2929
import io.grpc.StatusRuntimeException;
30+
import java.util.Locale;
3031
import java.util.Optional;
3132
import java.util.concurrent.ScheduledExecutorService;
3233
import java.util.logging.Level;
@@ -74,6 +75,15 @@ public boolean check(Channel channel) {
7475
}
7576
}
7677

78+
/** Checks if the exception is due to a VPC Service Controls policy violation. */
79+
private boolean isVpcServiceControlsViolation(StatusRuntimeException e) {
80+
String description = e.getStatus().getDescription();
81+
String message = e.getMessage();
82+
String expected = "request is prohibited by organization's policy";
83+
return (description != null && description.toLowerCase(Locale.ROOT).contains(expected))
84+
|| (message != null && message.toLowerCase(Locale.ROOT).contains(expected));
85+
}
86+
7787
/** Executes the underlying RPC and evaluates the eligibility. */
7888
private boolean evaluateEligibility(Channel channel) {
7989
MetadataExtractorInterceptor interceptor = createInterceptor();
@@ -91,8 +101,13 @@ private boolean evaluateEligibility(Channel channel) {
91101
if (e.getStatus().getCode() != Code.PERMISSION_DENIED) {
92102
throw e;
93103
}
94-
// Failed with permission error, resorting to ALTS check.
95-
isEligible = sidebandData.isAlts();
104+
105+
if (isVpcServiceControlsViolation(e)) {
106+
LOG.log(Level.WARNING, "DirectPath is blocked by a perimeter policy violation.");
107+
} else {
108+
// Failed with standard permission error, resorting to ALTS check.
109+
isEligible = sidebandData.isAlts();
110+
}
96111
}
97112

98113
if (isEligible) {

0 commit comments

Comments
 (0)