Issue Details
On moving from the an old Simba driver to the new big Query JDBC driver (v1.0.0), the new driver is failing to perform auth due to server timeouts. This is due to the JDBC driver not using the supplied proxyPort, proxyPort values for the authentication code.
This problem is on this stack
at com.google.auth.oauth2.ServiceAccountCredentials.<init>(ServiceAccountCredentials.java:128) at com.google.auth.oauth2.ServiceAccountCredentials.fromPkcs8(ServiceAccountCredentials.java:447) at com.google.auth.oauth2.ServiceAccountCredentials.fromJson(ServiceAccountCredentials.java:207) at com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:493) at com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:467) at com.google.cloud.bigquery.jdbc.BigQueryJdbcOAuthUtility.getGoogleServiceAccountCredentials(BigQueryJdbcOAuthUtility.java:365) at com.google.cloud.bigquery.jdbc.BigQueryJdbcOAuthUtility.getCredentials(BigQueryJdbcOAuthUtility.java:275) at com.google.cloud.bigquery.jdbc.BigQueryConnection.<init>(BigQueryConnection.java:266) at com.google.cloud.bigquery.jdbc.BigQueryDriver.connect(BigQueryDriver.java:170)
Proxy properties from the JDBC connection string are not used for authentication.
Additionally, we cannot inject own HttpTransport implementation (supporting proxies) using the java.util.ServiceLoader.load
Note that the ’firstNotNull’ usage will always favour the hardcoded: com.google.auth.oauth2.OAuth2Utils#HTTP_TRANSPORT_FACTORY version.
See: https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java#L140
Example
Our jdbc connection string is
jdbc:bigquery://[https://www.googleapis.com/bigquery/v2:443;](https://www.googleapis.com/bigquery/v2:443;ProjectId=fiery-journal-394712) ProjectId=fiery-journal-394712; OAuthType=0; OAuthServiceAcctEmail=[dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com](mailto:dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com); OAuthPvtKey={ "Private_key_id":"", "Project_id":"fiery-journal-394712", "client_email":"[dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com](mailto:dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com)", "private_key":"-----BEGIN PRIVATE KEY-----\nREDACTEDn-----END PRIVATE KEY-----", "Type":"service_account", "client_id":""}; ProxyHost=proxy; ProxyPort=80; EnableSession=1; Location=europe-west2; Timeout=300
Environment
bigquery jdbc v 1.0.0
Dependencies
jdbc v 1.0.0
GCP libraries-bom: 26.83.0
Reproducer
Required: Provide a reproducer and the steps needed to reproduce this issue locally. If unable to provide a reproducer, please provide code snippets to help reproduce the issue. One of the two sections below MUST be filled out.
- A reproducer is the quickest method to resolve this issue. It could be a test case or a sample application. It is easier for us to troubleshoot the problem and to verify the solution.
Steps to reproduce:
Example
- Enable Speech API
- Upload a .mp4 file to GCS
- ...
- See {ERROR}
If unable to provide a reproducer, please provide a reason: ...
- Provide as many code snippets as possible:
Example
try (InstancesClient instancesClient = InstancesClient.create()) {
...
}Logs and Stack Trace
Caused by: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:633)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:304)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:178)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:533)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:638)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:266)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1258)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1144)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1467)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1438)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:220)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:113)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:84)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1012)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:574)
Behavior
This happened with we moved from our old Simba bigquery jdbc driver to the new v1.0.0 bigquery jdbc driver.
We DO NOT want to set a jvm system property for proxies, as that will affect other behaviour in our service
Issue Details
On moving from the an old Simba driver to the new big Query JDBC driver (v1.0.0), the new driver is failing to perform auth due to server timeouts. This is due to the JDBC driver not using the supplied proxyPort, proxyPort values for the authentication code.
This problem is on this stack
at com.google.auth.oauth2.ServiceAccountCredentials.<init>(ServiceAccountCredentials.java:128) at com.google.auth.oauth2.ServiceAccountCredentials.fromPkcs8(ServiceAccountCredentials.java:447) at com.google.auth.oauth2.ServiceAccountCredentials.fromJson(ServiceAccountCredentials.java:207) at com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:493) at com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:467) at com.google.cloud.bigquery.jdbc.BigQueryJdbcOAuthUtility.getGoogleServiceAccountCredentials(BigQueryJdbcOAuthUtility.java:365) at com.google.cloud.bigquery.jdbc.BigQueryJdbcOAuthUtility.getCredentials(BigQueryJdbcOAuthUtility.java:275) at com.google.cloud.bigquery.jdbc.BigQueryConnection.<init>(BigQueryConnection.java:266) at com.google.cloud.bigquery.jdbc.BigQueryDriver.connect(BigQueryDriver.java:170)Proxy properties from the JDBC connection string are not used for authentication.
Additionally, we cannot inject own HttpTransport implementation (supporting proxies) using the java.util.ServiceLoader.load
Note that the ’firstNotNull’ usage will always favour the hardcoded: com.google.auth.oauth2.OAuth2Utils#HTTP_TRANSPORT_FACTORY version.
See: https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java#L140
Example
Our jdbc connection string is
jdbc:bigquery://[https://www.googleapis.com/bigquery/v2:443;](https://www.googleapis.com/bigquery/v2:443;ProjectId=fiery-journal-394712) ProjectId=fiery-journal-394712; OAuthType=0; OAuthServiceAcctEmail=[dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com](mailto:dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com); OAuthPvtKey={ "Private_key_id":"", "Project_id":"fiery-journal-394712", "client_email":"[dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com](mailto:dms-upload-service-account@fiery-journal-394712.iam.gserviceaccount.com)", "private_key":"-----BEGIN PRIVATE KEY-----\nREDACTEDn-----END PRIVATE KEY-----", "Type":"service_account", "client_id":""}; ProxyHost=proxy; ProxyPort=80; EnableSession=1; Location=europe-west2; Timeout=300Environment
bigquery jdbc v 1.0.0
Dependencies
jdbc v 1.0.0
GCP libraries-bom: 26.83.0
Reproducer
Required: Provide a reproducer and the steps needed to reproduce this issue locally. If unable to provide a reproducer, please provide code snippets to help reproduce the issue. One of the two sections below MUST be filled out.
Steps to reproduce:
Example
If unable to provide a reproducer, please provide a reason: ...
Example
Logs and Stack Trace
Caused by: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:633)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:304)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:178)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:533)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:638)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:266)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1258)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1144)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1467)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1438)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:220)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:113)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:84)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1012)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:574)
Behavior
This happened with we moved from our old Simba bigquery jdbc driver to the new v1.0.0 bigquery jdbc driver.
We DO NOT want to set a jvm system property for proxies, as that will affect other behaviour in our service