fix: check alts if we return permission denied for pingandwarm (#2860)

Author: nimf

google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/internal/dp/ClassicDirectAccessChecker.java

@@ -25,6 +25,8 @@
 import io.grpc.Channel;
 import io.grpc.ClientInterceptors;
 import io.grpc.ManagedChannel;
+import io.grpc.Status.Code;
+import io.grpc.StatusRuntimeException;
 import java.util.Optional;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Level;
@@ -76,15 +78,22 @@ public boolean check(Channel channel) {
   private boolean evaluateEligibility(Channel channel) {
     MetadataExtractorInterceptor interceptor = createInterceptor();
     Channel interceptedChannel = ClientInterceptors.intercept(channel, interceptor);
-    channelPrimer.primeChannel(interceptedChannel);
     MetadataExtractorInterceptor.SidebandData sidebandData = interceptor.getSidebandData();
-
-    boolean isEligible =
-        Optional.ofNullable(sidebandData)
-            .map(MetadataExtractorInterceptor.SidebandData::getPeerInfo)
-            .map(PeerInfo::getTransportType)
-            .map(type -> type == PeerInfo.TransportType.TRANSPORT_TYPE_DIRECT_ACCESS)
-            .orElse(false);
+    boolean isEligible = false;
+    try {
+      channelPrimer.primeChannel(interceptedChannel);
+      isEligible =
+          Optional.ofNullable(sidebandData.getPeerInfo())
+              .map(PeerInfo::getTransportType)
+              .map(type -> type == PeerInfo.TransportType.TRANSPORT_TYPE_DIRECT_ACCESS)
+              .orElse(false);
+    } catch (StatusRuntimeException e) {
+      if (e.getStatus().getCode() != Code.PERMISSION_DENIED) {
+        throw e;
+      }
+      // Failed with permission error, resorting to ALTS check.
+      isEligible = sidebandData.isAlts();
+    }
 
     if (isEligible) {
       // getIp should be non-null as isEligible is true

google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/data/v2/stub/MetadataExtractorInterceptor.java

@@ -77,7 +77,7 @@ public void onHeaders(Metadata headers) {
 
               @Override
               public void onClose(Status status, Metadata trailers) {
-                sidebandData.onClose(status, trailers);
+                sidebandData.onClose(status, trailers, getAttributes());
                 super.onClose(status, trailers);
               }
             },
@@ -112,6 +112,7 @@ public static SidebandData from(CallOptions callOptions) {
     @Nullable private volatile PeerInfo peerInfo;
     @Nullable private volatile Duration gfeTiming;
     @Nullable private volatile Util.IpProtocol ipProtocol;
+    private boolean isAlts = false;
 
     @Nullable
     public ResponseParams getResponseParams() {
@@ -133,6 +134,10 @@ public Util.IpProtocol getIpProtocol() {
       return ipProtocol;
     }
 
+    public boolean isAlts() {
+      return isAlts;
+    }
+
     private void reset() {
       responseParams = null;
       peerInfo = null;
@@ -147,7 +152,11 @@ void onResponseHeaders(Metadata md, Attributes attributes) {
       ipProtocol = extractIpProtocol(attributes);
     }
 
-    void onClose(Status status, Metadata trailers) {
+    void onClose(Status status, Metadata trailers, Attributes attributes) {
+      isAlts = AltsContextUtil.check(attributes);
+      if (ipProtocol == null) {
+        ipProtocol = extractIpProtocol(attributes);
+      }
       if (responseParams == null) {
         responseParams = extractResponseParams(trailers);
       }