cleanup: GUAC in examples (#13032)

dbolduc · web-flow · commit 4aca037bb525 · 2023-11-03T11:14:13.000-05:00
diff --git a/examples/grpc_credential_types.cc b/examples/grpc_credential_types.cc
@@ -12,9 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include "google/cloud/iam/iam_credentials_client.h"
+#include "google/cloud/iam/credentials/v1/iam_credentials_client.h"
 #include "google/cloud/spanner/admin/instance_admin_client.h"
 #include "google/cloud/common_options.h"
+#include "google/cloud/credentials.h"
 #include "google/cloud/grpc_options.h"
 #include "google/cloud/internal/getenv.h"
 #include "google/cloud/log.h"
@@ -80,18 +81,10 @@ google::cloud::StatusOr<std::string> HttpGet(std::string const& url,
   return buffer;
 }
 
-// TODO(#6185) - this should be done by the generated code
-std::set<std::string> DefaultTracingComponents() {
-  return absl::StrSplit(
-      google::cloud::internal::GetEnv("GOOGLE_CLOUD_CPP_ENABLE_TRACING")
-          .value_or(""),
-      ',');
-}
-
 google::iam::credentials::v1::GenerateAccessTokenResponse UseAccessToken(
-    google::cloud::iam::IAMCredentialsClient client,
+    google::cloud::iam_credentials_v1::IAMCredentialsClient client,
     std::vector<std::string> const& argv) {
-  namespace iam = ::google::cloud::iam;
+  namespace iam = ::google::cloud::iam_credentials_v1;
   return [](iam::IAMCredentialsClient client,
             std::string const& service_account, std::string const& project_id) {
     google::protobuf::Duration duration;
@@ -109,14 +102,13 @@ google::iam::credentials::v1::GenerateAccessTokenResponse UseAccessToken(
               << ", which will expire around " << absl::FromChrono(expiration)
               << std::endl;
 
-    auto credentials = grpc::CompositeChannelCredentials(
-        grpc::SslCredentials({}),
-        grpc::AccessTokenCredentials(token->access_token()));
+    auto credentials = google::cloud::MakeAccessTokenCredentials(
+        token->access_token(), expiration);
 
     google::cloud::spanner_admin::InstanceAdminClient admin(
         google::cloud::spanner_admin::MakeInstanceAdminConnection(
-            google::cloud::Options{}.set<google::cloud::GrpcCredentialOption>(
-                credentials)));
+            google::cloud::Options{}
+                .set<google::cloud::UnifiedCredentialsOption>(credentials)));
     for (auto config : admin.ListInstanceConfigs(
              google::cloud::Project(project_id).FullName())) {
       if (!config) throw std::move(config).status();
@@ -127,8 +119,9 @@ google::iam::credentials::v1::GenerateAccessTokenResponse UseAccessToken(
   }(std::move(client), argv.at(0), argv.at(1));
 }
 
-void UseAccessTokenUntilExpired(google::cloud::iam::IAMCredentialsClient client,
-                                std::vector<std::string> const& argv) {
+void UseAccessTokenUntilExpired(
+    google::cloud::iam_credentials_v1::IAMCredentialsClient client,
+    std::vector<std::string> const& argv) {
   auto token = UseAccessToken(std::move(client), argv);
   auto const& project_id = argv.at(1);
   auto const expiration =
@@ -139,13 +132,12 @@ void UseAccessTokenUntilExpired(google::cloud::iam::IAMCredentialsClient client,
             << absl::FromChrono(expiration) << ")" << std::endl;
 
   auto iteration = [=](bool expired) {
-    auto credentials = grpc::CompositeChannelCredentials(
-        grpc::SslCredentials({}),
-        grpc::AccessTokenCredentials(token.access_token()));
+    auto credentials = google::cloud::MakeAccessTokenCredentials(
+        token.access_token(), expiration);
     google::cloud::spanner_admin::InstanceAdminClient admin(
         google::cloud::spanner_admin::MakeInstanceAdminConnection(
-            google::cloud::Options{}.set<google::cloud::GrpcCredentialOption>(
-                credentials)));
+            google::cloud::Options{}
+                .set<google::cloud::UnifiedCredentialsOption>(credentials)));
     for (auto config : admin.ListInstanceConfigs(
              google::cloud::Project(project_id).FullName())) {
       // kUnauthenticated receives special treatment, it is the error received
@@ -178,9 +170,10 @@ void UseAccessTokenUntilExpired(google::cloud::iam::IAMCredentialsClient client,
   }
 }
 
-void UseIdTokenHttp(google::cloud::iam::IAMCredentialsClient client,
-                    std::vector<std::string> const& argv) {
-  namespace iam = ::google::cloud::iam;
+void UseIdTokenHttp(
+    google::cloud::iam_credentials_v1::IAMCredentialsClient client,
+    std::vector<std::string> const& argv) {
+  namespace iam = ::google::cloud::iam_credentials_v1;
   [](iam::IAMCredentialsClient client, std::string const& service_account,
      std::string const& hello_world_url) {
     auto token = client.GenerateIdToken(
@@ -203,9 +196,10 @@ void UseIdTokenHttp(google::cloud::iam::IAMCredentialsClient client,
   }(std::move(client), argv.at(0), argv.at(1));
 }
 
-void UseIdTokenGrpc(google::cloud::iam::IAMCredentialsClient client,
-                    std::vector<std::string> const& argv) {
-  namespace iam = ::google::cloud::iam;
+void UseIdTokenGrpc(
+    google::cloud::iam_credentials_v1::IAMCredentialsClient client,
+    std::vector<std::string> const& argv) {
+  namespace iam = ::google::cloud::iam_credentials_v1;
   [](iam::IAMCredentialsClient client, std::string const& service_account,
      std::string const& url) {
     auto token = client.GenerateIdToken(
@@ -245,6 +239,7 @@ void UseIdTokenGrpc(google::cloud::iam::IAMCredentialsClient client,
 
 void AutoRun(std::vector<std::string> const& argv) {
   namespace examples = ::google::cloud::testing_util;
+  namespace iam = ::google::cloud::iam_credentials_v1;
   using ::google::cloud::internal::GetEnv;
 
   if (!argv.empty()) throw examples::Usage{"auto"};
@@ -265,17 +260,13 @@ void AutoRun(std::vector<std::string> const& argv) {
   auto const hello_world_grpc_url =
       GetEnv("GOOGLE_CLOUD_CPP_TEST_HELLO_WORLD_GRPC_URL").value_or("");
 
-  auto client = google::cloud::iam::IAMCredentialsClient(
-      google::cloud::iam::MakeIAMCredentialsConnection(
-          google::cloud::Options{}
-              .set<google::cloud::TracingComponentsOption>(
-                  DefaultTracingComponents())
-              .set<google::cloud::GrpcTracingOptionsOption>(
-                  // There are some credentials returned by RPCs. On an error
-                  // these are printed. This truncates them, making the output
-                  // safe, and yet useful for debugging.
-                  google::cloud::TracingOptions{}.SetOptions(
-                      "truncate_string_field_longer_than=32"))));
+  auto client = iam::IAMCredentialsClient(iam::MakeIAMCredentialsConnection(
+      google::cloud::Options{}.set<google::cloud::GrpcTracingOptionsOption>(
+          // There are some credentials returned by RPCs. On an error
+          // these are printed. This truncates them, making the output
+          // safe, and yet useful for debugging.
+          google::cloud::TracingOptions{}.SetOptions(
+              "truncate_string_field_longer_than=32"))));
 
   std::cout << "\nRunning UseAccessToken() example" << std::endl;
   UseAccessToken(client, {test_iam_service_account, project_id});
@@ -294,9 +285,10 @@ void AutoRun(std::vector<std::string> const& argv) {
 
 int main(int argc, char* argv[]) {  // NOLINT(bugprone-exception-escape)
   using ::google::cloud::testing_util::Example;
+  namespace iam = ::google::cloud::iam_credentials_v1;
 
-  using ClientCommand = std::function<void(
-      google::cloud::iam::IAMCredentialsClient, std::vector<std::string> argv)>;
+  using ClientCommand = std::function<void(iam::IAMCredentialsClient,
+                                           std::vector<std::string> argv)>;
 
   auto make_entry = [](std::string name,
                        std::vector<std::string> const& arg_names,
@@ -308,11 +300,8 @@ int main(int argc, char* argv[]) {  // NOLINT(bugprone-exception-escape)
         for (auto const& a : arg_names) usage += " <" + a + ">";
         throw google::cloud::testing_util::Usage{std::move(usage)};
       }
-      auto client = google::cloud::iam::IAMCredentialsClient(
-          google::cloud::iam::MakeIAMCredentialsConnection(
-              google::cloud::Options{}
-                  .set<google::cloud::TracingComponentsOption>(
-                      DefaultTracingComponents())));
+      auto client =
+          iam::IAMCredentialsClient(iam::MakeIAMCredentialsConnection());
       command(client, std::move(argv));
     };
     return google::cloud::testing_util::Commands::value_type(std::move(name),
diff --git a/google/cloud/bigtable/doc/bigtable-samples-grpc-credentials.dox b/google/cloud/bigtable/doc/bigtable-samples-grpc-credentials.dox
@@ -69,10 +69,6 @@ The following code shows how to use a JWT access token to connect to an Admin AP
 
 The following code shows how to use a GCE credentials to connect to an Admin API endpoint.
 
-@snippet bigtable_grpc_credentials.cc test gce credentials
-
-One may face "Request had insufficient authentication scopes." error while running above example. This might be due to disabled "Cloud API access scope" for Bigtable. This error can be removed by providing sufficient access as explained [here][api-access-scope].
-
 ## Use of IAM Credentials
 
 ### Check IAM Policy
@@ -90,6 +86,5 @@ One may face "Request had insufficient authentication scopes." error while runni
 [info-google-authentication]: https://cloud.google.com/docs/authentication/getting-started
 [info-root-certificates]: https://github.com/googleapis/google-cloud-cpp/tree/main/google/cloud/bigtable/examples#configure-grpc-root-certificates
 [print-access-token]: https://cloud.google.com/sdk/gcloud/reference/beta/auth/application-default/print-access-token
-[api-access-scope]: https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes
 
 */
diff --git a/google/cloud/bigtable/examples/bigtable_grpc_credentials.cc b/google/cloud/bigtable/examples/bigtable_grpc_credentials.cc
@@ -15,8 +15,10 @@
 #include "google/cloud/bigtable/admin/bigtable_table_admin_client.h"
 #include "google/cloud/bigtable/examples/bigtable_examples_common.h"
 #include "google/cloud/bigtable/resource_names.h"
+#include "google/cloud/credentials.h"
 #include "google/cloud/internal/getenv.h"
 #include "google/cloud/log.h"
+#include <chrono>
 #include <fstream>
 #include <sstream>
 
@@ -30,21 +32,16 @@ void AccessToken(std::vector<std::string> const& argv) {
   }
 
   // Create a namespace alias to make the code easier to read.
+  namespace gc = ::google::cloud;
   namespace cbt = ::google::cloud::bigtable;
   namespace cbta = ::google::cloud::bigtable_admin;
-  using ::google::cloud::GrpcCredentialOption;
-  using ::google::cloud::Options;
-  using ::google::cloud::StatusOr;
 
   //! [test access token]
   [](std::string const& project_id, std::string const& instance_id,
      std::string const& access_token) {
-    auto call_credentials = grpc::AccessTokenCredentials(access_token);
-    auto channel_credentials =
-        grpc::SslCredentials(grpc::SslCredentialsOptions());
-    auto credentials = grpc::CompositeChannelCredentials(channel_credentials,
-                                                         call_credentials);
-    auto options = Options{}.set<GrpcCredentialOption>(credentials);
+    auto creds = gc::MakeAccessTokenCredentials(
+        access_token, std::chrono::system_clock::now() + std::chrono::hours(1));
+    auto options = gc::Options{}.set<gc::UnifiedCredentialsOption>(creds);
 
     cbta::BigtableTableAdminClient admin(
         cbta::MakeBigtableTableAdminConnection(options));
@@ -68,11 +65,9 @@ void JWTAccessToken(std::vector<std::string> const& argv) {
         "<service_account_file_json>"};
   }
   // Create a namespace alias to make the code easier to read.
+  namespace gc = ::google::cloud;
   namespace cbt = ::google::cloud::bigtable;
   namespace cbta = ::google::cloud::bigtable_admin;
-  using ::google::cloud::GrpcCredentialOption;
-  using ::google::cloud::Options;
-  using ::google::cloud::StatusOr;
 
   //! [test jwt access token]
   [](std::string const& project_id, std::string const& instance_id,
@@ -86,13 +81,8 @@ void JWTAccessToken(std::vector<std::string> const& argv) {
     }
     std::string json_key(std::istreambuf_iterator<char>{stream}, {});
 
-    auto call_credentials =
-        grpc::ServiceAccountJWTAccessCredentials(json_key, 6000);
-    auto channel_credentials =
-        grpc::SslCredentials(grpc::SslCredentialsOptions());
-    auto credentials = grpc::CompositeChannelCredentials(channel_credentials,
-                                                         call_credentials);
-    auto options = Options{}.set<GrpcCredentialOption>(credentials);
+    auto creds = gc::MakeServiceAccountCredentials(std::move(json_key));
+    auto options = gc::Options{}.set<gc::UnifiedCredentialsOption>(creds);
 
     cbta::BigtableTableAdminClient admin(
         cbta::MakeBigtableTableAdminConnection(options));
@@ -109,41 +99,6 @@ void JWTAccessToken(std::vector<std::string> const& argv) {
   (argv.at(0), argv.at(1), argv.at(2));
 }
 
-void GCECredentials(std::vector<std::string> const& argv) {
-  if (argv.size() != 2) {
-    throw Usage{"test-gce-credentials: <project-id> <instance-id>"};
-  }
-  // Create a namespace alias to make the code easier to read.
-  namespace cbt = ::google::cloud::bigtable;
-  namespace cbta = ::google::cloud::bigtable_admin;
-  using ::google::cloud::GrpcCredentialOption;
-  using ::google::cloud::Options;
-  using ::google::cloud::StatusOr;
-
-  //! [test gce credentials]
-  [](std::string const& project_id, std::string const& instance_id) {
-    auto call_credentials = grpc::GoogleComputeEngineCredentials();
-    auto channel_credentials =
-        grpc::SslCredentials(grpc::SslCredentialsOptions());
-    auto credentials = grpc::CompositeChannelCredentials(channel_credentials,
-                                                         call_credentials);
-    auto options = Options{}.set<GrpcCredentialOption>(credentials);
-
-    cbta::BigtableTableAdminClient admin(
-        cbta::MakeBigtableTableAdminConnection(options));
-
-    google::bigtable::admin::v2::ListTablesRequest r;
-    r.set_parent(cbt::InstanceName(project_id, instance_id));
-    r.set_view(google::bigtable::admin::v2::Table::NAME_ONLY);
-    auto tables = admin.ListTables(std::move(r));
-    for (auto& table : tables) {
-      if (!table) throw std::move(table).status();
-    }
-  }
-  //! [test gce credentials]
-  (argv.at(0), argv.at(1));
-}
-
 void RunAll(std::vector<std::string> const& argv) {
   namespace examples = ::google::cloud::bigtable::examples;
 
@@ -178,7 +133,6 @@ int main(int argc, char* argv[]) try {
   google::cloud::bigtable::examples::Commands commands = {
       {"test-access-token", AccessToken},
       {"test-jwt-access-token", JWTAccessToken},
-      {"test-gce-credentials", GCECredentials},
       {"auto", RunAll},
   };
 
