fix: fallback on VPC#13567
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a check to identify if a PERMISSION_DENIED exception is caused by a VPC Service Controls (VPC-SC) policy violation in ClassicDirectAccessChecker.java. It inspects the error details or falls back to string matching, logging a warning if a violation is found. The review feedback correctly identifies that omitting the assignment of isEligible in the VPC-SC violation branch could lead to a compilation error if the variable is not pre-initialized, and suggests explicitly setting it to false.
|
I think in case of PERMISSION_DENIED exception is caused by a VPC Service Controls, |
| } | ||
|
|
||
| /** Checks if the exception is due to a VPC Service Controls policy violation. */ | ||
| private boolean isAllowed(StatusRuntimeException e) { |
There was a problem hiding this comment.
add isAllowedFromVPCServiceControls
| String description = e.getStatus().getDescription(); | ||
| String message = e.getMessage(); | ||
| return (description != null | ||
| && description.contains("Request is prohibited by organization's policy")) |
There was a problem hiding this comment.
can you see if this is the authorative string?
I see "request is prohibited by " as well.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a check in ClassicDirectAccessChecker to identify if a PERMISSION_DENIED exception is caused by a VPC Service Controls policy violation, logging a warning instead of resorting to an ALTS check. The review feedback suggests renaming the helper method isAllowedFromVPCServiceControls to isBlockedByVpcServiceControls to accurately reflect its logic, and using toLowerCase(Locale.ROOT) to prevent locale-sensitive string comparison issues.
3 participants
No description provided.