fix(spanner): update DirectPath detection logic to use ALTS credentials (#14288)

Switched the directpath_used metric logic to assert alts.AuthInfo on the
gRPC peer context. This improves reliability over previous IP prefix
matching, mapping more closely to standard gRPC practices across
evolving DirectPath networks.

Author: sakthivelmanii

spanner/grpc_client.go

@@ -34,11 +34,6 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-const (
-	directPathIPV6Prefix = "[2001:4860:8040"
-	directPathIPV4Prefix = "34.126"
-)
-
 type contextKey string
 
 const metricsTracerKey contextKey = "metricsTracer"

spanner/integration_test.go

@@ -57,6 +57,7 @@ import (
 	"google.golang.org/api/option/internaloption"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials/alts"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
@@ -6608,22 +6609,20 @@ func verifyDirectPathRemoteAddress(t *testing.T) {
 		return
 	}
 	if remoteIP, res := isDirectPathRemoteAddress(); !res {
-		if dpConfig.directPathIPv4Only {
-			t.Fatalf("Expect to access DirectPath via ipv4 only, but RPC was destined to %s", remoteIP)
-		} else {
-			t.Fatalf("Expect to access DirectPath via ipv4 or ipv6, but RPC was destined to %s", remoteIP)
-		}
+		t.Fatalf("Expect to access DirectPath via ALTS, but RPC was destined to %s", remoteIP)
 	}
 }
 
 func isDirectPathRemoteAddress() (_ string, _ bool) {
-	remoteIP := peerInfo.Addr.String()
-	// DirectPath ipv4-only can only use ipv4 traffic.
-	if dpConfig.directPathIPv4Only {
-		return remoteIP, strings.HasPrefix(remoteIP, directPathIPV4Prefix)
+	var remoteIP string
+	if peerInfo != nil && peerInfo.Addr != nil {
+		remoteIP = peerInfo.Addr.String()
+	}
+	isDP := false
+	if peerInfo != nil && peerInfo.AuthInfo != nil {
+		_, isDP = peerInfo.AuthInfo.(alts.AuthInfo)
 	}
-	// DirectPath ipv6 can use either ipv4 or ipv6 traffic.
-	return remoteIP, strings.HasPrefix(remoteIP, directPathIPV4Prefix) || strings.HasPrefix(remoteIP, directPathIPV6Prefix)
+	return remoteIP, isDP
 }
 
 // examineTraffic counts RPCs use DirectPath or CFE traffic.

spanner/metrics.go

@@ -37,6 +37,7 @@ import (
 	"google.golang.org/api/option"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials/alts"
 	"google.golang.org/grpc/experimental/stats"
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/stats/opentelemetry"
@@ -533,9 +534,8 @@ func (o *opTracer) incrementAttemptCount() {
 // setDirectPathUsed sets whether DirectPath was used for the attempt.
 func (a *attemptTracer) setDirectPathUsed(ctx context.Context) {
 	peerInfo, ok := peer.FromContext(ctx)
-	if ok && peerInfo.Addr != nil {
-		remoteIP := peerInfo.Addr.String()
-		if strings.HasPrefix(remoteIP, directPathIPV4Prefix) || strings.HasPrefix(remoteIP, directPathIPV6Prefix) {
+	if ok {
+		if _, isALTS := peerInfo.AuthInfo.(alts.AuthInfo); isALTS {
 			a.directPathUsed = true
 		}
 	}

spanner/metrics_test.go

@@ -31,7 +31,9 @@ import (
 	"google.golang.org/genproto/googleapis/api/metric"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials/alts"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 )
 
@@ -314,3 +316,60 @@ func parseHex(hexStr string) (int64, error) {
 	_, err := fmt.Sscanf(hexStr, "%x", &value)
 	return value, err
 }
+
+type mockALTSAuthInfo struct {
+	alts.AuthInfo
+}
+
+func (m mockALTSAuthInfo) AuthType() string { return "alts" }
+
+type mockOtherAuthInfo struct{}
+
+func (m mockOtherAuthInfo) AuthType() string { return "other" }
+
+func TestSetDirectPathUsed(t *testing.T) {
+	tests := []struct {
+		name string
+		peer *peer.Peer
+		want bool
+	}{
+		{
+			name: "ALTS AuthInfo",
+			peer: &peer.Peer{
+				AuthInfo: mockALTSAuthInfo{},
+			},
+			want: true,
+		},
+		{
+			name: "Other AuthInfo",
+			peer: &peer.Peer{
+				AuthInfo: mockOtherAuthInfo{},
+			},
+			want: false,
+		},
+		{
+			name: "No AuthInfo",
+			peer: &peer.Peer{},
+			want: false,
+		},
+		{
+			name: "No Peer",
+			peer: nil,
+			want: false,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			tracer := &attemptTracer{}
+			ctx := context.Background()
+			if tc.peer != nil {
+				ctx = peer.NewContext(ctx, tc.peer)
+			}
+			tracer.setDirectPathUsed(ctx)
+			if tracer.directPathUsed != tc.want {
+				t.Errorf("setDirectPathUsed() = %v, want %v", tracer.directPathUsed, tc.want)
+			}
+		})
+	}
+}