feat(spanner): add ClientContext support to options

[aseering]

This change adds support for ClientContext in Options and ensures it is propagated to ExecuteSql, Read, Commit, and BeginTransaction requests. It aligns with go/spanner-client-scoped-session-state design.

ClientContext allows passing opaque, RPC-scoped side-channel information (like application-level user context) to Spanner. This implementation supports setting ClientContext at the Client, Database, and Request levels, with request-level options taking precedence.

Key changes:

• Added ClientContext to types/spanner.py and exposed it.
• Updated Client.init to accept a default client_context.
• Added helpers for merging ClientContext with correct precedence.
• Updated Snapshot, Transaction, Batch, and Database wrappers to propagate the context.
• Added comprehensive unit tests in tests/unit/test_client_context.py.

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

• Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
• Ensure the tests and linter pass
• Code coverage does not decrease (if any source code was changed)
• Appropriate docs were updated (if necessary)

Fixes #<issue_number_goes_here> 🦕

[gemini-code-assist]

Summary of Changes

Hello @aseering, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces ClientContext functionality to the Spanner client library, allowing users to attach opaque, RPC-scoped side-channel information to their requests. This enhancement provides a flexible mechanism for passing application-level user context, improving the client's ability to integrate with secure views and other context-aware Spanner features. The changes ensure that this context is consistently propagated and merged throughout the client's operations, respecting a clear precedence hierarchy.

Highlights

• ClientContext Support: Added support for ClientContext in Spanner Options and ensured its propagation to ExecuteSql, Read, Commit, and BeginTransaction requests, aligning with the go/spanner-client-scoped-session-state design.
• Context Propagation Levels: Implemented ClientContext setting at the Client, Database, and Request levels, with request-level options taking precedence during merging.
• Helper Functions: Introduced new helper functions, _merge_client_context and _merge_request_options, to handle the merging logic for ClientContext with correct precedence.
• API Integration: Updated Client.__init__, Snapshot, Transaction, Batch, and MutationGroups wrappers to accept and propagate client_context.
• Unit Tests: Added comprehensive unit tests to tests/unit/test_client_context.py to verify the correct merging and propagation of ClientContext across different components and levels.

Changelog

• google/cloud/spanner_v1/init.py
  • Imported and exposed the new ClientContext type.
• google/cloud/spanner_v1/_helpers.py
  • Imported ClientContext and RequestOptions.
  • Added _merge_client_context function to merge two ClientContext objects, with the 'merge' argument taking precedence.
  • Added _merge_request_options function to merge a ClientContext into RequestOptions.
• google/cloud/spanner_v1/batch.py
  • Imported _merge_client_context, _merge_request_options, and ClientContext.
  • Modified _BatchBase.__init__ to accept an optional client_context argument and store it.
  • Updated commit method to merge client-level and batch-level client_context into request_options.
  • Modified MutationGroups.__init__ to accept an optional client_context argument and store it.
  • Updated batch_write method to merge client-level and mutation group-level client_context into request_options.
• google/cloud/spanner_v1/client.py
  • Imported ClientContext.
  • Modified Client.__init__ to accept an optional client_context argument and store it as _client_context.
• google/cloud/spanner_v1/database.py
  • Updated snapshot method's docstring to mention client_context.
  • Modified batch method to accept an optional client_context argument.
  • Modified mutation_groups method to accept an optional client_context argument.
  • Modified batch_snapshot method to accept an optional client_context argument.
  • Updated run_in_transaction method's docstring to mention client_context.
  • Modified BatchCheckout.__init__ to accept an optional client_context argument and pass it to the Batch constructor.
  • Modified MutationGroupsCheckout.__init__ to accept an optional client_context argument and pass it to the MutationGroups constructor.
  • Modified BatchSnapshot.__init__ to accept an optional client_context argument and store it.
• google/cloud/spanner_v1/snapshot.py
  • Imported _merge_client_context, _merge_request_options, and ClientContext.
  • Modified _SnapshotBase.__init__ to accept an optional client_context argument and store it.
  • Updated read method to merge client-level and snapshot-level client_context into request_options.
  • Updated execute_sql method to merge client-level and snapshot-level client_context into request_options.
  • Updated _begin_transaction method to merge client-level and snapshot-level client_context into request_options.
  • Modified Snapshot.__init__ to accept an optional client_context argument and pass it to the _SnapshotBase constructor.
• google/cloud/spanner_v1/transaction.py
  • Imported _merge_client_context and _merge_request_options.
  • Modified Transaction.__init__ to accept an optional client_context argument and pass it to the _SnapshotBase constructor.
  • Updated commit method to merge client-level and transaction-level client_context into request_options.
  • Updated execute_update method to merge client-level and transaction-level client_context into request_options.
  • Updated batch_update method to merge client-level and transaction-level client_context into request_options.
• google/cloud/spanner_v1/types/init.py
  • Exported the new ClientContext type.
• google/cloud/spanner_v1/types/spanner.py
  • Defined the ClientContext proto message with a secure_context map field.
  • Added a client_context field to the RequestOptions proto message.
• tests/unit/test_client_context.py
  • Added a new test file to verify the functionality of ClientContext.
  • Tested _merge_client_context and _merge_request_options for various merge scenarios.
  • Verified Client initialization with client_context.
  • Confirmed client_context propagation in Snapshot.execute_sql, Transaction.commit, Batch.commit, Transaction.execute_update, MutationGroups.batch_write, and BatchSnapshot.
  • Included a test to ensure client_context is not supported in Transaction.rollback.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for ClientContext throughout the Spanner client library, enabling its propagation to various requests. However, a critical flaw was identified in the _merge_client_context helper function, which modifies the base context object in place. This can lead to cross-request context leakage, potentially resulting in unauthorized data access or privilege escalation if the context is used for security-sensitive decisions. Additionally, there are suggestions to enhance code quality, such as replacing type() is dict checks with isinstance() for type validation and a refactoring suggestion to improve logic clarity.

[olavloite]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces support for ClientContext in Spanner options, enabling the propagation of RPC-scoped side-channel information. The changes are consistently applied across the client, database, and request levels, with correct precedence handling for merging contexts. The addition of helper functions for this purpose is a good structural improvement. The new functionality is well-supported by a comprehensive suite of unit tests. I have one suggestion to improve the clarity of a race condition fix.

[gemini-code-assist]

This line is redundant. The _restart_on_unavailable function, called below, will overwrite request.transaction by calling self._build_transaction_selector_pb(). This method already correctly handles the case where _transaction_id has been set by another thread. You can remove this line for cleaner code, similar to the pattern used for the same race condition fix in transaction.py.

[olavloite]

This whole block looks weird. Why is it being added in this change? It does not appear to be related to ClientContext.

[olavloite]

This also does not appear to be related to ClientContext. Is it fixing some other issue?

[olavloite]

Here also