Skip to content

feat(auth): Ensure new auth SDK versions are backwards compatible with previous SDKs to enable copying to G3#17407

Open
macastelaz wants to merge 6 commits into
mainfrom
copy_updates
Open

feat(auth): Ensure new auth SDK versions are backwards compatible with previous SDKs to enable copying to G3#17407
macastelaz wants to merge 6 commits into
mainfrom
copy_updates

Conversation

@macastelaz

@macastelaz macastelaz commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Incorporate universal bug fixes, robustness guardrails, and circular import decoupling

  • Restore fail-fast validation in _mtls_helper.py
  • Add robustness guardrails to impersonated_credentials.py for universe_domain
  • Safeguard RSA Signer & key_id in rsa.py
  • Break circular import in credentials.py
  • Update unit tests in test__mtls_helper.py to match new behavior and run robustly in Google environments.

TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6

@macastelaz
feat(auth): incorporate universal bug fixes, robustness guardrails, a…
6cd4f2b 
…nd circular import decoupling

- Restore fail-fast validation in _mtls_helper.py
- Add robustness guardrails to impersonated_credentials.py for universe_domain
- Safeguard RSA Signer & key_id in rsa.py
- Break circular import in credentials.py
- Update unit tests in test__mtls_helper.py to match new behavior and run robustly in Google environments.

TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
@macastelaz macastelaz requested review from a team as code owners June 9, 2026 17:20
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 9, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces dynamic imports for regional access boundary lookups, adds robust environment variable validation for client certificates, and improves fallback handling for universe domains and key IDs. The review feedback highlights opportunities to make the code more robust and efficient, such as performing safe None checks before accessing object properties in rsa.py, avoiding falsy value issues when retrieving key_id, and eliminating redundant attribute lookups in impersonated_credentials.py.

Comment thread packages/google-auth/google/auth/crypt/rsa.py Outdated
Comment thread packages/google-auth/google/auth/crypt/rsa.py Outdated
Comment thread packages/google-auth/google/auth/impersonated_credentials.py
macastelaz added 5 commits June 9, 2026 17:26
@macastelaz
refactor(auth): safely check private_key for None before accessing it…
01cd840 
…s module attribute

TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
@macastelaz
refactor(auth): explicitly check if key_id is not None in RSASigner.k…
a96d509 
…ey_id

TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
@macastelaz
refactor(auth): avoid double attribute lookup for universe_domain in …
92ea90e 
…impersonated credentials

TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
@macastelaz
style(auth): format modified files with black and ruff
46d5f2a 
TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
@macastelaz
style(auth): fix import ordering to satisfy flake8 import-order rules
97ff318 
TAG=agy
CONV=39c1761f-e06b-4e3a-80b6-b4fbc70df0b6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@daniel-sanche daniel-sanche

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@macastelaz @daniel-sanche