feat(auth): support universe domain for service account creds#5248
feat(auth): support universe domain for service account creds#5248alvarowolfx wants to merge 2 commits intogoogleapis:mainfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5248 +/- ##
=======================================
Coverage 98.01% 98.02%
=======================================
Files 214 214
Lines 44703 44744 +41
=======================================
+ Hits 43817 43859 +42
+ Misses 886 885 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| /// # let config = json!({ | ||
| /// # "type": "service_account", | ||
| /// # "client_email": "foo@bar.com", | ||
| /// # "private_key": "---BEGIN---" | ||
| /// # }); |
There was a problem hiding this comment.
nit: this could just be json!({}) if we are hiding it.
| let credentials = Builder::new(json_value).build()?; | ||
|
|
||
| let universe_domain = credentials.universe_domain().await; | ||
| assert_eq!(universe_domain, None, "{universe_domain:?}"); |
There was a problem hiding this comment.
nit: no need for the extra printing when using assert_eq!. It only adds value for like assert!(universe_domain.is_none(), "{universe_domain:?}");
here and below.
| /// .build()?; | ||
| /// # Ok(()) } | ||
| /// ``` | ||
| pub fn with_universe_domain<S: Into<String>>(mut self, universe_domain: S) -> Self { |
There was a problem hiding this comment.
comment: hmm, if we can override things with a builder function, why can't we override things with the GOOGLE_CLOUD_UNIVERSE_DOMAIN env var?
w/e. Not my spec.
|
|
||
| /// Sets the universe domain for this credentials. | ||
| /// | ||
| /// The universe domain is the default service domain for a given cloud universe. |
There was a problem hiding this comment.
nit: I don't think "default" is correct.
I asked Gemini to rewrite this and it spat out:
/// Sets the Google Cloud universe domain for these credentials.
///
/// A "universe" is an isolated Google Cloud environment, such as the public
/// cloud or a sovereign/air-gapped deployment (e.g., Google Distributed Cloud).
/// The universe domain acts as the base URL for constructing API endpoints
/// within that environment.
///
/// By default, this is set to `googleapis.com`. You should only override this
/// if your application is operating within a custom Cloud universe and needs
/// to direct authentication and service requests to a different base endpoint.
Consider taking any pieces of that that look good.
There was a problem hiding this comment.
Also, #5259.
Maybe this should be the documentation for the Credentials::universe_domain accessor, and here we just say "override the value" without needing to explain what is a universe.
dbolduc
changed the title
|
Also, double check the title. The builder option is public, so this should be a |
2 participants
Towards #3646