Skip to content

fix(auth): use requests transport for GCE MDS#16480

Merged
daniel-sanche merged 7 commits intomainfrom
auth_use_requests
Apr 3, 2026
Merged

fix(auth): use requests transport for GCE MDS#16480
daniel-sanche merged 7 commits intomainfrom
auth_use_requests

Conversation

@daniel-sanche
Copy link
Copy Markdown
Contributor

@daniel-sanche daniel-sanche commented Mar 30, 2026

Fixes #16090

We were seeing errors on GCE environments, because the library would use _http_client to communicate to the metadata server, even when mTLS is enabled. This resulted in failures, because _http_client doesn't support https.

This PR addresses the issue by using requests as the transport instead. This depends on the optional requests dependency, but requests is already required by compute engine, so there are no changes there.

I was able to reproduce and verify this test on a GCE VM

@daniel-sanche daniel-sanche requested review from a team as code owners March 30, 2026 20:59
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request replaces the internal _http_client transport with the requests transport in the _get_gce_credentials function and includes a minor string formatting fix. Feedback suggests that the switch to requests may require a minor version bump due to changes in proxy handling and recommends adding type hints to avoid mypy errors. Additionally, it is suggested to enhance the new unit test by asserting the function's return values.

This was referenced Mar 30, 2026
Closed
Closed
Closed
@daniel-sanche daniel-sanche added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 31, 2026
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 31, 2026
@daniel-sanche @gemini-code-assist
Update packages/google-auth/tests/test__default.py
b76925f 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
nolanleastin
nolanleastin reviewed Apr 2, 2026
View reviewed changes
packages/google-auth/tests/test__default.py
ping.assert_called_with(request=mock.sentinel.request)


@mock.patch(
Copy link
Copy Markdown
Contributor

@nolanleastin nolanleastin Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we can create a test that just calls google.auth.default() such that it will trigger this logic?

Copy link
Copy Markdown
Contributor Author

@daniel-sanche daniel-sanche Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I added an extra test

@daniel-sanche daniel-sanche enabled auto-merge (squash) April 2, 2026 00:30
nolanleastin
nolanleastin reviewed Apr 2, 2026
View reviewed changes
@nolanleastin
Copy link
Copy Markdown
Contributor

nolanleastin commented Apr 2, 2026

This LGTM

@parthea parthea closed this Apr 2, 2026
auto-merge was automatically disabled April 2, 2026 22:21

Pull request was closed

@parthea parthea reopened this Apr 2, 2026
@daniel-sanche daniel-sanche merged commit 614a3d0 into main Apr 3, 2026
48 checks passed
@daniel-sanche daniel-sanche deleted the auth_use_requests branch April 3, 2026 01:19
@chalmerlowe chalmerlowe mentioned this pull request Apr 8, 2026
Closed
This was referenced Apr 9, 2026
Closed
Closed
Merged
daniel-sanche pushed a commit that referenced this pull request Apr 9, 2026
@cloud-sdk-librarian-robot
chore: librarian release pull request: 20260409T210905Z (#16604)
d3d6840 
PR created by the Librarian CLI to initialize a release. Merging this PR
will auto trigger a release.

Librarian Version: v0.0.0-20260407211006-7cd74ea13ba9
Language Image:
us-central1-docker.pkg.dev/cloud-sdk-librarian-prod/images-prod/python-librarian-generator@sha256:234b9d1f2ddb057ed7ac6a38db0bf8163d839c65c6cf88ade52530cddebce59e
<details><summary>bigquery-magics: v0.13.0</summary>

##
[v0.13.0](bigquery-magics-v0.12.2...bigquery-magics-v0.13.0)
(2026-04-09)

### Features

* drop support for Python 3.9 (#16587)
([961eacd](961eacd0))

* deprecate `--engine=bigframes`, run `%load_ext bigframes` and use
`%%bqsql` magics instead (#16573)
([dbaf8f5](dbaf8f54))

</details>


<details><summary>google-api-core: v2.30.3</summary>

##
[v2.30.3](google-api-core-v2.30.2...google-api-core-v2.30.3)
(2026-04-09)

### Bug Fixes

* avoid repeated scan of entire venv via packages_distributions() at
import time (#16579)
([c5728b2](c5728b24))

</details>


<details><summary>google-apps-chat: v0.8.0</summary>

##
[v0.8.0](google-apps-chat-v0.7.0...google-apps-chat-v0.8.0)
(2026-04-09)

### Features

* Addition of Section and SectionItem APIs (PiperOrigin-RevId:
893488928)
([56ccbd8](56ccbd86))

* Support app authentication with admin-consent scopes for Chat API
ListMessages, GetMessage, GetSpaceEvent and ListSpaceEvents
(PiperOrigin-RevId: 893619899)
([56ccbd8](56ccbd86))

### Documentation

* Update reference documentation for Chat API ListMessages, GetMessage,
GetSpaceEvent and ListSpaceEvents. (PiperOrigin-RevId: 893619899)
([56ccbd8](56ccbd86))

</details>


<details><summary>google-auth: v2.49.2</summary>

##
[v2.49.2](google-auth-v2.49.1...google-auth-v2.49.2)
(2026-04-09)

### Bug Fixes

* use requests transport for GCE MDS (#16480)
([614a3d0](614a3d04))

</details>


<details><summary>google-cloud-appoptimize: v0.1.0</summary>

##
[v0.1.0](google-cloud-appoptimize-v0.0.0...google-cloud-appoptimize-v0.1.0)
(2026-04-09)

### Features

* onboard a new library (PiperOrigin-RevId: 895558469)
([8e92bae](8e92bae8))

</details>


<details><summary>google-cloud-dlp: v3.36.0</summary>

##
[v3.36.0](google-cloud-dlp-v3.35.0...google-cloud-dlp-v3.36.0)
(2026-04-09)

### Features

* added support for detecting key-value pairs in client provided
metadata (PiperOrigin-RevId: 895098649)
([56ccbd8](56ccbd86))

</details>


<details><summary>google-cloud-iamconnectorcredentials: v0.1.0</summary>

##
[v0.1.0](google-cloud-iamconnectorcredentials-v0.0.0...google-cloud-iamconnectorcredentials-v0.1.0)
(2026-04-09)

### Features

* onboard a new library (PiperOrigin-RevId: 889980347)
([2a3458c](2a3458c8))

</details>


<details><summary>google-cloud-pubsub: v2.37.0</summary>

##
[v2.37.0](google-cloud-pubsub-v2.36.0...google-cloud-pubsub-v2.37.0)
(2026-04-09)

### Documentation

* Fix documentation URL AIInference MessageTransform
service_account_email field (PiperOrigin-RevId: 895485801)
([56ccbd8](56ccbd86))

</details>


<details><summary>google-cloud-translate: v3.26.0</summary>

##
[v3.26.0](google-cloud-translate-v3.25.0...google-cloud-translate-v3.26.0)
(2026-04-09)

### Features

* A new field `mime_type` is added to message
`.google.cloud.translation.v3.AdaptiveMtTranslateRequest`
(PiperOrigin-RevId: 895422613)
([56ccbd8](56ccbd86))

</details>


<details><summary>pandas-gbq: v0.35.0</summary>

##
[v0.35.0](pandas-gbq-v0.34.1...pandas-gbq-v0.35.0)
(2026-04-09)

### Features

* drop support for Python 3.9 (#16476)
([f38cd44](f38cd44b))

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nolanleastin nolanleastin nolanleastin approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

google.auth.default() fails to retreive project_id

4 participants

@daniel-sanche @nolanleastin @parthea @yoshi-kokoro