Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable authentication when a non-default api_endpoint is set (just like the googleapis/nodejs-storage) #895

Closed
MadhuPolu opened this issue Nov 3, 2022 · 4 comments · Fixed by #901 or #941
Closed

Enable authentication when a non-default api_endpoint is set (just like the googleapis/nodejs-storage) #895

MadhuPolu opened this issue Nov 3, 2022 · 4 comments · Fixed by #901 or #941
Assignees
@cojenco
Labels
api: storage Issues related to the googleapis/python-storage API. status: investigating The issue is under investigation, which is determined to be non-trivial. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@MadhuPolu
Copy link

Issue we're facing:
After version 2.1.0, authorization bearer token is stopped being sent to the custom endpoints (non-default api_endpoint), we forcefully needed to downgrade to the version 2.0.0 to make things work on our end. We had other option like explicitly passing credentials while instantiating the storage client, but this change was needed to be done in all places wherever the client is instantiated, so we just went to downgrade to the version 2.0.0.

Feature request:
Since this change feat: avoid authentication with storage emulator was intentional, can you please add a flag to enable the auth for custom endpoints something like in the googleapis/nodejs-storage?

A flag named useAuthWithCustomEndpoint was added in the nodejs storage client library to support the auth with custom endpoints. Just fyi, here are the code changes related to that flag.
Allow authentication with custom endpoint
Add support for useAuthWithCustomEndpoint option
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Nov 3, 2022
@cojenco cojenco self-assigned this Nov 3, 2022
@BrennaEpp BrennaEpp added priority: p2 Moderately-important priority. Fix may not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Nov 7, 2022
@cojenco cojenco added the status: investigating The issue is under investigation, which is determined to be non-trivial. label Nov 7, 2022
@cojenco
Copy link
Contributor

cojenco commented Nov 8, 2022

Hi @MadhuPolu thanks for filing this issue. Could you please describe your use case in more detail?

If I understand correctly, the desire is for the client to detect the default credentials for the current environment while using a non-default api_endpoint, instead of explicitly passing in credentials. Is my understanding correct? The current design will not bypass auth if you pass in credentials when instantiating a client.

@MadhuPolu
Copy link
Author

Yes @cojenco, you're correct, we need the client to detect the default credentials while using a non-default api_endpoint. And we don't want to pass any credentials explicitly when instantiating a client as we heavily depend on ADC (Application Default Credentials).

Please let me know if you need any more details.

Trivials:

  1. We also use other language GCS clients Go, Node.js, Java, PHP. All are supporting the ADC out of the box when the non-default api_endpoint is set, Node.js enabled it through a flag.
  2. One year ago, we faced the similar problem with googleapis/nodejs-storage, here is the nodejs-storage bug we reported.

ADC is a strategy used by Cloud Client Libraries and Google API Client Libraries to automatically find credentials based on the application environment, and use those credentials to authenticate to Google Cloud APIs.

@cojenco
Copy link
Contributor

cojenco commented Nov 10, 2022

Thank you for the additional context👍 I'm working with our team to address this.

@cojenco cojenco mentioned this issue Nov 14, 2022
Merged
@cojenco cojenco mentioned this issue Nov 30, 2022
Merged
@cojenco
Copy link
Contributor

cojenco commented Dec 7, 2022

Hi @MadhuPolu the fix is now ready in v2.7.0 Thanks again for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cojenco cojenco

Labels
api: storage Issues related to the googleapis/python-storage API. status: investigating The issue is under investigation, which is determined to be non-trivial. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
3 participants
@BrennaEpp @MadhuPolu @cojenco