Skip to content

feat: Use float instead of int for GCE_METADATA_TIMEOUT #1481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ludoch wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: Use float instead of int for GCE_METADATA_TIMEOUT #1481

ludoch wants to merge 10 commits into from
+55 −9

Conversation

@ludoch
Copy link

@ludoch ludoch commented Feb 20, 2024

Move the logic to read GCE_METADATA_TIMEOUT env variable so we can better control it in app_identity component.

Related internal change is 607513254.

@ludoch
Update _metadata.py
03c0713 
Move the logic to read GCE_METADATA_TIMEOUT env variable so we can better control it in app_identity component.

Related internal change is 607513254.
@ludoch ludoch requested review from a team as code owners February 20, 2024 20:02
@conventional-commit-lint-gcf
Copy link

conventional-commit-lint-gcf bot commented Feb 20, 2024
edited
Loading

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@estrellis
Copy link

estrellis commented Feb 20, 2024

The change LGTM

@ludoch ludoch changed the title Move the logic to read GCE_METADATA_TIMEOUT. Update _metadata.py Feb 21, 2024
@clundin25 clundin25 changed the title Update _metadata.py feat: Use float instead of int for GCE_METADATA_TIMEOUT Feb 21, 2024
clundin25
clundin25 reviewed Feb 21, 2024
View reviewed changes
clundin25
clundin25 reviewed Feb 21, 2024
View reviewed changes
google/auth/compute_engine/_metadata.py Outdated
Comment on lines 121 to 122
except ValueError: # pragma: NO COVER
pass
Copy link
Contributor

@clundin25 clundin25 Feb 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not capture a ValueError here. Additionally, the timeout variable would not be usable, so the downstream call would have problems.

Copy link

@estrellis estrellis Feb 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW the original code caught the ValueError. The value is set by the user.
I am thinking if the Exception happens timeout will retain the passed in/default value

Copy link
Contributor

@clundin25 clundin25 Feb 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case, can you remove the pragma, and include test coverage for this change?

clundin25
clundin25 reviewed Feb 29, 2024
View reviewed changes
judahrand added a commit to judahrand/google-auth-library-python that referenced this pull request Mar 2, 2024
@judahrand
chore: reformat to match structure in googleapis#1481
1c2a4e5
ludoch and others added 4 commits March 20, 2024 17:44
@ludoch
Merge branch 'googleapis:main' into main
1fe93bc
@ludoch
Merge branch 'googleapis:main' into main
51e12cd
@ludoch
Change timeout behavior and add a test for metadata server access. (#1)
be068a5 
* Add a test with new _metadata.py changes

* Add tests for  metadata changes.
@ludoch @gcf-owl-bot @parthea
add env var (#2)
f8007f2 
* chore(python): update dependencies in /.kokoro (googleapis#1499)

Source-Link: googleapis/synthtool@db94845
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:a8a80fc6456e433df53fc2a0d72ca0345db0ddefb409f1b75b118dfd1babd952

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>

* Add a test with new _metadata.py changes

* Add tests for  metadata changes.

* chore(python): bump idna from 3.4 to 3.7 in .kokoro (googleapis#1517)

Source-Link: googleapis/synthtool@d50980e
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:5a4c19d17e597b92d786e569be101e636c9c2817731f80a5adec56b2aa8fe070

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>

* Update environment_vars.py

---------

Co-authored-by: gcf-owl-bot[bot] <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
@arithmetic1728 arithmetic1728 mentioned this pull request Apr 13, 2024
Closed
@0x2b3bfa0 0x2b3bfa0 mentioned this pull request Oct 17, 2024
Merged
@chalmerlowe chalmerlowe requested a review from a team as a code owner January 8, 2026 14:43
@chalmerlowe chalmerlowe self-assigned this Jan 8, 2026
chalmerlowe added a commit that referenced this pull request Jan 9, 2026
@0x2b3bfa0 @parthea @chalmerlowe
feat: honor NO_GCE_CHECK environment variable (#1610)
383c982 
Currently, `google.auth.default()` always attempts to authenticate using
the Google Compute Engine (GCE) metadata service as a fallback. There is
no easy way to prevent this behavior, leading to unnecessary delays and
unhelpful exceptions, particularly in cases where GCE-based
authentication is pointless or undesired.

This pull request introduces a `NO_GCE_CHECK` environment variable,
allowing users to explicitly skip GCE metadata service authentication.
This implementation mirrors `NO_GCE_CHECK` in
[googleapis/google-auth-library-java](https://github.com/googleapis/google-auth-library-java/blob/f154edb3d8503d29f0020b6904dfa40e034ded93/README.md?plain=1#L106-L119):

> _The following are searched (in order) to find the Application Default
Credentials:_
>
> [...]
>
> 5. Google Compute Engine built-in credentials
> - Skip this check by setting the environment variable
`NO_GCE_CHECK=true`

> [!NOTE]
> Other clouds also provide similar environment variables, such as
`AWS_EC2_METADATA_DISABLED` on AWS.

This change is also tangentially related to the following pull requests:
- #1488
- #1481

---------

Co-authored-by: Anthonios Partheniou <partheniou@google.com>
Co-authored-by: Chalmer Lowe <chalmerlowe@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@estrellis estrellis estrellis left review comments

@clundin25 clundin25 clundin25 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@chalmerlowe chalmerlowe

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ludoch @estrellis @clundin25 @chalmerlowe