fix minor issues

Author: nbayati

google/auth/_regional_access_boundary_utils.py

@@ -22,6 +22,7 @@ class _RegionalAccessBoundaryRefreshThread(threading.Thread):
 
     def __init__(self, credentials, request):
         super(_RegionalAccessBoundaryRefreshThread, self).__init__()
+        self.daemon = True
         self._credentials = credentials
         self._request = request
 
@@ -63,15 +64,16 @@ def run(self):
                     _LOGGER.warning(
                         "Asynchronous Regional Access Boundary lookup failed. Entering cooldown."
                     )
+                self._credentials._regional_access_boundary_cooldown_expiry = (
+                    _helpers.utcnow()
+                    + self._credentials._current_rab_cooldown_duration
+                )
                 new_cooldown_duration = (
                     self._credentials._current_rab_cooldown_duration * 2
                 )
                 self._credentials._current_rab_cooldown_duration = min(
                     new_cooldown_duration, MAX_REGIONAL_ACCESS_BOUNDARY_COOLDOWN
                 )
-                self._credentials._regional_access_boundary_cooldown_expiry = (
-                    _helpers.utcnow() + self._credentials._current_rab_cooldown_duration
-                )
                 # If the proactive refresh failed, clear any existing expired RAB data.
                 # This ensures we don't continue using stale data.
                 self._credentials._regional_access_boundary = None

google/auth/compute_engine/credentials.py

@@ -172,7 +172,7 @@ def _build_regional_access_boundary_lookup_url(self):
 
         return (
             _constants._SERVICE_ACCOUNT_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.format(
-                self.service_account_email
+                service_account_email=self.service_account_email
             )
         )
 

google/auth/credentials.py

@@ -545,10 +545,6 @@ def _build_regional_access_boundary_lookup_url(self):
         )
 
 
-# For backward compatibility.
-CredentialsWithTrustBoundary = CredentialsWithRegionalAccessBoundary
-
-
 class AnonymousCredentials(Credentials):
     """Credentials that do not provide any authentication information.
 

google/auth/impersonated_credentials.py

@@ -39,6 +39,7 @@
 from google.auth import iam
 from google.auth import jwt
 from google.auth import metrics
+from google.auth import _constants
 from google.oauth2 import _client
 
 import logging
@@ -50,9 +51,7 @@
 _DEFAULT_TOKEN_LIFETIME_SECS = 3600  # 1 hour in seconds
 
 _GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token"
-_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT = (
-    "https://iamcredentials.{}/v1/projects/-/serviceAccounts/{}/allowedLocations"
-)
+
 
 _SOURCE_CREDENTIAL_AUTHORIZED_USER_TYPE = "authorized_user"
 _SOURCE_CREDENTIAL_SERVICE_ACCOUNT_TYPE = "service_account"
@@ -361,8 +360,8 @@ def _build_regional_access_boundary_lookup_url(self):
                 "Service account email is required to build the Regional Access Boundary lookup URL for impersonated credentials."
             )
             return None
-        return _REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.format(
-            self.universe_domain, self.service_account_email
+        return _constants._SERVICE_ACCOUNT_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.format(
+            service_account_email=self.service_account_email
         )
 
     def sign_bytes(self, message):