Skip to content

feat(auth): Regional access boundaries main merge#8665

Open
vverman wants to merge 4 commits into
googleapis:mainfrom
vverman:regional-access-boundaries-main-merge
Open

feat(auth): Regional access boundaries main merge#8665
vverman wants to merge 4 commits into
googleapis:mainfrom
vverman:regional-access-boundaries-main-merge

Conversation

@vverman

@vverman vverman commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

The Regional Access Boundaries PR to main. Contains all the changes merged to the feature branch rebased on top of main.

P.S. Opening the PR directly to main as feature branch regional-access-boundaries has drifted from main and opening a rebased-PR to the feature branch shows 10k+ files changed.

vverman added 3 commits June 16, 2026 17:37
@vverman
feat: Regional Access Boundary Migration. (googleapis#8043)
9cbebcc
@vverman
feat: Update Regional Access Boundaries (googleapis#8099)
07c8a5b 
* RAB endpoints changed from staging to prod; Removed RAB env variable gate; updated tests.

* removed sinon.createSandbox from nested beforeEach blocks in test.compute.ts, test.jwt.ts, and test.impersonated.ts.
@vverman
feat(auth): Skip RAB lookup if MDS returns a non-email. (googleapis#8440
9b490cf 
)

* feat(auth): Skip RAB lookup if MDS returns a non-email.

* Added logic to skip MDS calls in case non-email is returned. Added tests.

* Added email regex as a const.

* Simplified logic.
@vverman vverman requested a review from a team as a code owner June 17, 2026 00:44
@vverman vverman requested review from feywind and nbayati June 17, 2026 00:46
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 17, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for Regional Access Boundaries (RAB) across various authentication clients in the Google Auth Library for Node.js. It adds a RegionalAccessBoundaryManager to manage, fetch, and cache allowed locations, applying the x-allowed-locations header to outgoing requests while excluding ID token flows. It also updates utility functions, TypeScript configurations, and adds extensive test coverage. The review comments identify several critical improvement opportunities and robustness issues. Key feedback includes caching the resolved lookup URL to prevent redundant checks, adding defensive checks to avoid runtime TypeError crashes when parsing audience or handling null/undefined credentials and regionalAccessBoundaryData, and handling cases where serviceAccountEmail is falsy to prevent malformed lookup URLs.

Comment thread core/packages/google-auth-library-nodejs/src/auth/regionalaccessboundary.ts
Comment thread core/packages/google-auth-library-nodejs/src/auth/regionalaccessboundary.ts
Comment thread core/packages/google-auth-library-nodejs/src/auth/regionalaccessboundary.ts Outdated
Comment thread core/packages/google-auth-library-nodejs/src/util.ts
Comment thread core/packages/google-auth-library-nodejs/src/util.ts
Comment thread core/packages/google-auth-library-nodejs/src/auth/regionalaccessboundary.ts Outdated
Comment thread core/packages/google-auth-library-nodejs/src/auth/computeclient.ts
Comment thread core/packages/google-auth-library-nodejs/src/auth/authclient.ts
@shivanee-p shivanee-p requested review from a team and removed request for a team, feywind and nbayati June 18, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vverman