Skip to content

fix(auth): Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration #1880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Dec 4, 2025
Merged

fix(auth): Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration #1880

merged 7 commits into from
Dec 4, 2025

Conversation

@andyrzhao
Copy link
Contributor

@andyrzhao andyrzhao commented Dec 2, 2025
edited
Loading

This patch adds a fallback logic to look for Cloud Run cert/keys in the well-known location if the cert config contains the exact incorrect cert/key paths AND the incorrect cert/key paths point to non-existent files.

Note: This patch will be reverted sometime in Jan 2026, after Cloud Run environment is updated with the correct cert configs. The revert will be tracked by #1881

@andyrzhao andyrzhao requested review from a team as code owners December 2, 2025 05:57
nbayati
nbayati previously approved these changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@nbayati nbayati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

yaoliugg added a commit to yaoliugg/google-auth-library-python that referenced this pull request Dec 3, 2025
@yaoliugg
Merge Andy's PR googleapis#1880
40ded25
daniel-sanche
daniel-sanche reviewed Dec 3, 2025
View reviewed changes
google/auth/transport/_mtls_helper.py
)
key_path = workload["key_path"]

# == BEGIN Temporary Cloud Run PATCH ==
Copy link
Collaborator

@daniel-sanche daniel-sanche Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a TODO: string somewhere giving some context, and letting us know how and when the patch can be removed. Maybe add a link to this PR or a bug too (is there a tracking bug that will be resolved when this can be removed?

Copy link
Contributor Author

@andyrzhao andyrzhao Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created a github issue to track this at #1881 and assigned it to myself. Included this in the comments.

@daniel-sanche daniel-sanche enabled auto-merge (squash) December 4, 2025 22:03
@daniel-sanche daniel-sanche merged commit 78de790 into googleapis:main Dec 4, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-sanche daniel-sanche daniel-sanche approved these changes

@nbayati nbayati nbayati left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andyrzhao @daniel-sanche @nbayati