From 0daaa93f77aeb31dd92de58ed0c565a84270543a Mon Sep 17 00:00:00 2001 From: Luwei Ge Date: Wed, 15 Oct 2025 21:34:03 +0000 Subject: [PATCH 1/2] feat(bigtable): enable ALTS hard bound token in Bigtable w/ direct access --- bigtable/bigtable.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigtable/bigtable.go b/bigtable/bigtable.go index 76da487497bd..a54fa96614e5 100644 --- a/bigtable/bigtable.go +++ b/bigtable/bigtable.go @@ -143,7 +143,7 @@ func NewClientWithConfig(ctx context.Context, project, instance string, config C enableDirectAccess, _ := strconv.ParseBool(os.Getenv("CBT_ENABLE_DIRECTPATH")) if enableDirectAccess { - o = append(o, internaloption.EnableDirectPath(true), internaloption.EnableDirectPathXds()) + o = append(o, internaloption.EnableDirectPath(true), internaloption.EnableDirectPathXds(), internaloption.AllowHardBoundTokens("ALTS")) } // Allow non-default service account in DirectPath. From 7ee185155b0a1947cd6696a86b5b94194d243cde Mon Sep 17 00:00:00 2001 From: Luwei Ge Date: Fri, 17 Oct 2025 22:18:27 +0000 Subject: [PATCH 2/2] add env var to allow disabling bound token --- bigtable/bigtable.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bigtable/bigtable.go b/bigtable/bigtable.go index a54fa96614e5..ecb9b84aac95 100644 --- a/bigtable/bigtable.go +++ b/bigtable/bigtable.go @@ -143,7 +143,10 @@ func NewClientWithConfig(ctx context.Context, project, instance string, config C enableDirectAccess, _ := strconv.ParseBool(os.Getenv("CBT_ENABLE_DIRECTPATH")) if enableDirectAccess { - o = append(o, internaloption.EnableDirectPath(true), internaloption.EnableDirectPathXds(), internaloption.AllowHardBoundTokens("ALTS")) + o = append(o, internaloption.EnableDirectPath(true), internaloption.EnableDirectPathXds()) + if disableBoundToken, _ := strconv.ParseBool(os.Getenv("CBT_DISABLE_DIRECTPATH_BOUND_TOKEN")); !disableBoundToken { + o = append(o, internaloption.AllowHardBoundTokens("ALTS")) + } } // Allow non-default service account in DirectPath.