Skip to content

fix google-auth: use auth.transport.requests as default #16076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
uweber wants to merge 1 commit into
base: main
Choose a base branch
from
+5 −5
Open

fix google-auth: use auth.transport.requests as default #16076

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions packages/google-auth/google/auth/_default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@

from google.auth import environment_vars
from google.auth import exceptions
import google.auth.transport._http_client

if TYPE_CHECKING: # pragma: NO COVER
from google.auth.credentials import Credentials # noqa: F401
Expand Down Expand Up @@ -391,21 +390,22 @@ def _get_gae_credentials():
def _get_gce_credentials(request=None, quota_project_id=None):
"""Gets credentials and project ID from the GCE Metadata Service."""
# Ping requires a transport, but we want application default credentials
# to require no arguments. So, we'll use the _http_client transport which
# uses http.client. This is only acceptable because the metadata server
# doesn't do SSL and never requires proxies.
# to require no arguments.
# MDS connections use mTLS (#1856), which has a hard requirement for requests,
# so we cant use http.client

# While this library is normally bundled with compute_engine, there are
# some cases where it's not available, so we tolerate ImportError.
try:
from google.auth import compute_engine
from google.auth.compute_engine import _metadata
from google.auth.transport.requests import Request
except ImportError:
_LOGGER.warning("Import of Compute Engine auth library failed.")
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The ImportError block now handles potential failures from importing google.auth.transport.requests.Request in addition to compute_engine and _metadata. If the underlying requests library is missing, the current warning message "Import of Compute Engine auth library failed." might be misleading. Consider making the warning message more general to accurately reflect that multiple authentication-related libraries could have failed to import, which would aid in debugging.

_LOGGER.warning("Failed to import necessary authentication libraries for GCE.")

return None, None

if request is None:
request = google.auth.transport._http_client.Request()
request = Request()

if _metadata.is_on_gce(request=request):
# Get the project ID.
Expand Down
Loading