Determine this is the right repository
Summary of the issue
Context
google-auth 2.55+ enable a new additional round trip call to:
https://iamcredentials.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/allowedLocations
Expected Behavior:
Ability to turn this off for environments using service accounts and not RAB.
Actual Behavior:
The check is always on and cannot be disabled without modifying private functions.
API client name and version
google-auth
Reproduction steps: code
file: main.py
import http.client
import google.auth
from google.auth.transport.requests import AuthorizedSession
http.client.HTTPConnection.debuglevel = 1
credentials, _ = google.auth.default(scopes='https://www.googleapis.com/auth/cloud-platform')
session = AuthorizedSession(credentials)
session.get('https://cloudresourcemanager.googleapis.com/v3/projects')
Reproduction steps: supporting files
Repro requires google-auth 2.55+
Reproduction steps: actual results
Observe: developer sees an unexpected and unnecessary request to:
https://iamcredentials.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/allowedLocations
and a 4xx/5xx response. This is confusing to developers (what's failing here? Why am I suddenly getting API errors?)
Reproduction steps: expected results
No extra API calls I didn't ask for.
A suitable alternative would be ability to turn these extraneous unwanted API calls off with a public setting rather than this hack:
credentials._is_regional_access_boundary_lookup_required = lambda: False
OS & version + platform
Windows, Linux, macOS
Python environment
3.11+
Python dependencies
None
Additional context
google-auth is used for many projects outside Google Cloud such as Google Workspace, Chrome, etc. Please remember and do testing in these environments.
Determine this is the right repository
Summary of the issue
Context
google-auth 2.55+ enable a new additional round trip call to:
Expected Behavior:
Ability to turn this off for environments using service accounts and not RAB.
Actual Behavior:
The check is always on and cannot be disabled without modifying private functions.
API client name and version
google-auth
Reproduction steps: code
file: main.py
Reproduction steps: supporting files
Repro requires google-auth 2.55+
Reproduction steps: actual results
Observe: developer sees an unexpected and unnecessary request to:
https://iamcredentials.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/allowedLocations
and a 4xx/5xx response. This is confusing to developers (what's failing here? Why am I suddenly getting API errors?)
Reproduction steps: expected results
No extra API calls I didn't ask for.
A suitable alternative would be ability to turn these extraneous unwanted API calls off with a public setting rather than this hack:
OS & version + platform
Windows, Linux, macOS
Python environment
3.11+
Python dependencies
None
Additional context
google-auth is used for many projects outside Google Cloud such as Google Workspace, Chrome, etc. Please remember and do testing in these environments.