Implement updated design changes for RAB

[nbayati]

Make the fetching async and non blocking.
Provide a method for manual override.
Implement proactive refresh every 6 hours.
Implement automatic recovery if api request fails due to stale regional boundary. Remove no-op signal and checks.
Refactor to Regional Access Boundary name.

[gemini-code-assist]

Summary of Changes

Hello @nbayati, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant architectural update to how regional access boundaries (RAB) are managed within the authentication library. The previous synchronous 'trust boundary' mechanism has been replaced with a more resilient and performant asynchronous system. This new design ensures that RAB information is fetched in the background, proactively refreshed, and automatically recovered in case of failures, thereby improving the overall reliability and user experience without blocking application execution.

Highlights

• Refactoring and Renaming: The concept of 'Trust Boundary' has been comprehensively refactored and renamed to 'Regional Access Boundary' (RAB) across the codebase for improved clarity and consistency.
• Asynchronous and Non-Blocking Fetching: Implemented asynchronous and non-blocking fetching of RAB information utilizing a dedicated background refresh thread, preventing UI freezes and improving responsiveness.
• Manual Override Capability: A new with_regional_access_boundary method has been introduced, allowing developers to manually provide and cache RAB data, bypassing the initial asynchronous lookup.
• Proactive Refresh Mechanism: RAB information is now proactively refreshed every 6 hours in the background to ensure its freshness and prevent the use of stale data.
• Automatic Recovery from Stale RAB Errors: An automatic recovery mechanism has been implemented to detect stale RAB errors (HTTP 406 status code) and trigger an immediate background refresh with exponential backoff, followed by a retry of the original request.
• Simplified Logic: The previous 'no-op' trust boundary signals and their associated checks have been removed, streamlining the RAB management logic.

Changelog

• google/auth/_constants.py
  • Renamed endpoint constants from _TRUST_BOUNDARY_LOOKUP_ENDPOINT to _REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.
  • Removed universe_domain from the endpoint format string, hardcoding it to googleapis.com.
• google/auth/_helpers.py
  • Modified get_bool_from_env to simplify boolean parsing; any non-'true'/'1' value (or unset) is now considered false, and the InvalidValue exception for invalid inputs has been removed.
• google/auth/_regional_access_boundary_utils.py
  • Added a new utility file containing _RegionalAccessBoundaryRefreshThread for background RAB lookups and _RegionalAccessBoundaryRefreshManager to manage refresh threads, defining default TTL and exponential cooldown periods.
• google/auth/compute_engine/credentials.py
  • Updated the base class to CredentialsWithRegionalAccessBoundary.
  • Removed trust_boundary parameters from the constructor and copy methods.
  • Refactored the RAB lookup URL building to log errors and return None on failure instead of raising exceptions.
  • Introduced a _make_copy method to encapsulate credential copying logic and ensure RAB state is copied.
• google/auth/credentials.py
  • Renamed CredentialsWithTrustBoundary to CredentialsWithRegionalAccessBoundary.
  • Introduced core RAB management logic, including with_regional_access_boundary for manual override, handle_stale_regional_access_boundary for automatic recovery, and _maybe_start_regional_access_boundary_refresh for proactive background refreshes.
  • Updated apply, before_request, and refresh methods to integrate with the new asynchronous RAB system.
  • Removed NO_OP_TRUST_BOUNDARY_LOCATIONS and NO_OP_TRUST_BOUNDARY_ENCODED_LOCATIONS constants, simplifying RAB state handling.
• google/auth/external_account.py
  • Adapted to the new CredentialsWithRegionalAccessBoundary base class.
  • Removed trust_boundary parameters from constructors and copy methods.
  • Updated from_info to support regional_access_boundary configuration.
  • Removed explicit _handle_trust_boundary logic from the refresh method.
• google/auth/external_account_authorized_user.py
  • Applied similar updates as external_account.py for authorized user credentials, including base class change and regional_access_boundary support in from_info.
• google/auth/identity_pool.py
  • Removed the explicit call to self._handle_trust_boundary(request) from the refresh method, as RAB management is now handled by the CredentialsWithRegionalAccessBoundary base class.
• google/auth/impersonated_credentials.py
  • Updated to use CredentialsWithRegionalAccessBoundary.
  • Renamed RAB endpoint constants.
  • Modified RAB URL building to log errors and return None instead of raising ValueError.
  • Adapted from_impersonated_service_account_info for regional_access_boundary configuration.
• google/auth/transport/requests.py
  • Implemented _is_stale_regional_access_boundary_error to detect HTTP 406 responses indicating a stale RAB.
  • Added retry logic to the request method that automatically clears the cached boundary and re-attempts the request once if a stale RAB error is detected.
• google/oauth2/_client.py
  • Renamed trust boundary lookup functions to regional access boundary (e.g., _lookup_trust_boundary to _lookup_regional_access_boundary).
  • Enhanced RAB lookup robustness by logging errors and returning None on failure instead of raising exceptions.
  • Increased exponential backoff retry attempts to 6 for RAB lookups.
  • Added HTTP 502 (Bad Gateway) as a retryable error for RAB lookups.
• google/oauth2/service_account.py
  • Updated to use CredentialsWithRegionalAccessBoundary.
  • Removed trust_boundary parameters from constructors.
  • Integrated regional_access_boundary support into _from_signer_and_info.

Activity

• The pull request implements a comprehensive set of design changes for Regional Access Boundary (RAB) handling.
• It introduces asynchronous fetching, proactive refreshing, and automatic recovery mechanisms for RAB.
• The changes involve significant refactoring of existing trust boundary logic and the addition of new utility components.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant and well-executed refactoring of the trust boundary mechanism, renaming it to Regional Access Boundary (RAB) and overhauling its implementation. The changes make the fetching of RAB information asynchronous and non-blocking, which is a great improvement for performance and responsiveness. The introduction of automatic recovery for stale boundaries, proactive refreshing, and a manual override method makes the feature more robust and flexible. The code is well-structured, particularly with the new _regional_access_boundary_utils.py file encapsulating the async logic. I've found one critical issue that needs to be addressed, but otherwise, the changes are excellent.

[gemini-code-assist]

The .format() call is using a positional argument, but the format string _SERVICE_ACCOUNT_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT uses a named placeholder {service_account_email}. This will raise a KeyError at runtime. You should use a keyword argument here to match the placeholder name.

Suggested change

	_constants._SERVICE_ACCOUNT_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.format(
	self.service_account_email
	)
	_constants._SERVICE_ACCOUNT_REGIONAL_ACCESS_BOUNDARY_LOOKUP_ENDPOINT.format(
	service_account_email=self.service_account_email
	)