google-auth-library-python icon indicating copy to clipboard operation
google-auth-library-python copied to clipboard

Published 20 hours ago verified publisher icon googleapis

feat: honor `NO_GCE_CHECK` environment variable

Open 0x2b3bfa0 opened this issue 1 year ago • 1 comments

Currently, google.auth.default() always attempts to authenticate using the Google Compute Engine (GCE) metadata service as a fallback. There is no easy way to prevent this behavior, leading to unnecessary delays and unhelpful exceptions, particularly in cases where GCE-based authentication is pointless or undesired.

This pull request introduces a NO_GCE_CHECK environment variable, allowing users to explicitly skip GCE metadata service authentication. This implementation mirrors NO_GCE_CHECK in googleapis/google-auth-library-java:

The following are searched (in order) to find the Application Default Credentials:

[...]

  1. Google Compute Engine built-in credentials
    • Skip this check by setting the environment variable NO_GCE_CHECK=true

[!NOTE] Other clouds also provide similar environment variables, such as AWS_EC2_METADATA_DISABLED on AWS.

This change is also tangentially related to the following pull requests:

  • https://github.com/googleapis/google-auth-library-python/pull/1488
  • https://github.com/googleapis/google-auth-library-python/pull/1481

0x2b3bfa0 avatar Oct 17 '24 02:10 0x2b3bfa0