java-docs-samples icon indicating copy to clipboard operation
java-docs-samples copied to clipboard
verified publisher icon GoogleCloudPlatform

feat: Custom Credential Supplier Documentation

Open vverman opened this issue 2 months ago • 2 comments

Description

Adding documentation for Custom Credential Suppliers.

Custom Credential Suppliers enable developers to securely integrate third-party authentication directly into the Google Cloud SDKs. Custom Credential Suppliers are primarily used to handle authentication in non-standard cloud environments.

The design and scopes for this are documented under this design doc

Checklist

  • [x] I have followed Sample Format Guide
  • [x] pom.xml parent set to latest shared-configuration
  • [x] Appropriate changes to README are included in PR
  • [ ] These samples need a new API enabled in testing projects to pass (let us know which ones)
  • [x] These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
  • [x] Tests pass: mvn clean verify required
  • [x] Lint passes: mvn -P lint checkstyle:check required
  • [ ] Static Analysis: mvn -P lint clean compile pmd:cpd-check spotbugs:check advisory only
  • [ ] This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
  • [ ] This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
  • [ ] Please merge this PR for me once it is approved

These tests will safely skip if the env variables aren't provided.

For the aws custom credential supplier, we need: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, GCP_WORKLOAD_AUDIENCE, GCS_BUCKET_NAME. Please refer to the ‎auth/README.md under custom credential suppliers for AWS.

For the okta custom credential supplier, we need: OKTA_DOMAIN, OKTA_CLIENT_ID, OKTA_CLIENT_SECRET, GCP_WORKLOAD_AUDIENCE, GCS_BUCKET_NAME. Please refer to the auth/README.md under custom credential suppliers for Okta.

vverman avatar Nov 16 '25 00:11 vverman

Here is the summary of changes.

You are about to add 4 region tags.

This comment is generated by snippet-bot. If you find problems with this result, please file an issue at: https://github.com/googleapis/repo-automation-bots/issues. To update this comment, add snippet-bot:force-run label or use the checkbox below:

  • [ ] Refresh this comment

snippet-bot[bot] avatar Nov 16 '25 00:11 snippet-bot[bot]

Summary of Changes

Hello @vverman, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the authentication capabilities of the Google Cloud SDKs by introducing documentation and functional code samples for Custom Credential Suppliers. This feature allows developers to seamlessly integrate third-party identity providers, such as Okta and AWS, with Google Cloud Workload Identity Federation, which is crucial for hybrid or multi-cloud environments where standard authentication methods may not apply. The changes provide clear guidance and practical examples for setting up and utilizing these custom authentication flows.

Highlights

  • New Documentation for Custom Credential Suppliers: Added a new section to auth/README.md detailing how to use custom credential suppliers for external authentication with Google Cloud SDKs, specifically for Okta and AWS.
  • Okta Custom Credential Supplier Sample: Introduced CustomCredentialSupplierOktaWorkload.java and its corresponding test, demonstrating how to use a custom IdentityPoolSubjectTokenSupplier to fetch an OIDC token from Okta and exchange it for Google Cloud credentials.
  • AWS Custom Credential Supplier Sample: Added CustomCredentialSupplierAwsWorkload.java and its test, showcasing how to use the AWS SDK for Java (v2) as a custom AwsSecurityCredentialsSupplier to bridge AWS credentials to Google Cloud Workload Identity.
  • Dependency Updates: The auth/pom.xml was updated to a newer shared-configuration parent version (1.2.2) and now includes necessary AWS SDK (v2) dependencies (bom, auth, regions) to support the new AWS integration.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with :thumbsup: and :thumbsdown: on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

[^1]: Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot] avatar Nov 16 '25 00:11 gemini-code-assist[bot]