fix(storage): add env var to allow disabling bound token#13236
fix(storage): add env var to allow disabling bound token#13236tritone merged 2 commits intogoogleapis:mainfrom
Conversation
product-auto-label
bot
added
the
api: storage
Summary of ChangesHello @rockspore, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the flexibility of the storage gRPC client by allowing the disabling of hard-bound tokens for ALTS via an environment variable. This change provides an escape hatch for scenarios where bound tokens might interfere with specific deployment environments or configurations, ensuring broader compatibility without removing the default security feature. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
rockspore
force-pushed
the
bound-token-env-var
branch
from
ffbf22a to
ae7c179
Compare
rockspore
changed the title
rockspore
force-pushed
the
bound-token-env-var
branch
from
ae7c179 to
1e67c5f
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces an environment variable GCS_DISABLE_DIRECTPATH_BOUND_TOKEN to allow disabling bound tokens for DirectPath. The implementation is straightforward, but I've suggested an improvement to handle potential user errors by logging a warning for invalid boolean values. This will improve debuggability for users of this feature.
PR created by the Librarian CLI to initialize a release. Merging this PR will auto trigger a release. Librarian Version: v0.6.0 Language Image: us-central1-docker.pkg.dev/cloud-sdk-librarian-prod/images-prod/librarian-go@sha256:718167d5c23ed389b41f617b3a00ac839bdd938a6bd2d48ae0c2f1fa51ab1c3d <details><summary>storage: 1.57.2</summary> ## [1.57.2](storage/v1.57.1...storage/v1.57.2) (2025-11-14) ### Features ### Bug Fixes * Handle redirect on takeover. (#13354) ([b0f1362](b0f13626)) * add env var to allow disabling bound token (#13236) ([cdaf6a6](cdaf6a6d)) ### Documentation * updates to docs and docs formatting (PiperOrigin-RevId: 828488192) ([93ca68d](93ca68d5)) </details>
2 participants
Inspired by #13153.
The token issuing side is still behind so hopefully it's not too late to add this knob out of extra caution. Users will be able to use it to turn off this flow if anything goes wrong.
@tritone Sorry for not doing this sooner. Would you mind taking a look?