Skip to content

feat: Update Regional Access Boundaries#8099

Open
vverman wants to merge 2 commits intogoogleapis:regional-access-boundariesfrom
vverman:regional-access-boundaries
Open

feat: Update Regional Access Boundaries#8099
vverman wants to merge 2 commits intogoogleapis:regional-access-boundariesfrom
vverman:regional-access-boundaries

Conversation

@vverman
Copy link
Copy Markdown
Contributor

@vverman vverman commented Apr 22, 2026

Following are the salient fixes:

  1. Environment variable gate for RAB refresh has been removed.

  2. RAB lookup endpoints have been fixed (previously they were pointing to staging)

  3. Tests fixed.

@vverman vverman requested a review from a team as a code owner April 22, 2026 22:01
@vverman vverman requested review from nbayati and pearigee April 22, 2026 22:02
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request promotes the Regional Access Boundary (RAB) feature to a permanent state by removing experimental flags and updating lookup endpoints to production. Feedback highlights potential breaking changes resulting from the removal of public API members, suggesting the use of deprecation instead to maintain backward compatibility. Additionally, several test files were flagged for Sinon sandbox re-assignments in nested hooks, which can lead to resource leaks and test interference.

I am having trouble creating individual review comments. Click here to see my feedback.

core/packages/google-auth-library-nodejs/src/auth/authclient.ts (240)

medium

Removing the regionalAccessBoundaryEnabled property from the AuthClient class is a breaking change for consumers who might be relying on this public property. Since this is a library, it is recommended to keep the property and mark it as @deprecated to maintain backward compatibility.

  /** @deprecated This feature is now always enabled. */
  regionalAccessBoundaryEnabled = true;

core/packages/google-auth-library-nodejs/src/auth/regionalaccessboundary.ts (66-77)

medium

Removing the exported function isRegionalAccessBoundaryEnabled is a breaking change for external consumers. To maintain backward compatibility, consider keeping the function as deprecated and having it return true now that the feature is always enabled.

/** @deprecated This feature is now always enabled. */
export function isRegionalAccessBoundaryEnabled() {
  return true;
}

core/packages/google-auth-library-nodejs/test/test.compute.ts (310-315)

medium

Re-assigning the sandbox variable in this nested beforeEach block overwrites the reference to the sandbox created in the outer scope. This leads to a leak because the outer afterEach will only restore the new sandbox instance, leaving the original one's stubs active. You should use the existing sandbox instead of creating a new one here.

    beforeEach(() => {
      (
        Compute.prototype.getRegionalAccessBoundaryUrl as sinon.SinonStub
      ).restore();
    });

core/packages/google-auth-library-nodejs/test/test.jwt.ts (1281-1284)

medium

Similar to other test files, re-assigning the sandbox variable here causes a leak of the outer sandbox instance. Use the existing sandbox to restore the prototype method.

    beforeEach(() => {
      (JWT.prototype.getRegionalAccessBoundaryUrl as sinon.SinonStub).restore();
    });

core/packages/google-auth-library-nodejs/test/test.impersonated.ts (630-635)

medium

Re-assigning the sandbox variable here causes a leak of the outer sandbox instance. Use the existing sandbox to restore the prototype method.

    beforeEach(() => {
      (
        Impersonated.prototype.getRegionalAccessBoundaryUrl as sinon.SinonStub
      ).restore();
    });

…pute.ts, test.jwt.ts, and test.impersonated.ts.
@vverman
Copy link
Copy Markdown
Contributor Author

vverman commented Apr 22, 2026

Duplicate sinon.createSandBox comment by gemini has been addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant