Skip to content

feat: Regional access boundaries#12766

Closed
vverman wants to merge 3 commits intogoogleapis:mainfrom
vverman:regional-access-boundaries
Closed

feat: Regional access boundaries#12766
vverman wants to merge 3 commits intogoogleapis:mainfrom
vverman:regional-access-boundaries

Conversation

@vverman
Copy link
Copy Markdown
Contributor

@vverman vverman commented Apr 11, 2026

Contains changes for the feature Regional Access Boundary (Previously Called Trust Boundaries).

The following are salient changes:

  • Calls to refresh RAB are now all async and in a separate thread, we use the Executor pattern here.
  • Logic for refreshing RAB now exists in its own class for cleaner maintenance.
  • Self-signed jwts are within scope.
  • Changes to how we trigger RAB refresh and deal with refresh errors.
  • The env. variable gate for RAB has been removed.

@vverman vverman requested review from a team as code owners April 11, 2026 03:10
@vverman vverman changed the title Regional access boundaries feat: Regional access boundaries Apr 11, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for Regional Access Boundaries (RAB) across various credential types, including Compute Engine, External Account, and Service Account credentials. It adds a RegionalAccessBoundaryManager to handle the asynchronous fetching, caching, and cooldown logic for RAB data, which is then included as an x-allowed-locations header in outgoing requests. Feedback includes removing unnecessary .rej files from the repository, replacing an unbounded thread pool with a bounded one for safety, and simplifying the logic for adding quota project IDs to request metadata.

@vverman vverman requested review from lqiu96 and nbayati April 13, 2026 21:23
@vverman
Copy link
Copy Markdown
Contributor Author

vverman commented Apr 13, 2026

Closing this one out. Will open a PR to bring the lib upto speed with previous lib's RAB changes.

Will open another PR for RAB env variable gate removal and using executor.

@vverman vverman closed this Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lqiu96 lqiu96 Awaiting requested review from lqiu96

@nbayati nbayati Awaiting requested review from nbayati

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vverman