Skip to content

chore(auth): Address remaining Regional Access Boundary feedback#12867

Merged
vverman merged 11 commits intogoogleapis:regional-access-boundariesfrom
vverman:rab-clean
May 8, 2026
Merged

chore(auth): Address remaining Regional Access Boundary feedback#12867
vverman merged 11 commits intogoogleapis:regional-access-boundariesfrom
vverman:rab-clean

Conversation

@vverman
Copy link
Copy Markdown
Contributor

@vverman vverman commented Apr 20, 2026

  1. The RAB refresh uses a direct executor with a fixed thread pool as opposed to instantiating a new thread each time.

  2. The RAB env gate -> GOOGLE_AUTH_TRUST_BOUNDARY_ENABLE_EXPERIMENT has been removed. This means RAB refresh triggers by default.

  3. Added other fixes/suggestions made in the previous Java PR.

@vverman vverman requested review from a team as code owners April 20, 2026 22:06
@vverman vverman requested review from lqiu96 and nbayati April 20, 2026 22:08
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the RegionalAccessBoundary and RegionalAccessBoundaryManager classes to improve resource management and testability. Key changes include replacing environment-variable-based feature toggling with a ThreadLocal mechanism for tests, migrating from manual thread creation to a bounded ExecutorService for asynchronous refresh tasks to prevent resource exhaustion, and ensuring HTTP responses are properly disconnected in a finally block. Additionally, the test suite has been migrated to JUnit 5, and several tests were cleaned up by removing deprecated environment provider mocks. I have no feedback to provide.

@vverman vverman changed the title feat: Update Regional Access Boundary feat(auth): Update Regional Access Boundary Apr 22, 2026
@lqiu96 lqiu96 changed the title feat(auth): Update Regional Access Boundary chore(auth): Address remaining Regional Access Boundary feedback Apr 23, 2026
@lqiu96
Copy link
Copy Markdown
Member

lqiu96 commented Apr 23, 2026

@vverman The sdk-platform-java-ci CI issues are not relevant for this PR (existing issues as part of the monorepo migration).

PTAL at the conventialcommit CI complaints: https://github.com/googleapis/google-cloud-java/pull/12867/checks?check_run_id=72739487063

@vverman
Copy link
Copy Markdown
Contributor Author

vverman commented Apr 24, 2026

Conventional commits addressed.

@vverman vverman requested a review from lqiu96 April 24, 2026 19:45
lqiu96
lqiu96 approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM overall. Added a few comments if you could take a look. I'm not entirely sure what the DISABLE_RAB_TESTS_ENV is for

lsirac
lsirac reviewed Apr 25, 2026
View reviewed changes
Comment thread google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundary.java
Comment thread ...auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundaryManager.java Outdated
Comment thread google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundary.java Outdated
Comment thread google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundary.java Outdated
@vverman
Copy link
Copy Markdown
Contributor Author

vverman commented May 1, 2026

Added per-test disablement of RAB refresh and bounded queue.

@vverman vverman requested review from lqiu96 and lsirac May 1, 2026 21:32
lsirac
lsirac requested changes May 2, 2026
View reviewed changes
Comment thread ...auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundaryManager.java Outdated
Comment thread google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/LoggingTest.java Outdated
Comment thread ...th-library-java/oauth2_http/javatests/com/google/auth/oauth2/RegionalAccessBoundaryTest.java
@vverman vverman requested a review from lsirac May 3, 2026 07:59
lsirac
lsirac reviewed May 4, 2026
View reviewed changes
Comment thread google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/LoggingTest.java Outdated
lqiu96
lqiu96 reviewed May 4, 2026
View reviewed changes
Comment thread google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/RegionalAccessBoundary.java Outdated
lqiu96
lqiu96 reviewed May 4, 2026
View reviewed changes
Comment thread google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/LoggingTest.java Outdated
lqiu96
lqiu96 approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lqiu96 lqiu96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a few small nits. Changes look fine on my end. PTAL at the nits and see if the make sense/ should be addressed. Feel free to merge afterwards

@vverman vverman merged commit 5c279c6 into googleapis:regional-access-boundaries May 8, 2026
83 of 90 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lqiu96 lqiu96 lqiu96 approved these changes

@lsirac lsirac lsirac approved these changes

@nbayati nbayati nbayati approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vverman @lqiu96 @lsirac @nbayati