forked from pool/python-google-auth
Markéta Machová
1c151ff518
* Add public wrapper for _mtls_helper.check_use_client_cert which
enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set,
when the MWID/X.509 cert sources detected (#1859) Add public
wrapper for check_use_client_cert which enables mTLS if
GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509
cert sources detected. Also, fix check_use_client_cert to return
boolean value.
Change #1848 added the check_use_client_cert method that helps know
if client cert should be used for mTLS connection. However, that was
in a private class, thus, created a public wrapper of the same function
so that it can be used by python Client Libraries. Also, updated
check_use_client_cert to return a boolean value instead of existing
string value for better readability and future scope.
* Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if
the MWID/X.509 cert sources detected (#1848) The Python SDK will
use a hybrid approach for mTLS enablement:
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
(either true or false), the SDK will respect that setting. This is
necessary for test scenarios and users who need to explicitly control
mTLS behavior.
* If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
set, the SDK will automatically enable mTLS only if it detects Managed
Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
certificate sources. In other cases where the variable is not set, mTLS
will remain disabled.
** This change also adds the helper method `check_use_client_cert` and
it's unit test, which will be used for checking the criteria for setting
the mTLS to true
** This change is only for Auth-Library, other changes will be created
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-google-auth?expand=0&rev=123