Skip to content

Adding support for Google AuthManager #2072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adding support for Google AuthManager #2072

wants to merge 2 commits into from

Conversation

rambleraptor
Copy link
Contributor

Rationale for this change

Matches this Java PR

Google's authentication for BigQuery involves using different authentication methods than the current AuthManagers support. This allows users to authenticate against the BigLake REST Catalog (formerly known as the BigQuery REST Catalog)

The GoogleAuthManager introduces authentication methods that are more convenient for GCP users, differing from the generic OAuth2 flow:

  • Application Default Credentials (ADC) Support: Provides out-of-the-box, zero-configuration authentication when the Iceberg client runs within GCP environments (e.g., Compute Engine, GKE, Cloud Functions). This is a significant usability improvement over manually setting up OAuth2 parameters.
  • Service Account Key File Support: Allows users to authenticate by directly providing a path to a GCP service account JSON key file. This is a common and secure way to authenticate applications with GCP services, and is more specific than the generic token or client secret mechanisms.
  • Configurable OAuth Scopes: While the generic OAuth2Manager also supports scopes, GoogleAuthManager defaults to scopes commonly used for GCP services and allows easy customization via the gcp.auth.scopes property.

Are these changes tested?

Unit tests included.

Are there any user-facing changes?

Adds support for Google authentication

Fokko
Fokko reviewed Jun 10, 2025
View reviewed changes
Copy link
Contributor

@Fokko Fokko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this @rambleraptor 🙌

I'm not too familiar with the Google Auth system. WDYT @talatuyarer?

pyiceberg/catalog/rest/auth.py
Comment on lines +130 to +132
raise ImportError(
"Google Auth libraries not found. Please install 'google-auth'."
) from e
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we define this as an extra?

@Fokko Fokko requested a review from sungwy June 10, 2025 09:37
@talatuyarer
Copy link

I'm not too familiar with the Google Auth system. WDYT @talatuyarer?

Let me try the PR on my local machine @Fokko

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fokko Fokko Fokko left review comments

@sungwy sungwy Awaiting requested review from sungwy

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rambleraptor @talatuyarer @Fokko