nazq opened a new pull request, #531: URL: https://github.com/apache/arrow-rs-object-store/pull/531
## Summary Fixes an issue where `GoogleCloudStorageBuilder` would fail to build when Application Default Credentials (ADC) exist in an unsupported format, even when explicit credentials are provided via `with_service_account_path()`, `with_service_account_key()`, or `with_credentials()`. ## Problem Previously, `GoogleCloudStorageBuilder::build()` unconditionally attempted to read ADC files and would fail immediately if the ADC format was unsupported (e.g., `external_account_authorized_user` from Workload Identity Federation with external identity providers). This prevented users from using explicit credentials in environments where ADC was configured with newer credential types. ## Solution This PR makes ADC reading conditional: - **When explicit credentials are provided**: ADC reading errors are ignored, allowing the builder to use the explicit credentials - **When no explicit credentials exist**: ADC errors are propagated normally, preserving error visibility for users relying on ADC The credential precedence remains unchanged: explicit credentials > ADC > instance metadata ## Changes - Modified `src/gcp/builder.rs:495-503` to conditionally handle ADC reading errors based on whether explicit credentials were provided - Added 4 comprehensive tests covering all credential paths ## Testing All tests pass (113 passed, 0 failed): - ✅ Explicit service account path ignores invalid ADC - ✅ Explicit service account key ignores invalid ADC - ✅ Custom credentials provider ignores invalid ADC - ✅ ADC errors still propagate when no explicit credentials provided ## Impact This change enables users in enterprise environments with Workload Identity Federation to use explicit credentials without being blocked by unsupported ADC formats, while maintaining backward compatibility and error visibility for ADC-only users. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
