Skip to content

feat(auth): prune crypto provider dependencies #4220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
coryan merged 4 commits into from
Jan 23, 2026
Merged

feat(auth): prune crypto provider dependencies #4220

coryan merged 4 commits into from
Jan 23, 2026

Conversation

@coryan
Copy link
Collaborator

@coryan coryan commented Jan 9, 2026
edited
Loading

With the default features enabled google-cloud-auth selects a crypto
provider automatically. Note that whatever features are enabled, the
applications can always override the crypto provider, but before this
change it was impossible to prune the default provider from the
dependency tree.

With this change, it is possible to compile google-cloud-auth without
linking the default crypto provider for rustls. If the library is
compiled without a default crypto provider, applications must
configure the provider using
rustls::CryptoProvider::install_default().

Note that most other google-cloud-* crates enable the default crypto
provider. Future PRs will add a similar default-tls feature to all
downstream crates. This feature will be enabled by default, but if
disabled the downstream crates will not require a provider from
google-cloud-auth either.

Part of the work for #4170

@codecov
Copy link

codecov bot commented Jan 9, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.87%. Comparing base (808f186) to head (a95def8).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4220      +/-   ##
==========================================
- Coverage   94.88%   94.87%   -0.01%     
==========================================
  Files         188      188              
  Lines        7227     7226       -1     
==========================================
- Hits         6857     6856       -1     
  Misses        370      370

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@coryan coryan force-pushed the feat-auth-prune-crypto-providers branch 8 times, most recently from 3097c48 to 9455014 Compare January 15, 2026 17:05
@coryan coryan force-pushed the feat-auth-prune-crypto-providers branch 6 times, most recently from 8b38db0 to 7f37f0a Compare January 22, 2026 23:26
@coryan coryan marked this pull request as ready for review January 23, 2026 13:18
@coryan coryan requested review from a team as code owners January 23, 2026 13:18
coryan added 3 commits January 23, 2026 08:18
@coryan
feat(auth): prune some TLS dependencies
2ff893f 
With the default features enabled `google-cloud-auth` selects a crypto
provider automatically. Note that whatever features are enabled, the
applications can always override the crypto provider.

This change partially prunes the default provider from the dependency tree. The
default provider is `ring` and this is still used for certificate verification
via dependencies on `webpki-roots`.

With this change, it is possible to compile `google-cloud-auth` without
linking the default crypto provider for rustls. If the library is
compiled without a default crypto provider, applications **must**
configure the provider using
`rustls::CryptoProvider::install_default()`.

Note that most other `google-cloud-*` crates enable the default crypto
provider. Future PRs will add a similar `default-tls` feature to all
downstream crates. This feature will be enabled by default, but if
disabled the downstream crates will not require a provider from
`google-cloud-auth` either.
@coryan
Fix error message
7920809
@coryan
Fix comment
c844732
@coryan coryan force-pushed the feat-auth-prune-crypto-providers branch from 44b5879 to c844732 Compare January 23, 2026 13:18
@coryan coryan mentioned this pull request Jan 23, 2026
Open
dbolduc
dbolduc reviewed Jan 23, 2026
View reviewed changes
dbolduc
dbolduc reviewed Jan 23, 2026
View reviewed changes
coryan
coryan commented Jan 23, 2026
View reviewed changes
Copy link
Collaborator Author

@coryan coryan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL

@coryan coryan enabled auto-merge (squash) January 23, 2026 16:00
@coryan coryan merged commit 7b9df66 into googleapis:main Jan 23, 2026
30 checks passed
@coryan coryan deleted the feat-auth-prune-crypto-providers branch January 23, 2026 16:10
@coryan coryan mentioned this pull request Jan 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dbolduc dbolduc dbolduc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coryan @dbolduc