Due to #493, I noticed that you have to explicitly set disable_universe_domain_check if you want to automatically determine the universe domain for a Google Cloud Dedicated instance:
require 'googleauth'
creds = Google::Auth.get_application_default
creds.disable_universe_domain_check = false
creds.fetch_access_token!
This results in:
=>
{"access_token"=>
"REDACTED TOKEN",
"expires_in"=>3362,
"token_type"=>"Bearer",
"universe_domain"=>"example.universe.com"}Otherwise, if you don't disable disable_universe_domain_check you get googleapis.com:
=>
{"access_token"=>
"REDACTED TOKEN",
"expires_in"=>3304,
"token_type"=>"Bearer",
"universe_domain"=>"googleapis.com"}With the Go SDK, I can extract credentials with the right universe domain doing this:
package main
import (
"cloud.google.com/go/storage"
"context"
"fmt"
"golang.org/x/oauth2/google"
)
func main() {
creds, err := google.FindDefaultCredentials(context.Background(), storage.ScopeFullControl)
if err != nil {
fmt.Printf("Error reading default credentials: %w\n", err)
return
}
domain, err := creds.GetUniverseDomain()
fmt.Printf("%s\n", domain)
}Is the universe domain metadata endpoint considered stable now to drop this disable_universe_domain_check flag?
Due to #493, I noticed that you have to explicitly set
disable_universe_domain_checkif you want to automatically determine the universe domain for a Google Cloud Dedicated instance:This results in:
Otherwise, if you don't disable
disable_universe_domain_checkyou getgoogleapis.com:With the Go SDK, I can extract credentials with the right universe domain doing this:
Is the universe domain metadata endpoint considered stable now to drop this
disable_universe_domain_checkflag?