fix(auth): stop TUI from force-injecting cloud-platform scope#662
fix(auth): stop TUI from force-injecting cloud-platform scope#662anshul-garg27 wants to merge 1 commit intogoogleworkspace:mainfrom
Conversation
The interactive scope picker unconditionally appended cloud-platform after every selection, contradicting DEFAULT_SCOPES which explicitly excludes it. This broke org-restricted accounts with admin_policy_enforced. Closes googleworkspace#562
🦋 Changeset detectedLatest commit: 98b786f The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses an issue where the interactive TUI was forcing the inclusion of the cloud-platform scope, which caused failures for users restricted by organizational policies. By removing this automatic injection, the CLI now respects default scope configurations while still allowing users to manually select the scope if needed. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request prevents the TUI scope picker from unconditionally injecting the cloud-platform scope by removing the injection logic and the PLATFORM_SCOPE constant. Feedback suggests that the PLATFORM_SCOPE constant should be retained to maintain code quality and avoid hardcoding the scope URL in other parts of the codebase where it is still required.
| Restricted, | ||
| } | ||
|
|
||
| pub const PLATFORM_SCOPE: &str = "https://www.googleapis.com/auth/cloud-platform"; |
There was a problem hiding this comment.
The PLATFORM_SCOPE constant should be retained. Although its direct usage in the TUI injection logic was removed, the same string literal is still used in multiple other locations within the codebase (e.g., FULL_SCOPES and SCOPE_ENTRIES in auth_commands.rs). Hardcoding this URL in multiple places reduces maintainability and increases the risk of inconsistencies or typos. It is recommended to keep the constant and use it wherever the cloud-platform scope URL is required.
2 participants
Summary
The interactive TUI scope picker unconditionally appends
cloud-platformafter every selection (line ~1105 inauth_commands.rs), which contradictsDEFAULT_SCOPESthat explicitly excludes it. This breaks users on managed Google Workspace orgs that blockcloud-platformvia admin policy.PLATFORM_SCOPEconstant (modelarmor defines its ownCLOUD_PLATFORM_SCOPE)cloud-platformcan still select it in the TUI or pass--scopes cloud-platformCloses #562
Test plan
cargo test— 783 tests passcargo clippy -- -D warnings— cleanPLATFORM_SCOPEhad no other usages before removing