Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to include a request_reason with the X-Goog-Request-Reason system parameter header #412

Closed
joaopenteado opened this issue May 11, 2024 · 3 comments · Fixed by #413
Labels
enhancement New feature or request

Comments

@joaopenteado
Copy link

TL;DR

It would be very useful for auditing and tracking if we were able to specify a request_reason input paramater that is included with every API request in the X-Goog-Request-Reason.

Users would also be able to dynamically generate this parameter based on the context of the workflow run or outputs from previous steps.

Detailed design

uses: 'google-github-actions/auth@v2'
with:
  project_id: 'my-project'
  workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
  request_reason: 'foo'

Additional information

Additional discussion points

Should a default request_reason be provided if none is supplied by the user?

I often like to include the GitHub actions run/job URL and I think it's a reasonable default, but other might differ.

uses: 'google-github-actions/auth@v2'
with:
  project_id: 'my-project'
  workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
  request_reason: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs/${{ github.job }}'
@joaopenteado joaopenteado added the enhancement New feature or request label May 11, 2024
Copy link

Hi there @joaopenteado 👋!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

@sethvargo
Copy link
Member

Hi @joaopenteado thanks for opening an issue. This is interesting. Which API call(s) do you think would benefit from having this header? I'm also not sure if that header applies to the sts endpoint (which is inherently unauthenticated).

@joaopenteado
Copy link
Author

Hi @sethvargo! Thanks for getting back to me.

I haven't had the time to test this specifically with the STS or IAM Credentials API yet, but it should work according to the documentation.

These parameters are available across all Google REST APIs and gRPC APIs. A system parameter can be specified either using an HTTP query parameter or an HTTP header.

It's worth noting that this feature is available on the Google Terraform provider through the similarly named request_reason configuration parameter or the CLOUDSDK_CORE_REQUEST_REASON environment variable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Development

Successfully merging a pull request may close this issue.

2 participants