{{ message }}
fix(auth): fix request session error #16050
Merged
daniel-sanche merged 6 commits intomainfrom Mar 12, 2026
Merged
Conversation
Contributor
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request correctly fixes an AttributeError that occurred when a request object was missing the session attribute. The fix involves adding a check for the attribute's existence before use, and a new regression test has been added to cover this case. I have one suggestion to make the code slightly more concise and Pythonic.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
daniel-sanche
commented
Mar 7, 2026
Contributor
Author
|
/gemini review |
Contributor
There was a problem hiding this comment.
Code Review
This pull request addresses an AttributeError that occurs when mTLS is enabled with request objects lacking a session attribute. The fix involves adding a check for the session attribute before use, and a new regression test is included to verify this. No security vulnerabilities were found. My feedback focuses on enhancing the robustness of this check by using isinstance instead of hasattr, which will prevent potential runtime errors if a session attribute exists but is not of the expected type.
Comment on lines
+177
to
180
| if use_mtls and hasattr(request, "session"): | ||
| # Ensure the request has a session to mount the adapter to. | ||
| if not request.session: | ||
| request.session = requests.Session() |
Contributor
There was a problem hiding this comment.
Using hasattr(request, "session") is a good first step, but it's not entirely safe. It's possible for a different Request implementation to have a session attribute that isn't a requests.Session object. This could lead to an AttributeError later when request.session.mount is called.
A more robust approach is to explicitly check if request is an instance of google.auth.transport.requests.Request. This ensures you're working with the correct object type and avoids potential issues with incompatible session attributes.
Suggested change
| if use_mtls and hasattr(request, "session"): | |
| # Ensure the request has a session to mount the adapter to. | |
| if not request.session: | |
| request.session = requests.Session() | |
| if use_mtls: | |
| # Only modify the request if it's a requests-based transport. | |
| from google.auth.transport import requests as auth_requests | |
| if isinstance(request, auth_requests.Request): | |
| # Ensure the request has a session to mount the adapter to. | |
| if not request.session: | |
| request.session = requests.Session() |
Contributor
There was a problem hiding this comment.
Is this condition required anymore? Since we already check that session is present?
Contributor
Author
There was a problem hiding this comment.
Yes, I believe this is meant to attach a session if it's set to None
sai-sunder-s
approved these changes
Mar 10, 2026
parthea
approved these changes
Mar 12, 2026
parthea
added a commit
that referenced
this pull request
Mar 12, 2026
PR created by the Librarian CLI to initialize a release. Merging this PR will auto trigger a release. Librarian Version: v0.0.0-20260216162532-e323d455c92b Language Image: us-central1-docker.pkg.dev/cloud-sdk-librarian-prod/images-prod/python-librarian-generator@sha256:160860d189ff1c2f7515638478823712fa5b243e27ccc33a2728669fa1e2ed0c <details><summary>google-ads-datamanager: v0.6.0</summary> ## [v0.6.0](google-ads-datamanager-v0.5.0...google-ads-datamanager-v0.6.0) (2026-03-12) ### Documentation * update filter field documentation to clarify case requirements and improve examples ([505bc97](505bc97)) ### Features * deprecate INVALID_COUNTRY_CODE and add MEMBERSHIP_DURATION_TOO_LONG to the ErrorReason enum ([505bc97](505bc97)) ### Bug Fixes * feat: update advertiser_identifier_count in PairIdInfo to be optional ([505bc97](505bc97)) * update publisher_name in PairIdInfo to be required ([505bc97](505bc97)) * update match_rate_percentage in PairIdInfo to be required ([505bc97](505bc97)) </details> <details><summary>google-auth: v2.49.1</summary> ## [v2.49.1](google-auth-v2.49.0...google-auth-v2.49.1) (2026-03-12) ### Bug Fixes * fix request session error (#16050) ([bfd9322](bfd93225)) * remove deprecated rsa dependency (#16020) ([e8927b9](e8927b9c)) </details> <details><summary>google-cloud-ces: v0.2.0</summary> ## [v0.2.0](google-cloud-ces-v0.1.0...google-cloud-ces-v0.2.0) (2026-03-12) ### Documentation * A comment for field `cert` in message `.google.cloud.ces.v1beta.TlsConfig` is changed ([505bc97](505bc97)) * A comment for field `name` in message `.google.cloud.ces.v1beta.Tool` is changed PiperOrigin-RevId: 878047537 ([505bc97](505bc97)) * A comment for field `entry_agent` in message `.google.cloud.ces.v1beta.SessionConfig` is changed ([505bc97](505bc97)) ### Features * update public libraries for CES v1beta ([505bc97](505bc97)) ### Bug Fixes * An existing field `app` is renamed to `name` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioRequest` ([505bc97](505bc97)) * An existing field `audio_transcript` is renamed to `transcript` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioResponse` ([505bc97](505bc97)) * An existing field `audio_duration` is renamed to `duration` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioResponse` ([505bc97](505bc97)) * An existing field `variables` is moved in to oneof in message `.google.cloud.ces.v1beta.ExecuteToolRequest` ([505bc97](505bc97)) * An existing method_signature `app,audio_content` is removed from method `UploadEvaluationAudio` in service `EvaluationService` ([505bc97](505bc97)) * An existing google.api.http annotation `http_uri` is changed for method `UploadEvaluationAudio` in service `EvaluationService` ([505bc97](505bc97)) </details> <details><summary>google-cloud-compute: v1.46.0</summary> ## [1.46.0](google-cloud-compute-v1.45.0...google-cloud-compute-v1.46.0) (2026-03-12) ### Features * Update Compute Engine v1 API to revision 20260227 ([7b22ea2](7b22ea2)) </details> <details><summary>google-cloud-compute-v1beta: v0.9.0</summary> ## [0.9.0](google-cloud-compute-v1beta-v0.8.0...google-cloud-compute-v1beta-v0.9.0) (2026-03-12) ### Features * Update Compute Engine v1beta API to revision 20260227 ([bf43768](bf43768)) </details> <details><summary>google-cloud-firestore: v2.25.0</summary> ## [v2.25.0](google-cloud-firestore-v2.24.0...google-cloud-firestore-v2.25.0) (2026-03-12) ### Features * support array_agg(), array_agg_distinct(), first(), last() (#16029) ([d04a241](d04a241d)) </details> <details><summary>google-cloud-gdchardwaremanagement: v0.4.0</summary> ## [0.4.0](google-cloud-gdchardwaremanagement-v0.3.0...google-cloud-gdchardwaremanagement-v0.4.0) (2026-03-12) ### Features * Add `OFFLINE` state to Zone resources A new `OFFLINE` state has been added to the `Zone.State` enum. This state indicates that the zone is temporarily not operational, for example, while undergoing maintenance or repair ([505bc97](505bc97)) </details> <details><summary>google-cloud-geminidataanalytics: v0.11.0</summary> ## [0.11.0](google-cloud-geminidataanalytics-v0.10.0...google-cloud-geminidataanalytics-v0.11.0) (2026-03-12) ### Documentation * update field comments for `generated_looker_query` in `DataMessage` ([505bc97](505bc97)) ### Features * add `ParameterizedSecureViewParameters` message and field for PSV support ([505bc97](505bc97)) * add `ThinkingMode` enum and field to control agent thinking mode ([505bc97](505bc97)) </details> <details><summary>google-cloud-gke-hub: v1.22.0</summary> ## [1.22.0](google-cloud-gke-hub-v1.21.0...google-cloud-gke-hub-v1.22.0) (2026-03-12) ### Features * upgrade protobuf from v25.7 to v31.0 ([505bc97](505bc97)) </details> <details><summary>google-cloud-pubsub: v2.36.0</summary> ## [2.36.0](google-cloud-pubsub-v2.35.0...google-cloud-pubsub-v2.36.0) (2026-03-12) ### Features * Add BigtableConfig type ([ec1a676](ec1a676)) </details> <details><summary>google-maps-routing: v0.9.0</summary> ## [0.9.0](google-maps-routing-v0.8.0...google-maps-routing-v0.9.0) (2026-03-12) ### Documentation * regenerated documentation for fields ([505bc97](505bc97)) ### Features * add a new Waypoint source to accept a token that identifies a Navigation Point obtained from the `SearchDestinations` method of the Geocoding API ([505bc97](505bc97)) </details> <details><summary>google-resumable-media: v2.8.1</summary> ## [v2.8.1](google-resumable-media-v2.8.0...google-resumable-media-v2.8.1) (2026-03-12) ### Bug Fixes * add max_length support to Gzip/Brotli decoders for urllib3 2.6+ (#495) ([cb90060](cb900605)) </details> <details><summary>google-shopping-type: v1.3.0</summary> ## [1.3.0](google-shopping-type-v1.2.0...google-shopping-type-v1.3.0) (2026-03-12) ### Documentation * A comment for message `DestintionEnum` is changed ([505bc97](505bc97)) ### Features * add more values in DestintionEnum ([505bc97](505bc97)) </details> --------- Co-authored-by: Anthonios Partheniou <partheniou@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #16035
only google.auth.transport.requests.Request objects have a session attached. Other Request subclasses don't so they raise an error when mts is enabled.
This PR ignores unsupported request types, instead of raising an exception
Thanks @sakshamgoyal-01 for the detailed bug report!