fix(codegen/gcp): forward colliding credential fields in _buildGcpCredentials (#1110) #101
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "fix/gcp-project-credential-forwarding"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
_buildGcpCredentialsin the GCP codegen template to forwardg.<name>for credential fields that collide with domain properties, instead of hardcodingundefinedcodegen/designs/gcp.mdProblem
Every GCP model declares
projectas a credential field forgetCredentials(). Whenprojectalso exists as a domain property (API query parameter), the collision guard correctly prevents injecting it as a duplicateGlobalArgsSchemaentry — but_buildGcpCredentialsthen hardcodesproject: undefined, silently dropping the user's configured project before credential resolution.With access-token auth, this left
GCP_PROJECT/GOOGLE_CLOUD_PROJECTenv as the only working project source, even whenprojectwas explicitly set in the model configuration.Note: The issue reports all 11 storage models are affected, but only
bucketshas theprojectdomain property collision within storage. Across all GCP, 6 models in 4 services are affected.Fix
Changed the
elsebranch in the credential field loop (codegen/gcp/extensionModelGenerator.ts) from:to always forward:
This is safe because the value already exists in
gas a domain property — we're just forwarding it to credential resolution where it's needed.Verification
project: undefined→project: g.projectin exactly 6 modelsTest plan
@swamp/gcp/storage/bucketsmodel withproject: my-project-idandaccessTokenfrom vault, noGCP_PROJECTenv — create should succeedCloses swamp-club#1110
🤖 Generated with Claude Code
Adversarial Review
Medium
codegen/gcp/extensionModelGenerator.ts:338-340—_credentialKeysis dead code in GCP generated output.The codegen emits
const _credentialKeys = new Set([...])(line 340), but no GCP generated code ever references_credentialKeys.has(). Unlike the AWS codegen (which uses_credentialKeysto filter credential fields out ofdesiredStatewhen building request bodies), the GCP codegen never generates code that reads from this set. The variable is declared and populated but unused. This is pre-existing (not introduced by this PR), but worth noting since the comment on line 337 says "Credential key set for filtering globalArgs when building request bodies" — that filtering doesn't happen in GCP models. This could cause linting warnings in generated code depending on tooling. Not a correctness issue.codegen/gcp/extensionModelGenerator.ts:347-350— For non-colliding services, the behavior is unchanged but the comment is slightly misleading.The comment on line 348-349 says "even when not injected as a separate global arg, the value exists as a domain property." For non-colliding services (the common case), the credential fields ARE injected as separate global args and do NOT exist as domain properties. The comment is accurate only for the collision case. The code is correct in both cases —
g.fieldNamereads the right value regardless — but the comment could mislead a future maintainer into thinking all credential fields always exist as domain properties.Low
The generated models bump from their previous version to
2026.07.13.1and add upgrade entries withdescription: "No schema changes". Technically the_buildGcpCredentialsfunction did change (fromproject: undefinedtoproject: g.project), which is a behavioral change. The "No schema changes" description is accurate in the narrow sense (the Zod schemas didn't change), but a reader reviewing upgrade history might not realize there was a behavioral credential-resolution change. This is a documentation nuance, not a correctness issue.Verdict
PASS — The core fix is correct and well-scoped. Before this change, GCP services where
projectcollided with a domain property (e.g. sqladmin, storage) would passproject: undefinedto_buildGcpCredentials, causing credential resolution to ignore the user-provided project ID and fall through to environment variables. Now the colliding value is properly forwarded. The design doc update accurately reflects the new behavior. No critical or high-severity issues found.Code Review
Blocking Issues
None.
Suggestions
"No schema changes"upgrade entry for2026.07.13.1. The Zod schema shapes didn't change, but_buildGcpCredentialsnow returns a non-undefinedprojectvalue — which is a meaningful runtime behavior change. Consider using a description like"Fix: project domain property now forwarded to credential resolution"so operators reading upgrade history understand why the version was bumped. That said, "No schema changes" is the established pattern in this repo for codegen-driven bumps, so this is a minor style note.Correctness analysis:
The codegen fix is correct. For services where
projectis a domain property (and thus excluded frominjectedCredFields), the old generator emittedproject: undefinedin_buildGcpCredentials, silently discarding the user-supplied project ID that was present ing(global args) via the domain-property entry inGlobalArgsSchema. The fix removes the conditional guard and always readsg.<field>for all credential fields. SinceprojectIS present inGlobalArgsSchemafor these services (viazodResult.inputSchemaBody),g.projectis populated at runtime and correctly flows into credential resolution.The
_credentialKeysset is still built frominjectedCredFieldsonly (e.g.["accessToken", "credentialsJson"]for sqladmin services), soprojectis not stripped from request bodies — correct, because it's a domain property the API needs.All six regenerated model files show the expected diff (
project: undefined→project: g.project as string | undefined) with matching version bumps and upgrade entries. The design doc update accurately describes the new forwarding behavior. No hand-edits to model files outside of codegen output; noanytypes or default exports introduced.