feat(auth): Enhance non-interactive gcp auth (#4811)

2025-12-20 08:47:44 +00:00 · 2025-07-25 10:19:38 -07:00
parent fb0db2dfd6
commit 6321442865
5 changed files with 200 additions and 8 deletions
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -525,6 +525,14 @@ export async function start_sandbox(
    );
  }

+  // copy GOOGLE_GENAI_USE_GCA
+  if (process.env.GOOGLE_GENAI_USE_GCA) {
+    args.push(
+      '--env',
+      `GOOGLE_GENAI_USE_GCA=${process.env.GOOGLE_GENAI_USE_GCA}`,
+    );
+  }
+
  // copy GOOGLE_CLOUD_PROJECT
  if (process.env.GOOGLE_CLOUD_PROJECT) {
    args.push(
--- a/packages/cli/src/validateNonInterActiveAuth.test.ts
+++ b/packages/cli/src/validateNonInterActiveAuth.test.ts
@@ -14,6 +14,7 @@ import { AuthType } from '@google/gemini-cli-core';
 describe('validateNonInterActiveAuth', () => {
  let originalEnvGeminiApiKey: string | undefined;
  let originalEnvVertexAi: string | undefined;
+  let originalEnvGcp: string | undefined;
  let consoleErrorSpy: ReturnType<typeof vi.spyOn>;
  let processExitSpy: ReturnType<typeof vi.spyOn>;
  let refreshAuthMock: jest.MockedFunction<
@@ -23,8 +24,10 @@ describe('validateNonInterActiveAuth', () => {
  beforeEach(() => {
    originalEnvGeminiApiKey = process.env.GEMINI_API_KEY;
    originalEnvVertexAi = process.env.GOOGLE_GENAI_USE_VERTEXAI;
+    originalEnvGcp = process.env.GOOGLE_GENAI_USE_GCA;
    delete process.env.GEMINI_API_KEY;
    delete process.env.GOOGLE_GENAI_USE_VERTEXAI;
+    delete process.env.GOOGLE_GENAI_USE_GCA;
    consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
    processExitSpy = vi.spyOn(process, 'exit').mockImplementation((code) => {
      throw new Error(`process.exit(${code}) called`);
@@ -43,6 +46,11 @@ describe('validateNonInterActiveAuth', () => {
    } else {
      delete process.env.GOOGLE_GENAI_USE_VERTEXAI;
    }
+    if (originalEnvGcp !== undefined) {
+      process.env.GOOGLE_GENAI_USE_GCA = originalEnvGcp;
+    } else {
+      delete process.env.GOOGLE_GENAI_USE_GCA;
+    }
    vi.restoreAllMocks();
  });

@@ -62,6 +70,15 @@ describe('validateNonInterActiveAuth', () => {
    expect(processExitSpy).toHaveBeenCalledWith(1);
  });

+  it('uses LOGIN_WITH_GOOGLE if GOOGLE_GENAI_USE_GCA is set', async () => {
+    process.env.GOOGLE_GENAI_USE_GCA = 'true';
+    const nonInteractiveConfig: NonInteractiveConfig = {
+      refreshAuth: refreshAuthMock,
+    };
+    await validateNonInteractiveAuth(undefined, nonInteractiveConfig);
+    expect(refreshAuthMock).toHaveBeenCalledWith(AuthType.LOGIN_WITH_GOOGLE);
+  });
+
  it('uses USE_GEMINI if GEMINI_API_KEY is set', async () => {
    process.env.GEMINI_API_KEY = 'fake-key';
    const nonInteractiveConfig: NonInteractiveConfig = {
@@ -92,6 +109,19 @@ describe('validateNonInterActiveAuth', () => {
    expect(refreshAuthMock).toHaveBeenCalledWith(AuthType.USE_VERTEX_AI);
  });

+  it('uses LOGIN_WITH_GOOGLE if GOOGLE_GENAI_USE_GCA is set, even with other env vars', async () => {
+    process.env.GOOGLE_GENAI_USE_GCA = 'true';
+    process.env.GEMINI_API_KEY = 'fake-key';
+    process.env.GOOGLE_GENAI_USE_VERTEXAI = 'true';
+    process.env.GOOGLE_CLOUD_PROJECT = 'test-project';
+    process.env.GOOGLE_CLOUD_LOCATION = 'us-central1';
+    const nonInteractiveConfig: NonInteractiveConfig = {
+      refreshAuth: refreshAuthMock,
+    };
+    await validateNonInteractiveAuth(undefined, nonInteractiveConfig);
+    expect(refreshAuthMock).toHaveBeenCalledWith(AuthType.LOGIN_WITH_GOOGLE);
+  });
+
  it('uses USE_VERTEX_AI if both GEMINI_API_KEY and GOOGLE_GENAI_USE_VERTEXAI are set', async () => {
    process.env.GEMINI_API_KEY = 'fake-key';
    process.env.GOOGLE_GENAI_USE_VERTEXAI = 'true';
--- a/packages/cli/src/validateNonInterActiveAuth.ts
+++ b/packages/cli/src/validateNonInterActiveAuth.ts
@@ -8,21 +8,28 @@ import { AuthType, Config } from '@google/gemini-cli-core';
 import { USER_SETTINGS_PATH } from './config/settings.js';
 import { validateAuthMethod } from './config/auth.js';

+function getAuthTypeFromEnv(): AuthType | undefined {
+  if (process.env.GOOGLE_GENAI_USE_GCA === 'true') {
+    return AuthType.LOGIN_WITH_GOOGLE;
+  }
+  if (process.env.GOOGLE_GENAI_USE_VERTEXAI === 'true') {
+    return AuthType.USE_VERTEX_AI;
+  }
+  if (process.env.GEMINI_API_KEY) {
+    return AuthType.USE_GEMINI;
+  }
+  return undefined;
+}
+
 export async function validateNonInteractiveAuth(
  configuredAuthType: AuthType | undefined,
  nonInteractiveConfig: Config,
 ) {
-  const effectiveAuthType =
-    configuredAuthType ||
-    (process.env.GOOGLE_GENAI_USE_VERTEXAI === 'true'
-      ? AuthType.USE_VERTEX_AI
-      : process.env.GEMINI_API_KEY
-        ? AuthType.USE_GEMINI
-        : undefined);
+  const effectiveAuthType = configuredAuthType || getAuthTypeFromEnv();

  if (!effectiveAuthType) {
    console.error(
-      `Please set an Auth method in your ${USER_SETTINGS_PATH} or specify either the GEMINI_API_KEY or GOOGLE_GENAI_USE_VERTEXAI environment variables before running`,
+      `Please set an Auth method in your ${USER_SETTINGS_PATH} or specify one of the following environment variables before running: GEMINI_API_KEY, GOOGLE_GENAI_USE_VERTEXAI, GOOGLE_GENAI_USE_GCA`,
    );
    process.exit(1);
  }