Skip to content

use gcp certificate manager v1 api for scope support #3181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
havetisyan merged 3 commits into from
Jan 23, 2026
Merged

use gcp certificate manager v1 api for scope support #3181

havetisyan merged 3 commits into from
Jan 23, 2026

Conversation

@havetisyan
Copy link
Collaborator

@havetisyan havetisyan commented Jan 23, 2026
edited
Loading

Description

Switch to using Google Certificate Manager v1 api to provide support for the scope attribute for the certificate.

Contribution Checklist:

  • The pull request does not introduce any breaking changes
  • I have read the contribution guidelines.
  • Create an issue and link to the pull request.

Attach Screenshots (Optional)

@havetisyan
Refactor GCP Certificate Management to Use New API Client
7313891 
- Updated the certificate management functions to utilize the new certificatemanagerapi client.
- Replaced the previous client creation and usage with the new service client.
- Implemented error handling for certificate creation and updates using the new API structure.
- Added a waitForOperation function to handle long-running operations with exponential backoff.

This change enhances the integration with GCP's Certificate Manager API and improves error handling for certificate operations.
@havetisyan
use gcp certificate manager v1 api for scope support
48db3f5 
Signed-off-by: Henry Avetisyan <[email protected]>
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 23, 2026

Summary of Changes

Hello @havetisyan, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request modernizes the integration with Google Cloud Certificate Manager by migrating from the gRPC-based client library to the v1 REST API client. This change is crucial for enabling new features like the scope attribute for certificates, which enhances flexibility in how certificates are provisioned and utilized. The underlying certificate creation and update processes have been re-engineered to align with the new API, including a robust polling mechanism for long-running operations.

Highlights

  • API Version Upgrade: The Google Cloud Certificate Manager API client has been upgraded from the older cloud.google.com/go/certificatemanager/apiv1 client library to the google.golang.org/api/certificatemanager/v1 REST API client library.
  • Scope Attribute Support: This upgrade enables support for the scope attribute when managing certificates, allowing for more granular control over certificate deployment and usage.
  • Refactored Certificate Operations: The certificate management logic has been refactored to use a new CertificateManagerOperations interface and an implementation that interacts directly with the v1 REST API. This includes changes to certificate creation, patching (formerly update), and operation waiting mechanisms.
  • Long-Running Operation Polling: A new waitForOperation function has been introduced to handle asynchronous API operations by polling their status with exponential backoff until completion.
  • Error Handling Update: Error handling for existing certificate conflicts has been updated to use googleapi.Error and http.StatusConflict consistent with the new REST API client, replacing the previous gRPC status codes.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the Google Certificate Manager integration to use the v1 REST API instead of the gRPC-based client. This is a significant and well-executed change that enables support for the scope attribute on certificates. The implementation correctly handles the switch to the new API, including error handling and polling for long-running operations. The tests have also been thoroughly updated to reflect these changes.

I've identified a couple of areas for improvement. One is a high-severity issue where the hardcoded updateMask could lead to accidental deletion of certificate labels. The other is a medium-severity issue regarding unused parameters in the new waitForOperation helper function, which I've provided suggestions to clean up. Overall, great work on this refactoring.

@havetisyan
address review comments
037f715 
Signed-off-by: Henry Avetisyan <[email protected]>
yosrixp
yosrixp approved these changes Jan 23, 2026
View reviewed changes
Copy link
Contributor

@yosrixp yosrixp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@havetisyan havetisyan merged commit 85cfb25 into master Jan 23, 2026
8 checks passed
@havetisyan havetisyan deleted the gcp-cert-api-client branch January 23, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

@yosrixp yosrixp yosrixp approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@havetisyan @yosrixp