Skip to content

feat: Integrate mTLS support into Agent Registry API calls#5861

Open
agrawalradhika-cell wants to merge 5 commits into
google:mainfrom
agrawalradhika-cell:add-agent-registry-support
Open

feat: Integrate mTLS support into Agent Registry API calls#5861
agrawalradhika-cell wants to merge 5 commits into
google:mainfrom
agrawalradhika-cell:add-agent-registry-support

Conversation

@agrawalradhika-cell
Copy link
Copy Markdown

@agrawalradhika-cell agrawalradhika-cell commented May 26, 2026
edited
Loading

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

2. Or, if no issue exists, describe the change:

Problem:
The current AgentRegistry client uses httpx.Client for API requests, which does not inherently support the mTLS (mutual TLS) requirements and automatic endpoint selection needed for secure Google API interactions.

Solution:
Integrated mTLS support by transitioning the AgentRegistry client to use google.auth.transport.requests.AuthorizedSession. This change allows the client to:

  • Automatically handle mTLS configuration based on environment variables like GOOGLE_API_USE_CLIENT_CERTIFICATE and GOOGLE_API_USE_MTLS_ENDPOINT.
  • Dynamically select the correct base URL between the standard (agentregistry.googleapis.com) and mTLS (agentregistry.mtls.googleapis.com) endpoints.
  • Leverage standard Google Auth libraries for secure credential management and session handling.

Testing Plan

Please describe the tests that you ran to verify your changes. This is required
for all PRs that are not small documentation or typo fixes.

Unit Tests:

  • I have added or updated unit tests for my change.
  • All unit tests pass locally.

Please include a summary of passed pytest results.

Manual End-to-End (E2E) Tests:

Checklist

  • I have read the CONTRIBUTING.md document.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.
  • I have manually tested my changes end-to-end.
  • Any dependent changes have been merged and published in downstream modules.

Additional context

Add any other context or screenshots about the feature request here.

@adk-bot
Copy link
Copy Markdown
Collaborator

adk-bot commented May 26, 2026

Response from ADK Triaging Agent

Hello @agrawalradhika-cell, thank you for creating this PR!

While reviewing your PR, I noticed a few items from our contribution guidelines are currently missing or incomplete:

  1. Pytest Results Summary: Under the Unit Tests section, please include a summary of the passed pytest results.
  2. Manual End-to-End (E2E) Tests: The testing plan currently lists the manual E2E tests for AgentRegistry and mTLS as "TBD". To maintain code quality and prevent regressions, please perform these tests and provide verifiable E2E evidence (such as console logs showing the successful mTLS session configuration/API requests).

Providing this information will help our reviewers review your PR more efficiently. Thank you!

@rohityan rohityan self-assigned this May 27, 2026
@rohityan rohityan added core [Component] This issue is related to the core interface and implementation needs review [Status] The PR/issue is awaiting review from the maintainer labels May 27, 2026
@rohityan rohityan requested review from Jacksunwei and wyf7107 May 27, 2026 19:20
@rohityan
Copy link
Copy Markdown
Collaborator

rohityan commented May 27, 2026

Hi @agrawalradhika-cell , Thank you for your contribution! We appreciate you taking the time to submit this pull request. Your PR has been received by the team and is currently under review. We will provide feedback as soon as we have an update to share.

@rohityan
Copy link
Copy Markdown
Collaborator

rohityan commented May 27, 2026

Hi @Jacksunwei , can you please review this.

@rohityan rohityan removed the request for review from wyf7107 May 27, 2026 19:22
wukath
wukath reviewed May 27, 2026
View reviewed changes
Comment thread src/google/adk/integrations/agent_registry/agent_registry.py
except httpx.HTTPStatusError as e:
# Using AuthorizedSession for internal API calls to handle mTLS/Auth.
response = session.get(
url, headers=self._get_auth_headers(), params=params
Copy link
Copy Markdown
Collaborator

@wukath wukath May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we shouldn't be manually injecting _get_auth_headers() into every request (I think it defeats the point of AuthorizedSession)

perhaps we should have something like

response = session.get(
    url, headers=self._get_request_headers(), params=params
)

wukath
wukath reviewed May 27, 2026
View reviewed changes
Comment thread src/google/adk/integrations/agent_registry/agent_registry.py
if mtls.has_default_client_cert_source()
else None
)
session.configure_mtls_channel()
Copy link
Copy Markdown
Collaborator

@wukath wukath May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

recommended to pass in client_cert_source: session.configure_mtls_channel(client_cert_source)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wukath wukath wukath left review comments

@Jacksunwei Jacksunwei Awaiting requested review from Jacksunwei

At least 1 approving review is required to merge this pull request.

Assignees

@rohityan rohityan

Labels

core [Component] This issue is related to the core interface and implementation needs review [Status] The PR/issue is awaiting review from the maintainer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@agrawalradhika-cell @adk-bot @rohityan @wukath