Adding support for Google AuthManager

[rambleraptor]

Rationale for this change

Matches this Java PR

Google's authentication for BigQuery involves using different authentication methods than the current AuthManagers support. This allows users to authenticate against the BigLake REST Catalog (formerly known as the BigQuery REST Catalog)

The GoogleAuthManager introduces authentication methods that are more convenient for GCP users, differing from the generic OAuth2 flow:

• Application Default Credentials (ADC) Support: Provides out-of-the-box, zero-configuration authentication when the Iceberg client runs within GCP environments (e.g., Compute Engine, GKE, Cloud Functions). This is a significant usability improvement over manually setting up OAuth2 parameters.
• Service Account Key File Support: Allows users to authenticate by directly providing a path to a GCP service account JSON key file. This is a common and secure way to authenticate applications with GCP services, and is more specific than the generic token or client secret mechanisms.
• Configurable OAuth Scopes: While the generic OAuth2Manager also supports scopes, GoogleAuthManager defaults to scopes commonly used for GCP services and allows easy customization via the gcp.auth.scopes property.

Are these changes tested?

Unit tests included.

Are there any user-facing changes?

Adds support for Google authentication

[Fokko]

Thanks for adding this @rambleraptor 🙌

I'm not too familiar with the Google Auth system. WDYT @talatuyarer?

[talatuyarer]

I'm not too familiar with the Google Auth system. WDYT @talatuyarer?

Let me try the PR on my local machine @Fokko

[Fokko]

@talatuyarer Any luck? :)

[talatuyarer]

@rambleraptor Could you update your PR with latest master changes

[rambleraptor]

@talatuyarer changes updated to main branch!

[Copilot]

Pull Request Overview

This PR adds Google authentication support to the Iceberg Python client by implementing a GoogleAuthManager class, matching functionality from a corresponding Java PR. The implementation provides convenient authentication methods for GCP users including Application Default Credentials (ADC) support and service account key file authentication.

• Implements GoogleAuthManager with support for default credentials and service account key files
• Adds comprehensive unit tests covering different authentication scenarios
• Configures optional google-auth dependency and mypy settings

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.

File	Description
pyiceberg/catalog/rest/auth.py	Implements GoogleAuthManager class with Google authentication support
tests/catalog/test_rest_auth.py	Adds comprehensive unit tests for GoogleAuthManager functionality
pyproject.toml	Adds optional google-auth dependency and mypy configuration

[kevinjqliu]

LGTM! (and to copilot)

[kevinjqliu]

@talatuyarer could you take another look before I merge?

[kevinjqliu]

@rambleraptor looks like there a merge conflict with main

[Fokko]

This looks great @rambleraptor

[talatuyarer]

@rambleraptor I tested this PR. It is working as expected. Please update documentation. Beside of that LGTM!

[rambleraptor]

@Fokko @kevinjqliu @talatuyarer docs updated + merge conflict removed!

[sungwy]

awesome work @rambleraptor ! I'm running the CI, I will merge it once the CI passes

[kevinjqliu]

LGTM!

[kevinjqliu]

nit: is this .refresh called on every request?