Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for service account impersonation #192

Merged
merged 5 commits into from
Dec 7, 2022
Merged

feat: add support for service account impersonation #192

merged 5 commits into from
Dec 7, 2022

Conversation

enocom
Copy link
Member

@enocom enocom commented Dec 7, 2022

@enocom enocom requested a review from a team December 7, 2022 19:50
kurtisvg
kurtisvg approved these changes Dec 7, 2022
View reviewed changes
internal/proxy/proxy.go Show resolved Hide resolved
hessjcg
hessjcg previously requested changes Dec 7, 2022
View reviewed changes
Copy link
Contributor

@hessjcg hessjcg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See if you can get rid of the redundant switch statement.

internal/proxy/proxy.go
if c.ImpersonateTarget != "" {
var iopts []option.ClientOption
switch {
case c.Token != "":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this switch statement from line 130-150 are much identical to lines 166-189. Could you somehow
combine those into a separate function?

iopts := c.withCredentialSource(l) // switch statement in here
if c.ImpersonateTarget != "" {
   ts, err := impersonate.CredentialsTokenSource( ... iopts)
   // ... error handling, etc
   return alloydbconn.WithTokenSource(ts)
}
return iopts

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are making significant changes to this PR we should make sure to update the Cloud SQL go connector as well

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's fix this in the v2 proxy and port the change here.

@enocom enocom dismissed hessjcg’s stale review December 7, 2022 22:20

We'll land this change in the Cloud SQL proxy and port it back over here.

@enocom enocom merged commit de15073 into main Dec 7, 2022
@enocom enocom deleted the impersonation branch December 7, 2022 22:22
@release-please release-please bot mentioned this pull request Dec 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kurtisvg kurtisvg kurtisvg approved these changes

@hessjcg hessjcg hessjcg left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@enocom @kurtisvg @hessjcg