Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impersonated user should use IAM AuthN downscoped token #1519

Closed
enocom opened this issue Oct 31, 2022 · 0 comments · Fixed by #1520
Closed

Impersonated user should use IAM AuthN downscoped token #1519

enocom opened this issue Oct 31, 2022 · 0 comments · Fixed by #1520
Assignees
@enocom
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@enocom
Copy link
Member

enocom commented Oct 31, 2022

When impersonating a service account with Auto IAM AuthN, the proxy should configure the Go connector with an IAM Login token source, downscoped to login only.
@enocom enocom added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Oct 31, 2022
enocom added a commit that referenced this issue Oct 31, 2022
@enocom
fix: impersonated user uses downscoped token
fd7089d 
When an impersonated user logs in with Auto IAM AuthN, the login token
is downscoped to support login only.

Fixes #1519.
@enocom enocom mentioned this issue Oct 31, 2022
Merged
enocom added a commit that referenced this issue Nov 7, 2022
@enocom
fix: impersonated user uses downscoped token (#1520)
b08c71d 
When an impersonated user logs in with Auto IAM AuthN, the login token
is downscoped to support login only.

Fixes #1519.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enocom enocom

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: impersonated user uses downscoped token GoogleCloudPlatform/cloud-sql-proxy
1 participant
@enocom