Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signer and IDTokenCredentials implementation using default service account on GCE #236

Merged
merged 3 commits into from
May 31, 2018

Conversation

kryzthov
Copy link
Contributor

@kryzthov kryzthov commented Jan 19, 2018

This branch includes:

  • a Signer implementation that relies on the IAM API (signBlob) using the default Credentials
  • a Credentials implementation that provides ID tokens, using the Signer above.

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 2101e9f to 21a9f5b Compare May 16, 2018 20:38
 - Add Signer and IDTokenCredentials implementation

Signed-off-by: Christophe Taton <[email protected]>
@kryzthov
Copy link
Contributor Author

@theacodes Could you take a look at this? I haven't added any test yet, but I'd like some feedback before spending more time on this.

@theacodes
Copy link
Contributor

Hi @kryzthov - just a heads up that I'm currently OOO until next week but I'll take a quick lookl

@kryzthov
Copy link
Contributor Author

All good! No rush, it's been there for a while, and it's not blocking! Enjoy your time off!

@@ -108,3 +117,163 @@ def service_account_email(self):
def requires_scopes(self):
"""False: Compute Engine credentials can not be scoped."""
return False


class Signer(crypt.Signer):

This comment was marked as spam.

class IDTokenCredentials(credentials.Credentials, credentials.Signing):
"""Open ID Connect ID Token-based service account credentials.

These credentials relies on the default service account of a GCE instance.

This comment was marked as spam.

This comment was marked as spam.

 - Reuse google.auth.iam.Signer
 - Expose `request` and `service_account_email`.
@kryzthov
Copy link
Contributor Author

Anymore feedback on this?


self._signer = iam.Signer(
request=request,
credentials=Credentials(),

This comment was marked as spam.

This comment was marked as spam.

Copy link
Contributor

@theacodes theacodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, but needs tests.

Copy link
Contributor Author

@kryzthov kryzthov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some unit-tests

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 91da8fe to cb74258 Compare May 29, 2018 23:55
@theacodes theacodes merged commit 67456b4 into googleapis:master May 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants