Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: create impersonated service credentials #499

Merged
merged 15 commits into from
Jan 22, 2025
Merged

feat: create impersonated service credentials #499

merged 15 commits into from
Jan 22, 2025

Conversation

viacheslav-rostovtsev
Copy link
Member

feat: create impersonated service credentials
feat: add duplication mechanism to various credentials to support "re-scoping" them for IAM requests

@viacheslav-rostovtsev viacheslav-rostovtsev requested a review from a team as a code owner November 2, 2024 03:36
@viacheslav-rostovtsev viacheslav-rostovtsev force-pushed the dev/virost/impersonated_creds branch 3 times, most recently from 743091e to 2ed3089 Compare November 11, 2024 23:05
dazuma
dazuma requested changes Nov 20, 2024
View reviewed changes
Copy link
Member

@dazuma dazuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

General question: what kind(s) of credentials are acceptable base credentials for these impersonated credentials? Is it just service account creds, or does it include compute engine creds, or external creds?

spec/googleauth/compute_engine_spec.rb Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
spec/googleauth/impersonated_service_account_spec.rb Outdated Show resolved Hide resolved
spec/googleauth/impersonated_service_account_spec.rb Outdated Show resolved Hide resolved
@viacheslav-rostovtsev viacheslav-rostovtsev force-pushed the dev/virost/impersonated_creds branch from ce48b35 to 29e3873 Compare December 24, 2024 00:14
@viacheslav-rostovtsev viacheslav-rostovtsev added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Dec 26, 2024
@viacheslav-rostovtsev
Copy link
Member Author

Do not merge: the case where the source credentials are wrapped in the Google::Auth::Credentials is not covered

@viacheslav-rostovtsev viacheslav-rostovtsev removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jan 8, 2025
dazuma
dazuma requested changes Jan 8, 2025
View reviewed changes
lib/googleauth/credentials.rb Outdated Show resolved Hide resolved
lib/googleauth/credentials.rb Outdated Show resolved Hide resolved
lib/googleauth/credentials.rb Outdated
client: @client,
project_id: @project_id,
quota_project_id: @quota_project_id,
logger: @logger
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be @client.logger?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was a giant copy paste error in credentials and I forgot to add tests. Fixed now

lib/googleauth/impersonated_service_account.rb Show resolved Hide resolved
spec/googleauth/credentials_spec.rb Show resolved Hide resolved
@viacheslav-rostovtsev viacheslav-rostovtsev force-pushed the dev/virost/impersonated_creds branch from 4398dfd to 360803e Compare January 14, 2025 04:38
dazuma
dazuma reviewed Jan 14, 2025
View reviewed changes
Copy link
Member

@dazuma dazuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple more questions.

lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
lib/googleauth/impersonated_service_account.rb Outdated Show resolved Hide resolved
@viacheslav-rostovtsev viacheslav-rostovtsev merged commit 96f5058 into googleapis:main Jan 22, 2025
10 checks passed
@release-please release-please bot mentioned this pull request Jan 22, 2025
Merged
@dazuma dazuma mentioned this pull request Jan 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dazuma dazuma dazuma approved these changes

Assignees

@dazuma dazuma

@aandreassa aandreassa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@viacheslav-rostovtsev @dazuma @aandreassa