Skip to content

Signer and IDTokenCredentials implementation using default service account on GCE #236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
theacodes merged 3 commits into from
May 31, 2018
Merged

Signer and IDTokenCredentials implementation using default service account on GCE #236

theacodes merged 3 commits into from
May 31, 2018

Conversation

@kryzthov
Copy link
Contributor

@kryzthov kryzthov commented Jan 19, 2018
edited
Loading

This branch includes:

  • a Signer implementation that relies on the IAM API (signBlob) using the default Credentials
  • a Credentials implementation that provides ID tokens, using the Signer above.

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 2101e9f to 21a9f5b Compare May 16, 2018 20:38
@kryzthov
Add GCE Credentials implementation supplying an ID token.
169497c 
 - Add Signer and IDTokenCredentials implementation

Signed-off-by: Christophe Taton <[email protected]>
@kryzthov
Copy link
Contributor Author

kryzthov commented May 16, 2018

@theacodes Could you take a look at this? I haven't added any test yet, but I'd like some feedback before spending more time on this.

@theacodes
Copy link
Contributor

theacodes commented May 16, 2018

Hi @kryzthov - just a heads up that I'm currently OOO until next week but I'll take a quick lookl

@kryzthov
Copy link
Contributor Author

kryzthov commented May 16, 2018

All good! No rush, it's been there for a while, and it's not blocking! Enjoy your time off!

theacodes
theacodes suggested changes May 16, 2018
View reviewed changes
google/auth/compute_engine/credentials.py Outdated
return False


class Signer(crypt.Signer):

This comment was marked as spam.

Sign in to view

google/auth/compute_engine/credentials.py
class IDTokenCredentials(credentials.Credentials, credentials.Signing):
"""Open ID Connect ID Token-based service account credentials.
These credentials relies on the default service account of a GCE instance.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@kryzthov
Address comments
1469b34 
 - Reuse google.auth.iam.Signer
 - Expose `request` and `service_account_email`.
@kryzthov
Copy link
Contributor Author

kryzthov commented May 23, 2018

Anymore feedback on this?

theacodes
theacodes reviewed May 24, 2018
View reviewed changes
google/auth/compute_engine/credentials.py

self._signer = iam.Signer(
request=request,
credentials=Credentials(),

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

theacodes
theacodes suggested changes May 24, 2018
View reviewed changes
Copy link
Contributor

@theacodes theacodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, but needs tests.

kryzthov
kryzthov commented May 29, 2018
View reviewed changes
Copy link
Contributor Author

@kryzthov kryzthov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some unit-tests

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 91da8fe to cb74258 Compare May 29, 2018 23:55
@theacodes theacodes merged commit 67456b4 into googleapis:master May 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@theacodes theacodes theacodes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kryzthov @theacodes