-
Notifications
You must be signed in to change notification settings - Fork 309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add delegate_credentials #299
Conversation
Some comments on the PR (CI seems to be 'stuck' on one test currently) I originally wanted to use authed_session = AuthorizedSession(self._root_credentials)
response = authed_session.post(iam_endpoint,
headers={'Content-Type': 'application/json'},
json=body)
if (response.status_code == 200):
token_response = json.loads(response.content)
self.token = token_response['accessToken']
self.expiry = datetime.datetime.strptime(token_response['expireTime'], '%Y-%m-%dT%H:%M:%SZ')
but hte actual API returns just seconds (i'd expect second resolution for this type of api, actually). I'll file a bug to update the docs; I've taken this into account in the PR From the API response
|
changed the name of the function from ref: |
docs/user-guide.rst
Outdated
client = storage.Client(credentials=root_credentials) | ||
|
||
impersonated_credentials = ImpersonatedCredentials( | ||
root_credentials = root_credentials, |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
Not sure how to squish these to make the linter happy...
|
@salrashid123 I made significant changes, but this is ready to merge. Can you please do a real-world test of the changes before we merge this in? Thank you for all of your work and patience on this! |
sure, for the record, there's the sample real testing done for the initial #!/usr/bin/python
from google.cloud import storage
import google.auth
from google.oauth2 import credentials
from google.oauth2 import service_account
from google.auth import impersonated_credentials
import google.api_core.exceptions
import os, time
# Create source identity:
# gcloud iam service-accounts create source-serviceaccount --display-name="Source Identity"
# gcloud iam service-accounts keys create svc-src.json --iam-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com
# Create target identity
# gcloud iam service-accounts create target-serviceaccount --display-name="Target Identity"
# Allow source to impersonate target
# gcloud iam service-accounts add-iam-policy-binding target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --member='serviceAccount:source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/iam.serviceAccountTokenCreator'
# Add resource ACL to target
# gcloud projects add-iam-policy-binding mineral-minutia-820 --member='serviceAccount:target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/storage.admin'
# Test the app below
# now create a GCE instance of the same source identity.
# comment out the service account section and uncomment the ComputeCredential section (as ADC)
# gcloud compute instances create impersonate-test --service-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --scopes=https://www.googleapis.com/auth/iam
# Upload the source below to GCE and rerun the test
# For service account credentials
svc_account_file = 'svc-src.json'
target_scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
source_credentials = service_account.Credentials.from_service_account_file(
svc_account_file,
scopes=target_scopes)
# For ComputeCredentials
# source_credentials, project = google.auth.default()
try:
client = storage.Client(credentials=source_credentials)
buckets = client.list_buckets(project='mineral-minutia-820')
for bucket in buckets:
print bucket.name
except google.api_core.exceptions.Forbidden:
print ">>>>> Forbidden"
pass
# now try delegation
target_credentials = impersonated_credentials.Credentials(
source_credentials = source_credentials,
target_principal='target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com',
target_scopes = target_scopes,
delegates=[],
lifetime=500)
client = storage.Client(credentials=target_credentials)
buckets = client.list_buckets(project='mineral-minutia-820')
for bucket in buckets:
print bucket.name |
Cool, we should probably try to turn that into a system test at some point, but it's not needed right now. Let me know how testing goes, then we can merge and release. |
@theacodes |
Cool, let's get this merged. |
1617: Scheduled weekly dependency update for week 45 r=peterbe a=pyup-bot ### Update [botocore](https://pypi.org/project/botocore) from **1.12.33** to **1.12.42**. <details> <summary>Changelog</summary> ### 1.12.42 ``` ======= * api-change:``mediapackage``: Update mediapackage client to latest version ``` ### 1.12.41 ``` ======= * api-change:``medialive``: Update medialive client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``events``: Update events client to latest version ``` ### 1.12.40 ``` ======= * api-change:``dms``: Update dms client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``ec2``: Update ec2 client to latest version ``` ### 1.12.39 ``` ======= * api-change:``codebuild``: Update codebuild client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``pinpoint-email``: Update pinpoint-email client to latest version * api-change:``apigateway``: Update apigateway client to latest version * api-change:``waf-regional``: Update waf-regional client to latest version * bugfix:session config: Added the default session configuration tuples back to session.session_vars_map. ``` ### 1.12.38 ``` ======= * api-change:``eks``: Update eks client to latest version * enhancement:Configuration: Added new configuration provider methods allowing for more flexibility in how a botocore session loads a particular configuration value. * api-change:``serverlessrepo``: Update serverlessrepo client to latest version ``` ### 1.12.37 ``` ======= * api-change:``rekognition``: Update rekognition client to latest version * api-change:``clouddirectory``: Update clouddirectory client to latest version ``` ### 1.12.36 ``` ======= * api-change:``servicecatalog``: Update servicecatalog client to latest version * enhancement:Exceptions: Add the ability to pickle botocore exceptions (`834 <https://github.com/boto/botocore/issues/834>`__) ``` ### 1.12.35 ``` ======= * api-change:``mediastore-data``: Update mediastore-data client to latest version * api-change:``secretsmanager``: Update secretsmanager client to latest version * api-change:``greengrass``: Update greengrass client to latest version * api-change:``config``: Update config client to latest version ``` ### 1.12.34 ``` ======= * api-change:``chime``: Update chime client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``dms``: Update dms client to latest version ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/botocore - Changelog: https://pyup.io/changelogs/botocore/ - Repo: https://github.com/boto/botocore </details> ### Update [future](https://pypi.org/project/future) from **0.17.0** to **0.17.1**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/future - Changelog: https://pyup.io/changelogs/future/ - Homepage: https://python-future.org - Docs: https://pythonhosted.org/future/ </details> ### Update [MarkupSafe](https://pypi.org/project/MarkupSafe) from **1.0** to **1.1.0**. <details> <summary>Changelog</summary> ### 1.1.0 ``` ------------- Released 2018-11-05 - Drop support for Python 2.6 and 3.3. - Build wheels for Linux, Mac, and Windows, allowing systems without a compiler to take advantage of the C extension speedups. (`104`_) - Use newer CPython API on Python 3, resulting in a 1.5x speedup. (`64`_) - ``escape`` wraps ``__html__`` result in ``Markup``, consistent with documented behavior. (`69`_) .. _64: pallets/markupsafe#64 .. _69: pallets/markupsafe#69 .. _104: pallets/markupsafe#104 ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/markupsafe - Changelog: https://pyup.io/changelogs/markupsafe/ - Homepage: https://www.palletsprojects.com/p/markupsafe/ </details> ### Update [urllib3](https://pypi.org/project/urllib3) from **1.24** to **1.24.1**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/urllib3 - Changelog: https://pyup.io/changelogs/urllib3/ - Docs: https://urllib3.readthedocs.io/ </details> ### Update [pyparsing](https://pypi.org/project/pyparsing) from **2.2.2** to **2.3.0**. <details> <summary>Changelog</summary> ### 2.3.0 ``` ----------------------------- - NEW SUPPORT FOR UNICODE CHARACTER RANGES This release introduces the pyparsing_unicode namespace class, defining a series of language character sets to simplify the definition of alphas, nums, alphanums, and printables in the following language sets: . Arabic . Chinese . Cyrillic . Devanagari . Greek . Hebrew . Japanese (including Kanji, Katakana, and Hirigana subsets) . Korean . Latin1 (includes 7 and 8-bit Latin characters) . Thai . CJK (combination of Chinese, Japanese, and Korean sets) For example, your code can define words using: korean_word = Word(pyparsing_unicode.Korean.alphas) See their use in the updated examples greetingInGreek.py and greetingInKorean.py. This namespace class also offers access to these sets using their unicode identifiers. - POSSIBLE API CHANGE: Fixed bug where a parse action that explicitly returned the input ParseResults could add another nesting level in the results if the current expression had a results name. vals = pp.OneOrMore(pp.pyparsing_common.integer)("int_values") def add_total(tokens): tokens['total'] = sum(tokens) return tokens this line can be removed vals.addParseAction(add_total) print(vals.parseString("244 23 13 2343").dump()) Before the fix, this code would print (note the extra nesting level): [244, 23, 13, 2343] - int_values: [244, 23, 13, 2343] - int_values: [244, 23, 13, 2343] - total: 2623 - total: 2623 With the fix, this code now prints: [244, 23, 13, 2343] - int_values: [244, 23, 13, 2343] - total: 2623 This fix will change the structure of ParseResults returned if a program defines a parse action that returns the tokens that were sent in. This is not necessary, and statements like "return tokens" in the example above can be safely deleted prior to upgrading to this release, in order to avoid the bug and get the new behavior. Reported by seron in Issue 22, nice catch! - POSSIBLE API CHANGE: Fixed a related bug where a results name erroneously created a second level of hierarchy in the returned ParseResults. The intent for accumulating results names into ParseResults is that, in the absence of Group'ing, all names get merged into a common namespace. This allows us to write: key_value_expr = (Word(alphas)("key") + '=' + Word(nums)("value")) result = key_value_expr.parseString("a = 100") and have result structured as {"key": "a", "value": "100"} instead of [{"key": "a"}, {"value": "100"}]. However, if a named expression is used in a higher-level non-Group expression that *also* has a name, a false sub-level would be created in the namespace: num = pp.Word(pp.nums) num_pair = ("[" + (num("A") + num("B"))("values") + "]") U = num_pair.parseString("[ 10 20 ]") print(U.dump()) Since there is no grouping, "A", "B", and "values" should all appear at the same level in the results, as: ['[', '10', '20', ']'] - A: '10' - B: '20' - values: ['10', '20'] Instead, an extra level of "A" and "B" show up under "values": ['[', '10', '20', ']'] - A: '10' - B: '20' - values: ['10', '20'] - A: '10' - B: '20' This bug has been fixed. Now, if this hierarchy is desired, then a Group should be added: num_pair = ("[" + pp.Group(num("A") + num("B"))("values") + "]") Giving: ['[', ['10', '20'], ']'] - values: ['10', '20'] - A: '10' - B: '20' But in no case should "A" and "B" appear in multiple levels. This bug-fix fixes that. If you have current code which relies on this behavior, then add or remove Groups as necessary to get your intended results structure. Reported by Athanasios Anastasiou. - IndexError's raised in parse actions will get explicitly reraised as ParseExceptions that wrap the original IndexError. Since IndexError sometimes occurs as part of pyparsing's normal parsing logic, IndexErrors that are raised during a parse action may have gotten silently reinterpreted as parsing errors. To retain the information from the IndexError, these exceptions will now be raised as ParseExceptions that reference the original IndexError. This wrapping will only be visible when run under Python3, since it emulates "raise ... from ..." syntax. Addresses Issue 4, reported by guswns0528. - Added Char class to simplify defining expressions of a single character. (Char("abc") is equivalent to Word("abc", exact=1)) - Added class PrecededBy to perform lookbehind tests. PrecededBy is used in the same way as FollowedBy, passing in an expression that must occur just prior to the current parse location. For fixed-length expressions like a Literal, Keyword, Char, or a Word with an `exact` or `maxLen` length given, `PrecededBy(expr)` is sufficient. For varying length expressions like a Word with no given maximum length, `PrecededBy` must be constructed with an integer `retreat` argument, as in `PrecededBy(Word(alphas, nums), retreat=10)`, to specify the maximum number of characters pyparsing must look backward to make a match. pyparsing will check all the values from 1 up to retreat characters back from the current parse location. When stepping backwards through the input string, PrecededBy does *not* skip over whitespace. PrecededBy can be created with a results name so that, even though it always returns an empty parse result, the result *can* include named results. Idea first suggested in Issue 30 by Freakwill. - Updated FollowedBy to accept expressions that contain named results, so that results names defined in the lookahead expression will be returned, even though FollowedBy always returns an empty list. Inspired by the same feature implemented in PrecededBy. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pyparsing - Changelog: https://pyup.io/changelogs/pyparsing/ - Repo: https://github.com/pyparsing/pyparsing/ - Docs: https://pythonhosted.org/pyparsing/ </details> ### Update [google-api-core](https://pypi.org/project/google-api-core) from **1.5.0** to **1.5.2**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/google-api-core - Repo: https://github.com/GoogleCloudPlatform/google-cloud-python </details> ### Update [google-auth](https://pypi.org/project/google-auth) from **1.5.1** to **1.6.0**. <details> <summary>Changelog</summary> ### 1.6.0 ``` ------ 11-09-2018 11:07 PST New Features ++++++++++++ - Add google.auth.impersonated_credentials ([299](googleapis/google-auth-library-python#299)) Documentation +++++++++++++ - Update link to documentation for default credentials ([296](googleapis/google-auth-library-python#296)) - Update github issue templates ([300](googleapis/google-auth-library-python#300)) - Remove punctuation which becomes part of the url ([284](googleapis/google-auth-library-python#284)) Internal / Testing Changes ++++++++++++++++++++++++++ - Update trampoline.sh ([302](googleapis/google-auth-library-python#302)) - Enable static type checking with pytype ([298](googleapis/google-auth-library-python#298)) - Make classifiers in setup.py an array. ([280](googleapis/google-auth-library-python#280)) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/google-auth - Changelog: https://pyup.io/changelogs/google-auth/ - Repo: https://github.com/GoogleCloudPlatform/google-auth-library-python </details> ### Update [googleapis-common-protos](https://pypi.org/project/googleapis-common-protos) from **1.5.3** to **1.5.5**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/googleapis-common-protos - Repo: https://github.com/googleapis/googleapis </details> ### Update [cachetools](https://pypi.org/project/cachetools) from **2.1.0** to **3.0.0**. <details> <summary>Changelog</summary> ### 3.0.0 ``` ------------------- - Officially support Python 3.7. - Drop Python 3.3 support (breaking change). - Remove ``missing`` cache constructor parameter (breaking change). - Remove ``self`` from ``cachedmethod`` key arguments (breaking change). - Add support for ``maxsize=None`` in ``cachetools.func`` decorators. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/cachetools - Changelog: https://pyup.io/changelogs/cachetools/ - Repo: https://github.com/tkem/cachetools </details> ### Update [boto3](https://pypi.org/project/boto3) from **1.9.33** to **1.9.42**. <details> <summary>Changelog</summary> ### 1.9.42 ``` ====== * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version ``` ### 1.9.41 ``` ====== * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``events``: [``botocore``] Update events client to latest version ``` ### 1.9.40 ``` ====== * api-change:``dms``: [``botocore``] Update dms client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version ``` ### 1.9.39 ``` ====== * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version * api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version * bugfix:session config: [``botocore``] Added the default session configuration tuples back to session.session_vars_map. ``` ### 1.9.38 ``` ====== * api-change:``eks``: [``botocore``] Update eks client to latest version * enhancement:Configuration: [``botocore``] Added new configuration provider methods allowing for more flexibility in how a botocore session loads a particular configuration value. * api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version ``` ### 1.9.37 ``` ====== * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version * api-change:``clouddirectory``: [``botocore``] Update clouddirectory client to latest version ``` ### 1.9.36 ``` ====== * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version * enhancement:Exceptions: [``botocore``] Add the ability to pickle botocore exceptions (`834 <https://github.com/boto/botocore/issues/834>`__) ``` ### 1.9.35 ``` ====== * api-change:``mediastore-data``: [``botocore``] Update mediastore-data client to latest version * api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version * api-change:``config``: [``botocore``] Update config client to latest version ``` ### 1.9.34 ``` ====== * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/boto3 - Changelog: https://pyup.io/changelogs/boto3/ - Repo: https://github.com/boto/boto3 </details> ### Update [psycopg2](https://pypi.org/project/psycopg2) from **2.7.5** to **2.7.6.1**. <details> <summary>Changelog</summary> ### 2.7.6 ``` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Close named cursors if exist, even if `~cursor.execute()` wasn't called (:ticket:`746`). - Fixed building on modern FreeBSD versions with Python 3.7 (:ticket:`755`). - Fixed hang trying to :sql:`COPY` via `~cursor.execute()` in asynchronous connections (:ticket:`781`). - Fixed adaptation of arrays of empty arrays (:ticket:`788`). - Fixed segfault accessing the connection's `~connection.readonly` and `~connection.deferrable` attributes repeatedly (:ticket:`790`). - `~psycopg2.extras.execute_values()` accepts `~psycopg2.sql.Composable` objects (:ticket:`794`). - `~psycopg2.errorcodes` map updated to PostgreSQL 11. - Wheel package compiled against PostgreSQL 10.5 libpq and OpenSSL 1.0.2p. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/psycopg2 - Changelog: https://pyup.io/changelogs/psycopg2/ - Homepage: http://initd.org/psycopg/ </details> ### Update [pytest](https://pypi.org/project/pytest) from **3.9.3** to **3.10.1**. <details> <summary>Changelog</summary> ### 3.10.1 ``` ========================== Bug Fixes --------- - `4287 <https://github.com/pytest-dev/pytest/issues/4287>`_: Fix nested usage of debugging plugin (pdb), e.g. with pytester's ``testdir.runpytest``. - `4304 <https://github.com/pytest-dev/pytest/issues/4304>`_: Block the ``stepwise`` plugin if ``cacheprovider`` is also blocked, as one depends on the other. - `4306 <https://github.com/pytest-dev/pytest/issues/4306>`_: Parse ``minversion`` as an actual version and not as dot-separated strings. - `4310 <https://github.com/pytest-dev/pytest/issues/4310>`_: Fix duplicate collection due to multiple args matching the same packages. - `4321 <https://github.com/pytest-dev/pytest/issues/4321>`_: Fix ``item.nodeid`` with resolved symlinks. - `4325 <https://github.com/pytest-dev/pytest/issues/4325>`_: Fix collection of direct symlinked files, where the target does not match ``python_files``. - `4329 <https://github.com/pytest-dev/pytest/issues/4329>`_: Fix TypeError in report_collect with _collect_report_last_write. Trivial/Internal Changes ------------------------ - `4305 <https://github.com/pytest-dev/pytest/issues/4305>`_: Replace byte/unicode helpers in test_capture with python level syntax. ``` ### 3.10.0 ``` ========================== Features -------- - `2619 <https://github.com/pytest-dev/pytest/issues/2619>`_: Resume capturing output after ``continue`` with ``__import__("pdb").set_trace()``. This also adds a new ``pytest_leave_pdb`` hook, and passes in ``pdb`` to the existing ``pytest_enter_pdb`` hook. - `4147 <https://github.com/pytest-dev/pytest/issues/4147>`_: Add ``--sw``, ``--stepwise`` as an alternative to ``--lf -x`` for stopping at the first failure, but starting the next test invocation from that test. See `the documentation <https://docs.pytest.org/en/latest/cache.htmlstepwise>`__ for more info. - `4188 <https://github.com/pytest-dev/pytest/issues/4188>`_: Make ``--color`` emit colorful dots when not running in verbose mode. Earlier, it would only colorize the test-by-test output if ``--verbose`` was also passed. - `4225 <https://github.com/pytest-dev/pytest/issues/4225>`_: Improve performance with collection reporting in non-quiet mode with terminals. The "collecting …" message is only printed/updated every 0.5s. Bug Fixes --------- - `2701 <https://github.com/pytest-dev/pytest/issues/2701>`_: Fix false ``RemovedInPytest4Warning: usage of Session... is deprecated, please use pytest`` warnings. - `4046 <https://github.com/pytest-dev/pytest/issues/4046>`_: Fix problems with running tests in package ``__init__.py`` files. - `4260 <https://github.com/pytest-dev/pytest/issues/4260>`_: Swallow warnings during anonymous compilation of source. - `4262 <https://github.com/pytest-dev/pytest/issues/4262>`_: Fix access denied error when deleting stale directories created by ``tmpdir`` / ``tmp_path``. - `611 <https://github.com/pytest-dev/pytest/issues/611>`_: Naming a fixture ``request`` will now raise a warning: the ``request`` fixture is internal and should not be overwritten as it will lead to internal errors. - `4266 <https://github.com/pytest-dev/pytest/issues/4266>`_: Handle (ignore) exceptions raised during collection, e.g. with Django's LazySettings proxy class. Improved Documentation ---------------------- - `4255 <https://github.com/pytest-dev/pytest/issues/4255>`_: Added missing documentation about the fact that module names passed to filter warnings are not regex-escaped. Trivial/Internal Changes ------------------------ - `4272 <https://github.com/pytest-dev/pytest/issues/4272>`_: Display cachedir also in non-verbose mode if non-default. - `4277 <https://github.com/pytest-dev/pytest/issues/4277>`_: pdb: improve message about output capturing with ``set_trace``. Do not display "IO-capturing turned off/on" when ``-s`` is used to avoid confusion. - `4279 <https://github.com/pytest-dev/pytest/issues/4279>`_: Improve message and stack level of warnings issued by ``monkeypatch.setenv`` when the value of the environment variable is not a ``str``. ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest - Changelog: https://pyup.io/changelogs/pytest/ - Homepage: https://docs.pytest.org/en/latest/ </details> ### Update [pytest-testrail](https://pypi.org/project/pytest-testrail) from **2.3.0** to **2.3.1**. <details> <summary>Changelog</summary> </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest-testrail - Changelog: https://pyup.io/changelogs/pytest-testrail/ - Repo: http://github.com/allankp/pytest-testrail/ </details> ### Update [requests](https://pypi.org/project/requests) from **2.20.0** to **2.20.1**. <details> <summary>Changelog</summary> ### 2.20.1 ``` ------------------- **Bugfixes** - Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/requests - Changelog: https://pyup.io/changelogs/requests/ - Homepage: http://python-requests.org </details> ### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.8.1** to **1.8.2**. <details> <summary>Changelog</summary> ### 1.8.2 ``` ===================================== Incompatible changes -------------------- * 5497: Do not include MathJax.js and jsmath.js unless it is really needed Features added -------------- * 5471: Show appropriate deprecation warnings Bugs fixed ---------- * 5490: latex: enumerated list causes a crash with recommonmark * 5492: sphinx-build fails to build docs w/ Python < 3.5.2 * 3704: latex: wrong ``\label`` positioning for figures with a legend * 5496: C++, fix assertion when a symbol is declared more than twice. * 5493: gettext: crashed with broken template * 5495: csv-table directive with file option in included file is broken (refs: 4821) * 5498: autodoc: unable to find type hints for a ``functools.partial`` * 5480: autodoc: unable to find type hints for unresolvable Forward references * 5419: incompatible math_block node has been generated * 5548: Fix ensuredir() in case of pre-existing file * 5549: graphviz Correctly deal with non-existing static dir * 3002: i18n: multiple footnote_references referring same footnote causes duplicated node_ids * 5563: latex: footnote_references generated by extension causes LaTeX builder crashed * 5561: make all-pdf fails with old xindy version * 5557: quickstart: --no-batchfile isn't honored * 3080: texinfo: multiline rubrics are broken * 3080: texinfo: multiline citations are broken ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/sphinx - Changelog: https://pyup.io/changelogs/sphinx/ - Homepage: http://sphinx-doc.org/ </details> Co-authored-by: pyup-bot <[email protected]>
This PR contains the following updates: | Package | Update | Change | References | |---|---|---|---| | google-auth | minor | `==1.5.1` -> `==1.6.1` | [source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python) | --- ### Release Notes <details> <summary>GoogleCloudPlatform/google-auth-library-python</summary> ### [`v1.6.1`](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/blob/master/CHANGELOG.rst#v161) [Compare Source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/compare/v1.6.0...v1.6.1) 11-12-2018 10:10 PST Implementation Changes \++++++++++++++++++++++ - Automatically refresh impersonated credentials (`#​304 <https://github.com/googleapis/google-auth-library-python/pull/304>`\_) ### [`v1.6.0`](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/blob/master/CHANGELOG.rst#v160) [Compare Source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/compare/v1.5.1...v1.6.0) 11-09-2018 11:07 PST New Features \++++++++++++ - Add google.auth.impersonated_credentials (`#​299 <https://github.com/googleapis/google-auth-library-python/pull/299>`_) Documentation \+++++++++++++ - Update link to documentation for default credentials (`#​296 <https://github.com/googleapis/google-auth-library-python/pull/296>`\_) - Update github issue templates (`#​300 <https://github.com/googleapis/google-auth-library-python/pull/300>`\_) - Remove punctuation which becomes part of the url (`#​284 <https://github.com/googleapis/google-auth-library-python/pull/284>`\_) Internal / Testing Changes \++++++++++++++++++++++++++ - Update trampoline.sh (`#​302 <https://github.com/googleapis/google-auth-library-python/pull/302>`\_) - Enable static type checking with pytype (`#​298 <https://github.com/googleapis/google-auth-library-python/pull/298>`\_) - Make classifiers in setup.py an array. (`#​280 <https://github.com/googleapis/google-auth-library-python/pull/280>`\_) </details> --- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Whenever PR becomes conflicted, or if you modify the PR title to begin with "`rebase!`". :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://renovatebot.com/gh/marketplace/renovate). View repository job log [here](https://renovatebot.com/dashboard#mesosphere/dcos-commons).
Delegate Credentials is basically a way for a user or (more common) service account to impersonate another service account.
Ref:
I've verified the sample with service_account, user_credentials and with GCE metadata server.
sample usage
For https://github.com/googleapis/google-cloud-common/issues/266
/comments off