Add ImpersonatedCredentials #211

salrashid123 · 2018-11-13T21:59:48Z

Addresses #210

Allow for ImpersonatedCredentials in core auth library set. Instructions to repro or to run system tests:

# Create source identity:
# gcloud iam service-accounts create source-serviceaccount --display-name="Source Identity"
# gcloud iam service-accounts keys  create svc-src.json --iam-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com


# Create target identity
# gcloud iam service-accounts create target-serviceaccount --display-name="Target Identity"

# Allow source to impersonate target
# gcloud iam service-accounts add-iam-policy-binding target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --member='serviceAccount:source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/iam.serviceAccountTokenCreator'

# Add resource ACL to target
# gcloud projects add-iam-policy-binding mineral-minutia-820 --member='serviceAccount:target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/storage.admin'

# Test the app below

# now create a GCE instance of the same source identity.
# comment out the service account section and uncomment the ComputeCredential section (as ADC)
# gcloud compute instances create impersonate-test --service-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --scopes=https://www.googleapis.com/auth/iam
# Upload the source below to GCE and rerun the test

output of unittests ran:

[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.066 s - in com.google.auth.oauth2.ImpersonatedCredentialsTest
``

codecov-io · 2018-11-13T22:09:46Z

Codecov Report

❗ No coverage uploaded for pull request base (master@1b5f8ac). Click here to learn what that means.
The diff coverage is 73.26%.

@@            Coverage Diff            @@
##             master     #211   +/-   ##
=========================================
  Coverage          ?   76.03%           
  Complexity        ?      327           
=========================================
  Files             ?       21           
  Lines             ?     1456           
  Branches          ?      158           
=========================================
  Hits              ?     1107           
  Misses            ?      270           
  Partials          ?       79

Impacted Files	Coverage Δ	Complexity Δ
...om/google/auth/oauth2/ImpersonatedCredentials.java	`73.26% <73.26%> (ø)`	`11 <11> (?)`

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1b5f8ac...9e2ec08. Read the comment docs.

chingor13

Thanks for this!

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

+      this.sourceCredentials = this.sourceCredentials.createScoped(Arrays.asList(CLOUD_PLATFORM_SCOPE));
+      this.sourceCredentials.refresh();
+    }
+    if (this.sourceCredentials.getAccessToken().getExpirationTime().before(new Date())) {


oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

chingor13

Thank you! I can handle any other cleanup separately.

Add impersonatedcredentials

f2a326b

salrashid123 requested a review from a team as a code owner November 13, 2018 21:59

googlebot added the cla: yes This human has signed the Contributor License Agreement. label Nov 13, 2018

chingor13 self-assigned this Nov 13, 2018

chingor13 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 13, 2018

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 13, 2018

chingor13 requested changes Nov 14, 2018

View reviewed changes

chingor13 reviewed Nov 14, 2018

View reviewed changes

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java Outdated Show resolved Hide resolved

chingor13 reviewed Nov 14, 2018

View reviewed changes

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java Outdated Show resolved Hide resolved

constructors->private; handle errors as IOException

e67feae

chingor13 approved these changes Nov 14, 2018

View reviewed changes

Merge branch 'master' into add-impersonated-credentials

9e2ec08

chingor13 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 14, 2018

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 14, 2018

chingor13 merged commit b037146 into googleapis:master Nov 14, 2018

chingor13 mentioned this pull request Nov 14, 2018

Release google-auth-library-java v0.12.0 #213

Merged

salrashid123 deleted the add-impersonated-credentials branch November 15, 2018 04:12

chingor13 mentioned this pull request Dec 19, 2018

Add Support for IAMCredentials based impersonation #210

Closed

jiangtaoli2016 mentioned this pull request Dec 1, 2020

Support ImpersonatedCredentials grpc/grpc#24636

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ImpersonatedCredentials #211

Add ImpersonatedCredentials #211

salrashid123 commented Nov 13, 2018

codecov-io commented Nov 13, 2018 •

edited

chingor13 left a comment

This comment was marked as spam.

This comment was marked as spam.

chingor13 left a comment

Add ImpersonatedCredentials #211

Add ImpersonatedCredentials #211

Conversation

salrashid123 commented Nov 13, 2018

codecov-io commented Nov 13, 2018 • edited

Codecov Report

chingor13 left a comment

Choose a reason for hiding this comment

This comment was marked as spam.

This comment was marked as spam.

chingor13 left a comment

Choose a reason for hiding this comment

codecov-io commented Nov 13, 2018 •

edited