Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: allow set lifetime for service account creds #516

Merged
merged 12 commits into from Jan 12, 2021
Merged

Conversation

arithmetic1728
Copy link
Collaborator

@arithmetic1728 arithmetic1728 commented Dec 10, 2020

Fixes #474 for service account credentials.

For self-signed JWT, this doc explains the constraints on exp claim in the assertion.

The exp (expiration time) claim must be no more than 12 hours in the future. 
If you are calling a Google API, the exp claim must be set no more than 1 hour in the future.

This PR removes the hard-coded 1 hour lifetime, allows users to provide a custom lifetime up to 12 hours.

@google-cla google-cla bot added the cla: yes label Dec 10, 2020
@codecov
Copy link

@codecov codecov bot commented Dec 10, 2020

Codecov Report

Merging #516 (6ed887a) into master (af21727) will increase coverage by 0.08%.
The diff coverage is 88.23%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #516      +/-   ##
============================================
+ Coverage     80.05%   80.13%   +0.08%     
- Complexity      421      424       +3     
============================================
  Files            28       28              
  Lines          1965     1978      +13     
  Branches        209      212       +3     
============================================
+ Hits           1573     1585      +12     
  Misses          283      283              
- Partials        109      110       +1     
Impacted Files Coverage Δ Complexity Δ
.../google/auth/oauth2/ServiceAccountCredentials.java 82.94% <88.23%> (+0.49%) 52.00 <6.00> (+3.00)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af21727...6ed887a. Read the comment docs.

@arithmetic1728
Copy link
Collaborator Author

@arithmetic1728 arithmetic1728 commented Dec 10, 2020

The format / format-code failure is not related to this PR.

@arithmetic1728 arithmetic1728 marked this pull request as ready for review Dec 10, 2020
@arithmetic1728 arithmetic1728 requested a review from as a code owner Dec 10, 2020
@arithmetic1728 arithmetic1728 requested a review from silvolu Dec 10, 2020
@arithmetic1728 arithmetic1728 requested a review from chingor13 Dec 14, 2020
@arithmetic1728
Copy link
Collaborator Author

@arithmetic1728 arithmetic1728 commented Dec 16, 2020

Just did a new commit to use the default lifetime (3600) if lifetime is set to 0.

@chingor13 chingor13 merged commit 427f2d5 into master Jan 12, 2021
14 checks passed
@chingor13 chingor13 deleted the lifespan_srv branch Jan 12, 2021
gcf-merge-on-green bot pushed a commit that referenced this issue Jan 26, 2021
🤖 I have created a release \*beep\* \*boop\* 
---
## [0.23.0](https://www.github.com/googleapis/google-auth-library-java/compare/v0.22.2...v0.23.0) (2021-01-26)


###  BREAKING CHANGES

* privatize deprecated constructor (#473)

### Features

* allow custom lifespan for impersonated creds ([#515](https://www.github.com/googleapis/google-auth-library-java/issues/515)) ([0707ed4](https://www.github.com/googleapis/google-auth-library-java/commit/0707ed4bbb40fb775f196004ee30f8c695fe662b))
* allow custom scopes for compute engine creds ([#514](https://www.github.com/googleapis/google-auth-library-java/issues/514)) ([edc8d6e](https://www.github.com/googleapis/google-auth-library-java/commit/edc8d6e0e7ca2c6749d026ba42854a09c4879fd6))
* allow set lifetime for service account creds ([#516](https://www.github.com/googleapis/google-auth-library-java/issues/516)) ([427f2d5](https://www.github.com/googleapis/google-auth-library-java/commit/427f2d5610f0e8184a21b24531d2549a68c0b546))
* promote IdToken and JWT features ([#538](https://www.github.com/googleapis/google-auth-library-java/issues/538)) ([b514fe0](https://www.github.com/googleapis/google-auth-library-java/commit/b514fe0cebe5a294e0cf97b7b5349e6a523dc7b2))


### Bug Fixes

* per google style, logger is lower case ([#529](https://www.github.com/googleapis/google-auth-library-java/issues/529)) ([ecfc6a2](https://www.github.com/googleapis/google-auth-library-java/commit/ecfc6a2ea6060e06629b5d422b23b842b917f55e))
* privatize deprecated constructor ([#473](https://www.github.com/googleapis/google-auth-library-java/issues/473)) ([5804ff0](https://www.github.com/googleapis/google-auth-library-java/commit/5804ff03a531268831ac797ab262638a3119c14f))
* remove deprecated methods ([#537](https://www.github.com/googleapis/google-auth-library-java/issues/537)) ([427963e](https://www.github.com/googleapis/google-auth-library-java/commit/427963e04702d8b73eca5ed555539b11bbe97342))
* replace non-precondition use of Preconditions ([#539](https://www.github.com/googleapis/google-auth-library-java/issues/539)) ([f2ab4f1](https://www.github.com/googleapis/google-auth-library-java/commit/f2ab4f14262d54de0fde85494cfd92cf01a30cbe))
* switch to GSON ([#531](https://www.github.com/googleapis/google-auth-library-java/issues/531)) ([1b98d5c](https://www.github.com/googleapis/google-auth-library-java/commit/1b98d5c86fc5e56187c977e7f43c39bb62483d40))
* use default timeout if given 0 for ImpersonatedCredentials ([#527](https://www.github.com/googleapis/google-auth-library-java/issues/527)) ([ec74870](https://www.github.com/googleapis/google-auth-library-java/commit/ec74870c372a33d4157b45bb5d59ad7464fb2238))


### Dependencies

* update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 ([#422](https://www.github.com/googleapis/google-auth-library-java/issues/422)) ([b262c45](https://www.github.com/googleapis/google-auth-library-java/commit/b262c4587b058e6837429ee05f1b6a63620ee598))
* update dependency com.google.guava:guava to v30.1-android ([#522](https://www.github.com/googleapis/google-auth-library-java/issues/522)) ([4090d1c](https://www.github.com/googleapis/google-auth-library-java/commit/4090d1cb50041bceb1cd975d1a9249a412df936f))


### Documentation

* fix wording in jwtWithClaims Javadoc ([#536](https://www.github.com/googleapis/google-auth-library-java/issues/536)) ([af21727](https://www.github.com/googleapis/google-auth-library-java/commit/af21727815263fb5ffc07ede953cf042fac3ac2b))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants