Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signer and IDTokenCredentials implementation using default service account on GCE #236

Merged
merged 3 commits into from
May 31, 2018
Merged

Signer and IDTokenCredentials implementation using default service account on GCE #236

merged 3 commits into from
May 31, 2018

Conversation

kryzthov
Copy link
Contributor

@kryzthov kryzthov commented Jan 19, 2018
edited
Loading

This branch includes:

  • a Signer implementation that relies on the IAM API (signBlob) using the default Credentials
  • a Credentials implementation that provides ID tokens, using the Signer above.

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 2101e9f to 21a9f5b Compare May 16, 2018 20:38
@kryzthov
Add GCE Credentials implementation supplying an ID token.
169497c 
 - Add Signer and IDTokenCredentials implementation

Signed-off-by: Christophe Taton <christophe.taton@gmail.com>
@kryzthov
Copy link
Contributor Author

@theacodes Could you take a look at this? I haven't added any test yet, but I'd like some feedback before spending more time on this.

@theacodes
Copy link
Contributor

Hi @kryzthov - just a heads up that I'm currently OOO until next week but I'll take a quick lookl

@kryzthov
Copy link
Contributor Author

All good! No rush, it's been there for a while, and it's not blocking! Enjoy your time off!

theacodes
theacodes suggested changes May 16, 2018
View reviewed changes
google/auth/compute_engine/credentials.py Outdated
@@ -108,3 +117,163 @@ def service_account_email(self):
def requires_scopes(self):
"""False: Compute Engine credentials can not be scoped."""
return False


class Signer(crypt.Signer):

This comment was marked as spam.

Sign in to view

google/auth/compute_engine/credentials.py
class IDTokenCredentials(credentials.Credentials, credentials.Signing):
"""Open ID Connect ID Token-based service account credentials.

These credentials relies on the default service account of a GCE instance.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@kryzthov
Address comments
1469b34 
 - Reuse google.auth.iam.Signer
 - Expose `request` and `service_account_email`.
@kryzthov
Copy link
Contributor Author

Anymore feedback on this?

theacodes
theacodes reviewed May 24, 2018
View reviewed changes
google/auth/compute_engine/credentials.py

self._signer = iam.Signer(
request=request,
credentials=Credentials(),

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

theacodes
theacodes suggested changes May 24, 2018
View reviewed changes
Copy link
Contributor

@theacodes theacodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, but needs tests.

kryzthov
kryzthov commented May 29, 2018
View reviewed changes
Copy link
Contributor Author

@kryzthov kryzthov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some unit-tests

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 91da8fe to cb74258 Compare May 29, 2018 23:55
@kryzthov
Add unit-tests for GCE ID Token Credentials
c08c93c 
Signed-off-by: Christophe Taton <christophe.taton@gmail.com>
@theacodes theacodes merged commit 67456b4 into googleapis:master May 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theacodes theacodes theacodes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kryzthov @theacodes