Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gcp-common/IAM Credentials API usage #108

Merged
merged 14 commits into from Apr 28, 2021
Merged

Update gcp-common/IAM Credentials API usage #108

merged 14 commits into from Apr 28, 2021

Conversation

catsby
Copy link
Member

@catsby catsby commented Apr 22, 2021
edited

Overview

Updates how we sign JWTs, to use supported methods and move away from deprecated methods. The SignJWT method in the IAM library we're using is deprecated. The migration guide says to move the the IAM Service Account Credentials API for that method instead. The other methods we use in the IAM library appear to be continued to be supported.

Updates to:

Related Issues/Pull Requests

Contributor Checklist

[x] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)

Tests:

[vault-plugin-auth-gcp][jwt-lib-update](4)$ make test-acc TEST=./... TESTARGS="-v -count=1"
?       github.com/hashicorp/vault-plugin-auth-gcp      [no test files]
=== RUN   TestAuthorizeGCE
=== PAUSE TestAuthorizeGCE
=== RUN   TestGetIAMAlias
=== RUN   TestGetIAMAlias/invalid_type
=== RUN   TestGetIAMAlias/empty_type_goes_to_default
=== RUN   TestGetIAMAlias/default_type
=== RUN   TestGetIAMAlias/unique_id
--- PASS: TestGetIAMAlias (0.00s)
    --- PASS: TestGetIAMAlias/invalid_type (0.00s)
    --- PASS: TestGetIAMAlias/empty_type_goes_to_default (0.00s)
    --- PASS: TestGetIAMAlias/default_type (0.00s)
    --- PASS: TestGetIAMAlias/unique_id (0.00s)
=== RUN   TestGetGCEAlias
=== RUN   TestGetGCEAlias/invalid_type
=== RUN   TestGetGCEAlias/empty_type_goes_to_default
=== RUN   TestGetGCEAlias/default_type
=== RUN   TestGetGCEAlias/instance_id
--- PASS: TestGetGCEAlias (0.00s)
    --- PASS: TestGetGCEAlias/invalid_type (0.00s)
    --- PASS: TestGetGCEAlias/empty_type_goes_to_default (0.00s)
    --- PASS: TestGetGCEAlias/default_type (0.00s)
    --- PASS: TestGetGCEAlias/instance_id (0.00s)
=== RUN   TestZoneToRegion
=== PAUSE TestZoneToRegion
=== RUN   TestZoneFromSelfLink
=== PAUSE TestZoneFromSelfLink
=== RUN   TestBackend_PathConfigRead
=== PAUSE TestBackend_PathConfigRead
=== RUN   TestBackend_PathConfigWrite
=== PAUSE TestBackend_PathConfigWrite
=== RUN   TestConfig_Update
=== PAUSE TestConfig_Update
=== RUN   TestLogin_IAM
=== PAUSE TestLogin_IAM
=== RUN   TestRoleUpdateIam
=== PAUSE TestRoleUpdateIam
=== RUN   TestRoleIam_Wildcard
=== PAUSE TestRoleIam_Wildcard
=== RUN   TestRoleIam_EditServiceAccounts
=== PAUSE TestRoleIam_EditServiceAccounts
=== RUN   TestRoleIam_MissingRequiredArgs
=== PAUSE TestRoleIam_MissingRequiredArgs
=== RUN   TestRoleIam_HasGceArgs
=== PAUSE TestRoleIam_HasGceArgs
=== RUN   TestRoleGce
=== PAUSE TestRoleGce
=== RUN   TestRoleGce_EditLabels
=== PAUSE TestRoleGce_EditLabels
=== RUN   TestRoleGce_DeprecatedFields
=== PAUSE TestRoleGce_DeprecatedFields
=== RUN   TestRole_MissingRequiredArgs
=== PAUSE TestRole_MissingRequiredArgs
=== RUN   TestRole_InvalidRoleType
--- PASS: TestRole_InvalidRoleType (0.00s)
=== RUN   TestRetrieveRole
=== RUN   TestRetrieveRole/TokenPeriod_upgrade
=== RUN   TestRetrieveRole/TokenPolicies_upgrade
=== RUN   TestRetrieveRole/not_found
=== RUN   TestRetrieveRole/bad_data
=== RUN   TestRetrieveRole/boundRegion_upgrade
=== RUN   TestRetrieveRole/TTL_upgrade
=== RUN   TestRetrieveRole/MaxTTL_upgrade
=== RUN   TestRetrieveRole/storage_error
=== RUN   TestRetrieveRole/projectID_upgrade
=== RUN   TestRetrieveRole/boundZone_upgrade
=== RUN   TestRetrieveRole/boundInstanceGroup_upgrade
=== RUN   TestRetrieveRole/storage_put_error
=== RUN   TestRetrieveRole/roleID_is_generated_when_one_does_not_exist
--- PASS: TestRetrieveRole (0.00s)
    --- PASS: TestRetrieveRole/TokenPeriod_upgrade (0.00s)
    --- PASS: TestRetrieveRole/TokenPolicies_upgrade (0.00s)
    --- PASS: TestRetrieveRole/not_found (0.00s)
    --- PASS: TestRetrieveRole/bad_data (0.00s)
    --- PASS: TestRetrieveRole/boundRegion_upgrade (0.00s)
    --- PASS: TestRetrieveRole/TTL_upgrade (0.00s)
    --- PASS: TestRetrieveRole/MaxTTL_upgrade (0.00s)
    --- PASS: TestRetrieveRole/storage_error (0.00s)
    --- PASS: TestRetrieveRole/projectID_upgrade (0.00s)
    --- PASS: TestRetrieveRole/boundZone_upgrade (0.00s)
    --- PASS: TestRetrieveRole/boundInstanceGroup_upgrade (0.00s)
    --- PASS: TestRetrieveRole/storage_put_error (0.00s)
    --- PASS: TestRetrieveRole/roleID_is_generated_when_one_does_not_exist (0.00s)
=== CONT  TestAuthorizeGCE
=== RUN   TestAuthorizeGCE/labels_no_match_key
=== PAUSE TestAuthorizeGCE/labels_no_match_key
=== CONT  TestRoleGce
=== CONT  TestRoleIam_HasGceArgs
=== CONT  TestRoleIam_MissingRequiredArgs
=== RUN   TestAuthorizeGCE/labels_no_match_value
=== PAUSE TestAuthorizeGCE/labels_no_match_value
=== RUN   TestAuthorizeGCE/zone_as_self_link_exists
=== PAUSE TestAuthorizeGCE/zone_as_self_link_exists
=== CONT  TestRole_MissingRequiredArgs
--- PASS: TestRoleIam_HasGceArgs (0.00s)
=== CONT  TestRoleGce_DeprecatedFields
=== RUN   TestRoleGce_DeprecatedFields/deprecated_fields_upgraded
=== PAUSE TestRoleGce_DeprecatedFields/deprecated_fields_upgraded
=== RUN   TestRoleGce_DeprecatedFields/existing_storage_upgraded
=== PAUSE TestRoleGce_DeprecatedFields/existing_storage_upgraded
=== CONT  TestRoleGce_DeprecatedFields/deprecated_fields_upgraded
=== CONT  TestRoleGce_EditLabels
--- PASS: TestRoleIam_MissingRequiredArgs (0.00s)
=== CONT  TestRoleGce_DeprecatedFields/existing_storage_upgraded
=== CONT  TestRoleIam_Wildcard
=== CONT  TestRoleUpdateIam
=== CONT  TestLogin_IAM
=== CONT  TestConfig_Update
=== CONT  TestBackend_PathConfigWrite
=== RUN   TestConfig_Update/empty
=== PAUSE TestConfig_Update/empty
=== RUN   TestBackend_PathConfigWrite/field_validation
=== RUN   TestConfig_Update/keeps_existing
=== PAUSE TestBackend_PathConfigWrite/field_validation
=== PAUSE TestConfig_Update/keeps_existing
=== RUN   TestBackend_PathConfigWrite/not_exist
=== RUN   TestConfig_Update/overwrites_changes
=== PAUSE TestBackend_PathConfigWrite/not_exist
=== RUN   TestBackend_PathConfigWrite/exist
=== PAUSE TestConfig_Update/overwrites_changes
=== PAUSE TestBackend_PathConfigWrite/exist
=== CONT  TestBackend_PathConfigWrite/field_validation
=== RUN   TestConfig_Update/overwrites_and_new
=== CONT  TestBackend_PathConfigWrite/exist
=== PAUSE TestConfig_Update/overwrites_and_new
=== CONT  TestConfig_Update/empty
=== CONT  TestRoleIam_EditServiceAccounts
=== CONT  TestConfig_Update/overwrites_and_new
=== CONT  TestConfig_Update/overwrites_changes
=== CONT  TestConfig_Update/keeps_existing
=== CONT  TestBackend_PathConfigWrite/not_exist
=== RUN   TestAuthorizeGCE/zone_as_name_exists
=== PAUSE TestAuthorizeGCE/zone_as_name_exists
--- PASS: TestRoleGce_DeprecatedFields (0.00s)
    --- PASS: TestRoleGce_DeprecatedFields/deprecated_fields_upgraded (0.00s)
    --- PASS: TestRoleGce_DeprecatedFields/existing_storage_upgraded (0.00s)
=== RUN   TestAuthorizeGCE/zone_as_self_link_no_exists
=== CONT  TestBackend_PathConfigRead
=== RUN   TestBackend_PathConfigRead/field_validation
=== PAUSE TestBackend_PathConfigRead/field_validation
=== RUN   TestBackend_PathConfigRead/not_exist
=== PAUSE TestBackend_PathConfigRead/not_exist
=== RUN   TestBackend_PathConfigRead/exist
=== PAUSE TestBackend_PathConfigRead/exist
=== CONT  TestBackend_PathConfigRead/field_validation
=== CONT  TestBackend_PathConfigRead/exist
=== CONT  TestBackend_PathConfigRead/not_exist
--- PASS: TestRole_MissingRequiredArgs (0.00s)
--- PASS: TestRoleGce (0.00s)
--- PASS: TestRoleGce_EditLabels (0.00s)
--- PASS: TestRoleIam_Wildcard (0.00s)
=== CONT  TestZoneToRegion
--- PASS: TestConfig_Update (0.00s)
    --- PASS: TestConfig_Update/empty (0.00s)
    --- PASS: TestConfig_Update/overwrites_and_new (0.00s)
    --- PASS: TestConfig_Update/overwrites_changes (0.00s)
    --- PASS: TestConfig_Update/keeps_existing (0.00s)
=== RUN   TestZoneToRegion/0_us-central1-a_to_us-central1
=== PAUSE TestZoneToRegion/0_us-central1-a_to_us-central1
--- PASS: TestRoleUpdateIam (0.00s)
=== RUN   TestZoneToRegion/1_northamerica-northeast1-c_to_northamerica-northeast1
=== CONT  TestZoneFromSelfLink
=== PAUSE TestZoneToRegion/1_northamerica-northeast1-c_to_northamerica-northeast1
--- PASS: TestBackend_PathConfigWrite (0.00s)
    --- PASS: TestBackend_PathConfigWrite/field_validation (0.00s)
    --- PASS: TestBackend_PathConfigWrite/exist (0.00s)
    --- PASS: TestBackend_PathConfigWrite/not_exist (0.00s)
=== RUN   TestZoneToRegion/2_europe-west3-c_to_europe-west3
=== PAUSE TestZoneToRegion/2_europe-west3-c_to_europe-west3
=== RUN   TestZoneFromSelfLink/0
=== RUN   TestZoneToRegion/3_us_err
=== PAUSE TestZoneToRegion/3_us_err
=== PAUSE TestZoneFromSelfLink/0
=== RUN   TestZoneToRegion/4__err
=== PAUSE TestZoneToRegion/4__err
=== CONT  TestZoneToRegion/0_us-central1-a_to_us-central1
=== CONT  TestZoneToRegion/3_us_err
=== RUN   TestZoneFromSelfLink/1
=== PAUSE TestZoneFromSelfLink/1
=== RUN   TestZoneFromSelfLink/2
=== CONT  TestZoneToRegion/2_europe-west3-c_to_europe-west3
=== PAUSE TestZoneFromSelfLink/2
=== PAUSE TestAuthorizeGCE/zone_as_self_link_no_exists
=== CONT  TestZoneFromSelfLink/0
=== RUN   TestAuthorizeGCE/zone_as_name_no_exists
=== CONT  TestZoneFromSelfLink/2
=== CONT  TestZoneFromSelfLink/1
=== CONT  TestZoneToRegion/1_northamerica-northeast1-c_to_northamerica-northeast1
=== CONT  TestZoneToRegion/4__err
--- PASS: TestZoneFromSelfLink (0.00s)
    --- PASS: TestZoneFromSelfLink/0 (0.00s)
    --- PASS: TestZoneFromSelfLink/2 (0.00s)
    --- PASS: TestZoneFromSelfLink/1 (0.00s)
=== PAUSE TestAuthorizeGCE/zone_as_name_no_exists
--- PASS: TestZoneToRegion (0.00s)
    --- PASS: TestZoneToRegion/0_us-central1-a_to_us-central1 (0.00s)
    --- PASS: TestZoneToRegion/3_us_err (0.00s)
    --- PASS: TestZoneToRegion/2_europe-west3-c_to_europe-west3 (0.00s)
    --- PASS: TestZoneToRegion/1_northamerica-northeast1-c_to_northamerica-northeast1 (0.00s)
    --- PASS: TestZoneToRegion/4__err (0.00s)
=== RUN   TestAuthorizeGCE/zone_as_invalid
=== PAUSE TestAuthorizeGCE/zone_as_invalid
=== RUN   TestAuthorizeGCE/region_as_self_link_exists
=== PAUSE TestAuthorizeGCE/region_as_self_link_exists
=== RUN   TestAuthorizeGCE/region_as_name_exists
=== PAUSE TestAuthorizeGCE/region_as_name_exists
=== RUN   TestAuthorizeGCE/region_as_self_link_no_exists
=== PAUSE TestAuthorizeGCE/region_as_self_link_no_exists
=== RUN   TestAuthorizeGCE/region_as_name_no_exists
=== PAUSE TestAuthorizeGCE/region_as_name_no_exists
--- PASS: TestRoleIam_EditServiceAccounts (0.00s)
=== RUN   TestAuthorizeGCE/region_as_invalid
=== PAUSE TestAuthorizeGCE/region_as_invalid
=== RUN   TestAuthorizeGCE/bound_instance_groups_unbound
=== PAUSE TestAuthorizeGCE/bound_instance_groups_unbound
--- PASS: TestBackend_PathConfigRead (0.00s)
    --- PASS: TestBackend_PathConfigRead/field_validation (0.00s)
    --- PASS: TestBackend_PathConfigRead/exist (0.00s)
    --- PASS: TestBackend_PathConfigRead/not_exist (0.00s)
=== RUN   TestAuthorizeGCE/bound_instance_groups_empty_bound_zones
=== PAUSE TestAuthorizeGCE/bound_instance_groups_empty_bound_zones
=== RUN   TestAuthorizeGCE/bound_instance_groups_no_exist_bound_zones
=== PAUSE TestAuthorizeGCE/bound_instance_groups_no_exist_bound_zones
=== RUN   TestAuthorizeGCE/bound_instance_groups_empty_bound_regions
=== PAUSE TestAuthorizeGCE/bound_instance_groups_empty_bound_regions
=== RUN   TestAuthorizeGCE/bound_instance_groups_no_exist_bound_regions
=== PAUSE TestAuthorizeGCE/bound_instance_groups_no_exist_bound_regions
=== RUN   TestAuthorizeGCE/bound_instance_groups_no_contains_instance
=== PAUSE TestAuthorizeGCE/bound_instance_groups_no_contains_instance
=== RUN   TestAuthorizeGCE/bound_service_account_no_exist
=== PAUSE TestAuthorizeGCE/bound_service_account_no_exist
=== RUN   TestAuthorizeGCE/bound_service_account_id
=== PAUSE TestAuthorizeGCE/bound_service_account_id
=== RUN   TestAuthorizeGCE/bound_service_account_email
=== PAUSE TestAuthorizeGCE/bound_service_account_email
=== RUN   TestAuthorizeGCE/success_zone_binding
=== PAUSE TestAuthorizeGCE/success_zone_binding
=== RUN   TestAuthorizeGCE/success_region_binding
=== PAUSE TestAuthorizeGCE/success_region_binding
=== RUN   TestAuthorizeGCE/success_instance_group_zone_binding
=== PAUSE TestAuthorizeGCE/success_instance_group_zone_binding
=== RUN   TestAuthorizeGCE/success_instance_group_region_binding
=== PAUSE TestAuthorizeGCE/success_instance_group_region_binding
=== CONT  TestAuthorizeGCE/labels_no_match_key
=== CONT  TestAuthorizeGCE/bound_instance_groups_empty_bound_zones
=== CONT  TestAuthorizeGCE/zone_as_self_link_no_exists
=== CONT  TestAuthorizeGCE/zone_as_name_exists
=== CONT  TestAuthorizeGCE/region_as_self_link_no_exists
=== CONT  TestAuthorizeGCE/region_as_self_link_exists
=== CONT  TestAuthorizeGCE/region_as_name_exists
=== CONT  TestAuthorizeGCE/zone_as_self_link_exists
=== CONT  TestAuthorizeGCE/zone_as_name_no_exists
=== CONT  TestAuthorizeGCE/success_instance_group_region_binding
=== CONT  TestAuthorizeGCE/bound_instance_groups_unbound
=== CONT  TestAuthorizeGCE/region_as_invalid
=== CONT  TestAuthorizeGCE/region_as_name_no_exists
=== CONT  TestAuthorizeGCE/success_instance_group_zone_binding
=== CONT  TestAuthorizeGCE/success_region_binding
=== CONT  TestAuthorizeGCE/success_zone_binding
=== CONT  TestAuthorizeGCE/bound_service_account_email
=== CONT  TestAuthorizeGCE/bound_service_account_id
=== CONT  TestAuthorizeGCE/bound_service_account_no_exist
=== CONT  TestAuthorizeGCE/bound_instance_groups_no_contains_instance
=== CONT  TestAuthorizeGCE/bound_instance_groups_no_exist_bound_regions
=== CONT  TestAuthorizeGCE/bound_instance_groups_empty_bound_regions
=== CONT  TestAuthorizeGCE/bound_instance_groups_no_exist_bound_zones
=== CONT  TestAuthorizeGCE/zone_as_invalid
=== CONT  TestAuthorizeGCE/labels_no_match_value
--- PASS: TestAuthorizeGCE (0.01s)
    --- PASS: TestAuthorizeGCE/labels_no_match_key (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_empty_bound_zones (0.00s)
    --- PASS: TestAuthorizeGCE/zone_as_self_link_no_exists (0.00s)
    --- PASS: TestAuthorizeGCE/zone_as_name_exists (0.00s)
    --- PASS: TestAuthorizeGCE/region_as_self_link_exists (0.00s)
    --- PASS: TestAuthorizeGCE/region_as_self_link_no_exists (0.00s)
    --- PASS: TestAuthorizeGCE/region_as_name_exists (0.00s)
    --- PASS: TestAuthorizeGCE/zone_as_self_link_exists (0.00s)
    --- PASS: TestAuthorizeGCE/zone_as_name_no_exists (0.00s)
    --- PASS: TestAuthorizeGCE/success_instance_group_region_binding (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_unbound (0.00s)
    --- PASS: TestAuthorizeGCE/region_as_invalid (0.00s)
    --- PASS: TestAuthorizeGCE/region_as_name_no_exists (0.00s)
    --- PASS: TestAuthorizeGCE/success_instance_group_zone_binding (0.00s)
    --- PASS: TestAuthorizeGCE/success_region_binding (0.00s)
    --- PASS: TestAuthorizeGCE/success_zone_binding (0.00s)
    --- PASS: TestAuthorizeGCE/bound_service_account_email (0.00s)
    --- PASS: TestAuthorizeGCE/bound_service_account_id (0.00s)
    --- PASS: TestAuthorizeGCE/bound_service_account_no_exist (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_no_contains_instance (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_no_exist_bound_regions (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_empty_bound_regions (0.00s)
    --- PASS: TestAuthorizeGCE/bound_instance_groups_no_exist_bound_zones (0.00s)
    --- PASS: TestAuthorizeGCE/zone_as_invalid (0.00s)
    --- PASS: TestAuthorizeGCE/labels_no_match_value (0.00s)
=== RUN   TestLogin_IAM/not_bound
=== PAUSE TestLogin_IAM/not_bound
=== RUN   TestLogin_IAM/not_bound_project
=== PAUSE TestLogin_IAM/not_bound_project
=== RUN   TestLogin_IAM/no_policies
=== PAUSE TestLogin_IAM/no_policies
=== RUN   TestLogin_IAM/expire_late
=== PAUSE TestLogin_IAM/expire_late
=== RUN   TestLogin_IAM/group_aliases
=== PAUSE TestLogin_IAM/group_aliases
=== RUN   TestLogin_IAM/wildcard
=== PAUSE TestLogin_IAM/wildcard
=== RUN   TestLogin_IAM/ttl
=== PAUSE TestLogin_IAM/ttl
=== RUN   TestLogin_IAM/max_ttl
=== PAUSE TestLogin_IAM/max_ttl
=== RUN   TestLogin_IAM/period
=== PAUSE TestLogin_IAM/period
=== RUN   TestLogin_IAM/jwt_already_expired
=== PAUSE TestLogin_IAM/jwt_already_expired
=== CONT  TestLogin_IAM/not_bound
=== CONT  TestLogin_IAM/wildcard
=== CONT  TestLogin_IAM/expire_late
=== CONT  TestLogin_IAM/jwt_already_expired
=== CONT  TestLogin_IAM/group_aliases
=== CONT  TestLogin_IAM/no_policies
=== CONT  TestLogin_IAM/not_bound_project
=== CONT  TestLogin_IAM/max_ttl
=== CONT  TestLogin_IAM/period
=== CONT  TestLogin_IAM/ttl
--- PASS: TestLogin_IAM (0.55s)
    --- PASS: TestLogin_IAM/jwt_already_expired (0.32s)
    --- PASS: TestLogin_IAM/expire_late (0.51s)
    --- PASS: TestLogin_IAM/no_policies (0.70s)
    --- PASS: TestLogin_IAM/ttl (0.70s)
    --- PASS: TestLogin_IAM/period (0.70s)
    --- PASS: TestLogin_IAM/wildcard (0.70s)
    --- PASS: TestLogin_IAM/not_bound (0.70s)
    --- PASS: TestLogin_IAM/not_bound_project (0.70s)
    --- PASS: TestLogin_IAM/max_ttl (0.70s)
    --- PASS: TestLogin_IAM/group_aliases (0.91s)
PASS
ok      github.com/hashicorp/vault-plugin-auth-gcp/plugin       3.127s
?       github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache [no test files]

[x] Backwards compatible

According to the tests, this is backwards compatible. This PR only changes the parts were we call SignJWT, and doesn't remove or otherwise change the usage of iam/v1, as there are some parts pertaining to UniqueID which are not (?) found in the Service Account Credentials API. The methods in question do not appear to be deprecated.

@catsby
test-acc step should take TEST args
4f30655
@catsby
allow optional TESTARGS to test step
73a8830
@catsby
Update JWT signing
802bd7f 
Updates to:

- github.com/hashicorp/go-gcp-common@service-account-update
- google.golang.org/api/iamcredentials/v1@v0.45.0

Updates how we sign JWTs, to use supported methods.

See also:

- #100
- https://cloud.google.com/iam/docs/migrating-to-credentials-api#iam-sign-jwt-go
@catsby
commit go.sum
502cbef
@calvn calvn self-requested a review April 23, 2021 16:56
This was referenced Apr 23, 2021
Closed
Closed
calvn
calvn reviewed Apr 23, 2021
View reviewed changes
plugin/login_util.go Outdated Show resolved Hide resolved
plugin/backend.go Show resolved Hide resolved
@catsby catsby mentioned this pull request Apr 23, 2021
Merged
This was referenced Apr 26, 2021
Merged
Merged
@catsby catsby changed the title WIP: Update gcp-common/IAM Credentials API usage Update gcp-common/IAM Credentials API usage Apr 26, 2021
@catsby catsby marked this pull request as ready for review April 26, 2021 21:14
@catsby catsby requested a review from calvn April 26, 2021 21:14
calvn
calvn previously approved these changes Apr 27, 2021
View reviewed changes
austingebauer
austingebauer previously approved these changes Apr 28, 2021
View reviewed changes
Copy link
Member

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this project parameter can be removed from the CLI help text?

Otherwise, LGTM 👍

@catsby catsby merged commit f5de29d into master Apr 28, 2021
catsby added a commit that referenced this pull request Apr 29, 2021
@catsby
Update gcp-common/IAM Credentials API usage (#108)
9a2296b 
* test-acc step should take TEST args

* allow optional TESTARGS to test step

* Update JWT signing

Updates to:

- github.com/hashicorp/go-gcp-common@service-account-update
- google.golang.org/api/iamcredentials/v1@v0.45.0

Updates how we sign JWTs, to use supported methods.

See also:

- #100
- https://cloud.google.com/iam/docs/migrating-to-credentials-api#iam-sign-jwt-go

* commit go.sum

* revert/update vendor

* update / revert back to pre-updates

* just update this part

* not sure why this wasn't picked up before

* formatting

* update

* update dep

* update go-gcp-common to tag v0.7.0

* update string used to auth with signjwt

* remove project help text
This was referenced Apr 29, 2021
Closed
Closed
Merged
This was referenced Apr 29, 2021
Merged
Merged
This was referenced Apr 29, 2021
Merged
Merged
Merged
Merged
Merged
@hc-github-team-waypoint hc-github-team-waypoint mentioned this pull request May 6, 2021
Merged
@austingebauer austingebauer mentioned this pull request May 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@austingebauer austingebauer austingebauer approved these changes

@calvn calvn calvn left review comments

Assignees
No one assigned
Labels
backport/vault-1.5.x backport/vault-1.6.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@catsby @calvn @austingebauer