Skip to content
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

Signer and IDTokenCredentials implementation using default service account on GCE#236

Merged
theacodes merged 3 commits intogoogleapis:masterfrom
kryzthov:gce-id-token
May 31, 2018
Merged

Signer and IDTokenCredentials implementation using default service account on GCE#236
theacodes merged 3 commits intogoogleapis:masterfrom
kryzthov:gce-id-token

Conversation

@kryzthov
Copy link
Contributor

@kryzthov kryzthov commented Jan 19, 2018
edited
Loading

This branch includes:

  • a Signer implementation that relies on the IAM API (signBlob) using the default Credentials
  • a Credentials implementation that provides ID tokens, using the Signer above.

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 2101e9f to 21a9f5b Compare May 16, 2018 20:38
@kryzthov
Add GCE Credentials implementation supplying an ID token.
169497c 
 - Add Signer and IDTokenCredentials implementation

Signed-off-by: Christophe Taton <christophe.taton@gmail.com>
@kryzthov
Copy link
Contributor Author

kryzthov commented May 16, 2018

@theacodes Could you take a look at this? I haven't added any test yet, but I'd like some feedback before spending more time on this.

@theacodes
Copy link
Contributor

theacodes commented May 16, 2018

Hi @kryzthov - just a heads up that I'm currently OOO until next week but I'll take a quick lookl

@kryzthov
Copy link
Contributor Author

kryzthov commented May 16, 2018

All good! No rush, it's been there for a while, and it's not blocking! Enjoy your time off!

theacodes
theacodes suggested changes May 16, 2018
View reviewed changes
google/auth/compute_engine/credentials.py Outdated
return False


class Signer(crypt.Signer):

This comment was marked as spam.

Sign in to view

google/auth/compute_engine/credentials.py
class IDTokenCredentials(credentials.Credentials, credentials.Signing):
"""Open ID Connect ID Token-based service account credentials.

These credentials relies on the default service account of a GCE instance.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@kryzthov
Address comments
1469b34 
 - Reuse google.auth.iam.Signer
 - Expose `request` and `service_account_email`.
@kryzthov
Copy link
Contributor Author

kryzthov commented May 23, 2018

Anymore feedback on this?

theacodes
theacodes reviewed May 24, 2018
View reviewed changes
google/auth/compute_engine/credentials.py

self._signer = iam.Signer(
request=request,
credentials=Credentials(),

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

theacodes
theacodes suggested changes May 24, 2018
View reviewed changes
Copy link
Contributor

@theacodes theacodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, but needs tests.

kryzthov
kryzthov commented May 29, 2018
View reviewed changes
Copy link
Contributor Author

@kryzthov kryzthov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some unit-tests

@kryzthov kryzthov force-pushed the gce-id-token branch 4 times, most recently from 91da8fe to cb74258 Compare May 29, 2018 23:55
@kryzthov
Add unit-tests for GCE ID Token Credentials
c08c93c 
Signed-off-by: Christophe Taton <christophe.taton@gmail.com>
@theacodes theacodes merged commit 67456b4 into googleapis:master May 31, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@theacodes theacodes theacodes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kryzthov @theacodes