Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal improvements (builds on #77) #78

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Internal improvements (builds on #77) #78

wants to merge 7 commits into from

Conversation

msdrigg
Copy link

@msdrigg msdrigg commented Aug 18, 2023

Mostly improving some optional parameters in the key formats

The last commit makes some internal improvements. Feel free to accept or reject any individual commit.

msdrigg added 7 commits August 18, 2023 09:49
@msdrigg
Supporting service account key format OR user credential formats
925dbba 
This PR supports parsing both formats in either the `GOOGLE_APPLICATION_CREDENTIALS` env variable or the `~/.config/gcloud/application_default_credentials.json` file.
@msdrigg
Adding service account impersonation (waiting on djc#76)
baa65d3 
This PR adds a new `ServiceAccount` format that takes credentials from `source_credentials: ServiceAccount` and then makes a request to get a service account token using those credentials.

This also adds the ability to parse the token format created by `gcloud auth application-default login --impersonate-service-account <service account>`
@msdrigg
No longer require token_uri in CustomServiceAccount
8063616 
This parameter should be optional and fall back to the default of "https://oauth2.googleapis.com/token".

This is demonstrated here:
https://github.com/golang/oauth2/blob/a835fc4358f6852f50c4c5c33fddcd1adade5b0a/google/google.go#L152
@msdrigg
Allowing UserCredentials to support an optional token_uri parameter
71542d1 
This comes from go source here:
 https://github.com/golang/oauth2/blob/a835fc4358f6852f50c4c5c33fddcd1adade5b0a/google/google.go#L181C22-L181C22
@msdrigg
Supporting optional audience on ApplicationCredentials
8576b2a 
See https://github.com/golang/oauth2/blob/a835fc4358f6852f50c4c5c33fddcd1adade5b0a/jwt/jwt.go#L123C8-L123C8 for reference
@msdrigg
Internal improvements
cd90392 
- Sort scope vec before using it as a hashmap key. Vecs of scopes aren't dependent on order, so the hashmap key shouldn't be either
- Reduce complexity by moving all calls to `token::from_string` to `token::new`
@msdrigg
Fixing clippy warnings
15a9d62
@msdrigg msdrigg changed the title Internal improvements (depends on #77) Internal improvements (builds on #77) Aug 18, 2023
@msdrigg
Copy link
Author

msdrigg commented Aug 18, 2023

Tested this PR with real world keys

  • Tested with GOOGLE_APPLICATION_CREDENTIALS and ~/.config/gcloud/application_default_credentials.json and verified the new tagged enum is used in both cases
  • Tested with service account key, user creds, and an impersonated service account and verified that I can make API calls

@djc
Copy link
Owner

djc commented May 27, 2024

Hey @msdrigg sorry for taking so long to get back to this. I've done a fairly big refactoring in #108 which I think will help doing some of the things here. Are you still interested in getting some of these changes merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@msdrigg @djc