feat: defines google.auth.external_account.Credentials abstract class for external_account credentials
#603
Conversation
Co-authored-by: Tres Seaver <[email protected]>
* chore: updated CHANGELOG.md [ci skip] * chore: updated setup.cfg [ci skip] * chore: updated setup.py Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Migrate signBlob from iam.googleapis.com to iamcredentials.googleapis.com. This API is deprecated and will be shutdown in one year. This is used google.auth.iam.Signer. Added a system_test to sanity check the implementation.
…ss for external_account credentials Base external account credentials are used to instantiate Credentials for exchanging external account credentials for Google access tokens and authorizing requests to Google APIs. The base class implements common logic for exchanging various type of external credentials via GCP STS token exchange endpoint for Google access tokens. The logic of determining and retrieving the external credential based on the environment and credential_source in the credentials JSON file will be left for the subclasses.
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
google-cla
bot
added
the
cla: no
busunkim96
left a comment
busunkim96
left a comment
There was a problem hiding this comment.
LGTM.
Heads up, at some point the docs will need to be updated. (It doesn't need to happen in this PR).
These are the files that should probably be modified:
- https://github.com/googleapis/google-auth-library-python/tree/master/docs/reference (add new RST files)
- https://github.com/googleapis/google-auth-library-python/blob/master/docs/user-guide.rst
- https://github.com/googleapis/google-auth-library-python/blob/master/docs/index.rst
You can build the docs locally by doing nox -s docs and opening docs/html. It should look like https://googleapis.dev/python/google-auth/latest/index.html
busunkim96
added
cla: yes
|
Thanks @busunkim96 for the review and docs generation instructions. I absolutely agree on the references/docs generation. That is a launch blocker (we can't launch without that). We will dedicate a lot of effort to that along with snippets and other developer related materials. We have been delaying it as the Python implementation is still in early stages. |
3 participants
Base external account credentials are used to instantiate Credentials for exchanging external account credentials for Google access tokens and authorizing requests to Google APIs.
The base class implements common logic for exchanging various type of external credentials via GCP STS token exchange endpoint for Google access tokens. The logic of determining and retrieving the external credential based on the environment and
credential_sourcein the credentials JSON file will be left for the subclasses.