feat: defines google.auth.external_account.Credentials abstract class for external_account credentials#603
feat: defines google.auth.external_account.Credentials abstract class for external_account credentials#603busunkim96 merged 6 commits intogoogleapis:byoidfrom bojeil-google:external_account_credentials
google.auth.external_account.Credentials abstract class for external_account credentials#603Conversation
Co-authored-by: Tres Seaver <tseaver@palladion.com>
* chore: updated CHANGELOG.md [ci skip] * chore: updated setup.cfg [ci skip] * chore: updated setup.py Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Migrate signBlob from iam.googleapis.com to iamcredentials.googleapis.com. This API is deprecated and will be shutdown in one year. This is used google.auth.iam.Signer. Added a system_test to sanity check the implementation.
…ss for external_account credentials Base external account credentials are used to instantiate Credentials for exchanging external account credentials for Google access tokens and authorizing requests to Google APIs. The base class implements common logic for exchanging various type of external credentials via GCP STS token exchange endpoint for Google access tokens. The logic of determining and retrieving the external credential based on the environment and credential_source in the credentials JSON file will be left for the subclasses.
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
busunkim96
left a comment
There was a problem hiding this comment.
LGTM.
Heads up, at some point the docs will need to be updated. (It doesn't need to happen in this PR).
These are the files that should probably be modified:
- https://github.com/googleapis/google-auth-library-python/tree/master/docs/reference (add new RST files)
- https://github.com/googleapis/google-auth-library-python/blob/master/docs/user-guide.rst
- https://github.com/googleapis/google-auth-library-python/blob/master/docs/index.rst
You can build the docs locally by doing nox -s docs and opening docs/html. It should look like https://googleapis.dev/python/google-auth/latest/index.html
|
Thanks @busunkim96 for the review and docs generation instructions. I absolutely agree on the references/docs generation. That is a launch blocker (we can't launch without that). We will dedicate a lot of effort to that along with snippets and other developer related materials. We have been delaying it as the Python implementation is still in early stages. |
Base external account credentials are used to instantiate Credentials for exchanging external account credentials for Google access tokens and authorizing requests to Google APIs.
The base class implements common logic for exchanging various type of external credentials via GCP STS token exchange endpoint for Google access tokens. The logic of determining and retrieving the external credential based on the environment and
credential_sourcein the credentials JSON file will be left for the subclasses.