Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: making iam endpoint universe-aware #1604

Merged
merged 11 commits into from
Oct 19, 2024
Merged

feat: making iam endpoint universe-aware #1604

merged 11 commits into from
Oct 19, 2024

Conversation

TimurSadykov
Copy link
Contributor

@TimurSadykov TimurSadykov commented Oct 10, 2024
edited
Loading

This adds Impersonated credential support of universe domain. So they call endpoint in proper universes.

sai-sunder-s
sai-sunder-s reviewed Oct 10, 2024
View reviewed changes
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/iam.py Outdated Show resolved Hide resolved
sai-sunder-s
sai-sunder-s reviewed Oct 12, 2024
View reviewed changes
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
@TimurSadykov TimurSadykov marked this pull request as ready for review October 18, 2024 15:50
@TimurSadykov TimurSadykov requested review from a team as code owners October 18, 2024 15:50
@sai-sunder-s
Copy link
Contributor

Use monkeypatch to test whether the correct urls are used. One place to do is test_sign_bytes in test_impersonated_credentials.py.

For example, follow pattern in test__get_explicit_environ_credentials in test__default.py

sai-sunder-s
sai-sunder-s requested changes Oct 18, 2024
View reviewed changes
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
tests/oauth2/test_service_account.py Show resolved Hide resolved
tests/test_impersonated_credentials.py Outdated Show resolved Hide resolved
tests/test_impersonated_credentials.py Outdated Show resolved Hide resolved
sai-sunder-s
sai-sunder-s reviewed Oct 19, 2024
View reviewed changes
tests/test_impersonated_credentials.py
id_creds = impersonated_credentials.IDTokenCredentials(
credentials, target_audience=target_audience, include_email=True
)
id_creds = id_creds.from_credentials(target_credentials=new_credentials)
id_creds = id_creds.from_credentials(target_credentials=target_credentials)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this line existing? IIUC, removing this will have no impact.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to remove the target_audience?

tests/test_impersonated_credentials.py
credentials = self.make_credentials(
lifetime=None, source_credentials=source_credentials
)
target_credentials = self.make_credentials(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is same cred created 2 times?

sai-sunder-s
sai-sunder-s approved these changes Oct 19, 2024
View reviewed changes
Copy link
Contributor

@sai-sunder-s sai-sunder-s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good mostly. Have that extra line in id token test. I think there is no need for the 2 creds created in same way. But that seems same way in existing test as well.

@TimurSadykov TimurSadykov merged commit 16c728d into main Oct 19, 2024
15 checks passed
@TimurSadykov TimurSadykov deleted the stim-iam branch October 19, 2024 07:28
@release-please release-please bot mentioned this pull request Oct 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sai-sunder-s sai-sunder-s sai-sunder-s approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TimurSadykov @sai-sunder-s