-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: defines IdentityPoolClient
used for K8s and Azure workloads
#1042
Conversation
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/5f7f9c6d-c75a-4c60-8bb8-0026a14cead7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@94421c4
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/b742586e-df31-4aac-8092-78288e9ea8e7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@bd0deaa
This PR was generated using Autosynth. 🌈 - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@5747555
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
This will subclass the abstract class `BaseExternalAccountClient` and will retrieve subject tokens from URLs (eg Azure Instance Metadata Service) or a file location (K8s KSA tokens). Renamed `ExternalAccountClient` to `BaseExternalAccountClient`. The latter will not be exported. Instead the former will be created as an empty class with a static `fromJSON()` method to initialize the right type of external client.
Codecov Report
@@ Coverage Diff @@
## byoid #1042 +/- ##
========================================
Coverage ? 93.10%
========================================
Files ? 25
Lines ? 5092
Branches ? 543
========================================
Hits ? 4741
Misses ? 351
Partials ? 0 Continue to review full report at Codecov.
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a few nits, but this is looking pretty solid to me.
test/test.identitypoolclient.ts
Outdated
const projectNumber = '123456'; | ||
const poolId = 'POOL_ID'; | ||
const providerId = 'PROVIDER_ID'; | ||
const audience = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If all these variables are used by the audience
URL, and not elsewhere in test, I would be tempted to encapsulate them in a test helper, like getAudienceUrl
; I read this and my immediate reaction was, that's a lot of variables, before I realized they're not all used in test cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I made some refactor and moved a lot of these constants to common file and exported helper functions which are used by 2 test files.
src/auth/identitypoolclient.ts
Outdated
throw err; | ||
} | ||
|
||
const stream = fs.createReadStream(filePath); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an alternate approach to createReadStream
, I believe would be using the promises API:
const {readFile} = require('fs').promises
async function main () {
return readFile(filePath)
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ended up using utils.promisify(fs.readFile)
since Node 10 does not seem to play well with fs.promises
.
…misify(fs.readFile)`.
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
feat: implements the OAuth token exchange spec based on rfc8693 (#1026) feat: defines ExternalAccountClient abstract class for external_account credentials (#1030) feat: adds service account impersonation to `ExternalAccountClient` (#1041) feat: defines `IdentityPoolClient` used for K8s and Azure workloads (#1042) feat: implements AWS signature version 4 for signing requests (#1047) feat: defines `ExternalAccountClient` used to instantiate external account clients (#1050) feat!: integrates external_accounts with `GoogleAuth` and ADC (#1052) feat: adds text/json credential_source support to IdentityPoolClients (#1059) feat: get AWS region from environment variable (#1067) Co-authored-by: Wilfred van der Deijl <wilfred@vanderdeijl.com> Co-authored-by: Benjamin E. Coe <bencoe@google.com>
This will subclass the abstract class
BaseExternalAccountClient
and will retrieve subject tokens from URLs (eg Azure Instance Metadata Service) or a file location (K8s KSA tokens).Renamed
ExternalAccountClient
toBaseExternalAccountClient
. The latter will not be exported. Instead the former will be created as an empty class with a staticfromJSON()
method to initialize the right type of external client (IdentityPoolClient
orAwsClient
).