-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: integrates external_accounts with GoogleAuth
and ADC
#1052
feat!: integrates external_accounts with GoogleAuth
and ADC
#1052
Conversation
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/5f7f9c6d-c75a-4c60-8bb8-0026a14cead7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@94421c4
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/b742586e-df31-4aac-8092-78288e9ea8e7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@bd0deaa
This PR was generated using Autosynth. 🌈 - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@5747555
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Minor change that fixes a spelling error. I don't think an issue needed to be opened for this. Thanks!
Add await Co-authored-by: Justin Beckwith <justin.beckwith@gmail.com> Co-authored-by: sofisl <55454395+sofisl@users.noreply.github.com> Co-authored-by: Benjamin E. Coe <bencoe@google.com>
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/7a1b0b96-8ddb-4836-a1a2-d2f73b7e6ffe/targets - [ ] To automatically regenerate this PR, check this box.
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/ba2d388f-b3b2-4ad7-a163-0c6b4d86894f/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@05de3e1
…1048) This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/96acae41-dfd7-4d71-95d3-12436053b826/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@8cf6d28
Codecov Report
@@ Coverage Diff @@
## byoid #1052 +/- ##
========================================
Coverage ? 91.52%
========================================
Files ? 21
Lines ? 4093
Branches ? 454
========================================
Hits ? 3746
Misses ? 347
Partials ? 0 Continue to review full report at Codecov.
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
GoogleAuth
and ADCGoogleAuth
and ADC
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this will break the upstream:
https://github.com/googleapis/nodejs-googleapis-common/blob/master/src/authplus.ts
Which wraps GoogleAuth, I suggest we release this work as a breaking change, just so we can make the update intentional for upstream consumers.
The upstream consumers need not take this as a breaking change.
@@ -15,7 +15,6 @@ | |||
import {RefreshOptions} from './oauth2client'; | |||
import { | |||
BaseExternalAccountClient, | |||
BaseExternalAccountClientOptions, | |||
EXTERNAL_ACCOUNT_TYPE, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because of the suffix type
I thought this would be an interface or type
, I would add a comment:
// this string constant indicates that external account should be instantiated ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I added clarification here and in baseexternalclient.ts
where it is declared.
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
Sounds good on the breaking change. I think we can help make the necessary changes in |
feat: implements the OAuth token exchange spec based on rfc8693 (#1026) feat: defines ExternalAccountClient abstract class for external_account credentials (#1030) feat: adds service account impersonation to `ExternalAccountClient` (#1041) feat: defines `IdentityPoolClient` used for K8s and Azure workloads (#1042) feat: implements AWS signature version 4 for signing requests (#1047) feat: defines `ExternalAccountClient` used to instantiate external account clients (#1050) feat!: integrates external_accounts with `GoogleAuth` and ADC (#1052) feat: adds text/json credential_source support to IdentityPoolClients (#1059) feat: get AWS region from environment variable (#1067) Co-authored-by: Wilfred van der Deijl <wilfred@vanderdeijl.com> Co-authored-by: Benjamin E. Coe <bencoe@google.com>
Exports
IdentityPoolClient
,IdentityPoolClientOptions
,AwsClient
,AwsClientOptions
,ExternalAccountClient
andExternalAccountClientOptions
.Defines
CredentialsClient
interface as the root interface for all clients that generate credentials. UpdatesAuthClient
to implement that interface. All existing clients extendAuthClient
and already conform toCredentialsClient
.Exposes
eagerRefreshThresholdMillis
andforceRefreshOnFailure
onBaseExternalAccountClient
as they are exposed on all clients which inherit fromOAuth2Client
andAuthClient
.Defines
JSONClient
inGoogleAuth
for all credentials that can be initialized from JSON objects (as part of ADC):JWT | UserRefreshClient | BaseExternalAccountClient
. This excludesCompute
clients.