Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Impersonated Universe Domain Support #1875

Merged
merged 13 commits into from
Nov 1, 2024
Merged

feat: Impersonated Universe Domain Support #1875

merged 13 commits into from
Nov 1, 2024

Conversation

danielbankhead
Copy link
Contributor

🦕

@danielbankhead danielbankhead requested review from a team as code owners October 1, 2024 19:02
@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Oct 1, 2024
aeitzman
aeitzman reviewed Nov 1, 2024
View reviewed changes
src/auth/impersonated.ts Show resolved Hide resolved
src/auth/googleauth.ts Show resolved Hide resolved
src/auth/googleauth.ts
// Create source client for impersonation
const sourceClient = new UserRefreshClient();
sourceClient.fromJSON(json.source_credentials);
const sourceClient = this.fromJSON(json.source_credentials);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is intentional to allow for impersonating any arbitrary type of source clients instead of just UserRefreshClient() right? Just for my own understanding.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep! Other clients are able to use impersonation and its required in TPC (e.g. for external accounts)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, only note I have is that the impersonation is handled directly by the external account client itself in this library (this already works for TPC, the inmpersonation URL gets generated with the universe domain when the create-credential-config is run in gCloud): https://github.com/googleapis/google-auth-library-nodejs/blob/a65d8a11450fdc0f69ea228def462e5a77beecd5/src/auth/baseexternalclient.ts#L602C4-L605C9

This PR adds support for a different type of credential configuration file which we should support, but just wanted to point out I don't think this is a path we would expect people to normally use for BYOID creds.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Important call-out.

@danielbankhead danielbankhead merged commit 902bf8b into main Nov 1, 2024
18 checks passed
@danielbankhead danielbankhead deleted the impersonated-universe branch November 1, 2024 20:15
@release-please release-please bot mentioned this pull request Nov 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeitzman aeitzman aeitzman approved these changes

Assignees
No one assigned
Labels
size: m Pull request size is medium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danielbankhead @aeitzman @d-goog