Skip to content

Commit

Permalink
fix: missing ssj for impersonate cred (#1377)
Browse files Browse the repository at this point in the history
  • Loading branch information
arithmetic1728 authored Aug 31, 2023
1 parent 36c1d54 commit 7d453dc
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 0 deletions.
7 changes: 7 additions & 0 deletions google/auth/impersonated_credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,13 @@ def __init__(
# their original scopes modified.
if isinstance(self._source_credentials, credentials.Scoped):
self._source_credentials = self._source_credentials.with_scopes(_IAM_SCOPE)
# If the source credential is service account and self signed jwt
# is needed, we need to create a jwt credential inside it
if (
hasattr(self._source_credentials, "_create_self_signed_jwt")
and self._source_credentials._always_use_jwt_access
):
self._source_credentials._create_self_signed_jwt(None)
self._target_principal = target_principal
self._target_scopes = target_scopes
self._delegates = delegates
Expand Down
Binary file modified system_tests/secrets.tar.enc
Binary file not shown.
9 changes: 9 additions & 0 deletions tests/test_impersonated_credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,15 @@ def test_default_state(self):
assert not credentials.valid
assert credentials.expired

def test_make_from_service_account_self_signed_jwt(self):
source_credentials = service_account.Credentials(
SIGNER, self.SERVICE_ACCOUNT_EMAIL, TOKEN_URI, always_use_jwt_access=True
)
credentials = self.make_credentials(source_credentials=source_credentials)
# test the source credential don't lose self signed jwt setting
assert credentials._source_credentials._always_use_jwt_access
assert credentials._source_credentials._jwt_credentials

def make_request(
self,
data,
Expand Down

0 comments on commit 7d453dc

Please sign in to comment.