Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add experimental GDCH support #1044

Merged
merged 8 commits into from
Jun 14, 2022
Merged

feat: add experimental GDCH support #1044

merged 8 commits into from
Jun 14, 2022
+591 −23

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented May 26, 2022
edited
Loading

Add experimental GDCH service account credential support. Example usage:

1.first create a JSON file of the following format

{
    "type": "gdch_service_account",
    "format_version": "1",
    "project": "<project name>",
    "private_key_id": "<key id>",
    "private_key": "-----BEGIN EC PRIVATE KEY-----\n<key bytes>\n-----END EC PRIVATE KEY-----\n",
    "name": "<service identity name>",
    "ca_cert_path": "<CA cert path>",
    "token_uri": "https://service-identity.<Domain>/authenticate"
}

2.Clone this repo, then switch to gdch_jwt branch, and install the dependencies

git clone https://github.com/googleapis/google-auth-library-python.git
cd google-auth-library-python
git checkout gdch_jwt
python -m pip install -e .
python -m pip install requests
python -m pip install cryptography

3.Create a sample.py with the following code, and fill in the api_endpoint. Note that if api endpoint doesn't use well known CA, then you need to provide the CA cert.
For gRPC, you can export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=<ca cert path>.
For HTTP, you can pass verify=<ca cert path> to authed_session.request (see the sample)

import google.auth
from google.auth.transport import requests

api_endpoint = "<fill in the api endpoint>"

creds, project_id = google.auth.default()
creds = creds.with_gdch_audience(api_endpoint)

def test_get_token():
    req = requests.Request()
    creds.refresh(req)
    print(creds.token)

def test_call_api(ca_cert_path=None):
    authed_session = requests.AuthorizedSession(creds)
    response = authed_session.request("GET", api_endpoint, verify=ca_cert_path)
    print(response.status_code)
    print(response.text)

if __name__=="__main__":
    # If you want to test if a token can be obtained, run test_get_token
    test_get_token()

    # if you also want to test if we can call the api endpoint, run test_call_api.
    # provide the CA cert via ca_cert_path parameter if needed.
    # (note that test_get_token is not necessary, since when we call the api
    # endpoint, token will be automatically refreshed)
    test_call_api(ca_cert_path=None)

4.First export GOOGLE_APPLICATION_CREDENTIALS=<the json file path>, then run the sample with python sample.py.

@arithmetic1728 arithmetic1728 added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label May 26, 2022
sai-sunder-s
sai-sunder-s reviewed Jun 9, 2022
View reviewed changes
google/auth/_default.py Show resolved Hide resolved
google/oauth2/_client.py Show resolved Hide resolved
google/oauth2/gdch_credentials.py Outdated Show resolved Hide resolved
@arithmetic1728 arithmetic1728 marked this pull request as ready for review June 14, 2022 01:41
@arithmetic1728 arithmetic1728 requested a review from a team as a code owner June 14, 2022 01:41
@arithmetic1728 arithmetic1728 removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jun 14, 2022
@arithmetic1728 arithmetic1728 merged commit 94fb5e2 into main Jun 14, 2022
@arithmetic1728 arithmetic1728 deleted the gdch_jwt branch June 14, 2022 20:50
@release-please release-please bot mentioned this pull request Jun 14, 2022
Merged
@arithmetic1728 arithmetic1728 mentioned this pull request Apr 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sai-sunder-s sai-sunder-s sai-sunder-s approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arithmetic1728 @sai-sunder-s