Add support of service account #9
Comments
|
Thanks! Unfortunately, I'm very busy these days + I don't have much use for most of Google Cloud Products. This might change in a month or two, but for now, I'm open to merging pull requests. If you have the time and willing to help me implement this feature, please let me know, so we can work on it together. Cheers :) |
|
Hey I would love to work on this with you!!! how do I start? |
|
Cool! Thanks @OdinTech3. What extra interfaces you think we'll need in order to fully support service accounts? |
|
@omarryhan Were you referring to me? |
|
@OdinTech3 Yes :) |
|
I am not well versed with the details of the google api codebase, but this is something i am researching and want to really take on, but need to familiarize myself with your codebase and google's. |
|
Sure, take your time. I need to do some research as well. Yes omarryhan@gmail.com is my email. Feel free to email me there. If you want me to create a public Discord chat or something similar, I'm also open to that. |
|
I made a public Trello board for this feature. Let me know if you would like to join so I can add you as a member. https://trello.com/b/pOLVsBFI/aiogoogle-service-accounts-feature |
|
Yeah please do that.
…On Sat, Jul 20, 2019, 4:23 PM Omar Ryhan ***@***.***> wrote:
I made a public Trello board for this feature. Let me know if you would
like to join so I can add you as a member.
https://trello.com/b/pOLVsBFI/aiogoogle-service-accounts-feature
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#9?email_source=notifications&email_token=ADMY5FYRHDDRGHBHEQVGOY3QANX27A5CNFSM4HSI5X3KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2NVLKI#issuecomment-513496489>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADMY5F6F45N7CJCOUED4YN3QANX27ANCNFSM4HSI5X3A>
.
|
|
Cool, what's your email? |
|
nickspirit3@gmail.com
…On Sat, Jul 20, 2019, 6:06 PM Omar Ryhan ***@***.***> wrote:
Cool, what's your email?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#9?email_source=notifications&email_token=ADMY5FYI76SOVGDFT43F4PTQAOD7XA5CNFSM4HSI5X3KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2NW2XA#issuecomment-513502556>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADMY5FZLHJ7SKZGJJEUHTMTQAOD7XANCNFSM4HSI5X3A>
.
|
|
awesome lib! I'm going to try to get this rolling as I've hit enough resource issues trying to get our systems working with the original google api which is a giant resource hog. |
|
btw may want to move this to aio-libs group |
|
I'm conflicted between using this, or something which inherits and overrides behavior from the google-python API client for reason of the various tweaks it has added over time. How much was the original API client code integrated into this project? I'm worried because of stuff like data.py, which is supposed to come dynamically. |
|
Hey @thehesiod, thanks for chiming in. The 2 data.py files I added, are only here for convenience. You can still load your own 1. auth discovery document 2. discovery discovery document. In the auth module, I try to borrow as much code as I can from Google's already existing auth libraries. Namely: the |
|
Hi, @gregorth @ivankosenko @MrMrRobat @dm0 @thehesiod @OdinTech3 I'll try to put some hours into this feature this week. Can you tell me your use cases? What APIs you most certainly need, what APIs you can live without and what are not that important? It seems like we might be getting Asyncio support in Google's main auth library soon: googleapis/google-auth-library-python#465. Will the features introduced in this PR kill the need for adding service accounts support here? I personally don't think so. I think that we still need a way to make the async with Aiogoogle(service_account_creds=service_accound_dict) as aiogoogle:
...And obviously, also be able to grab and refresh an access token using the service account creds. Generally, I think that this is the most important feature to add right now. Features like getting the default service account creds from a compute or app engine can wait or maybe not even needed at all because we can always use Google's auth lib. Any thoughts? |
|
I've made my own async version of the Google apis which has more or less full functionality by building on top of the official api. I'm going to try to see if my employer will allow me to make them public and will report back |
|
ok so i got approval, its going through legal |
|
@thehesiod did you ever get it through Legal? |
|
@Omeryl just pinged again, the signal I got last time was positive. We've been using it w/o issues for awhile now. I even added credential caching support back |
|
I found a way to get this working on a GCE instance with a service account. I'm using the google metadata server to get an auth token, and passing it into the Aiogoogle instance. The token needs to be refreshed periodically, so it's wrapped in a loop which checks the token's expiry time, and refreshes once the token lifetime is < 1200 seconds. This feels a bit hacky, but seems to work well enough after some preliminary testing. Maybe it's useful for anyone hoping to use aiogoogle on a GCE/GKE instance with a service account. https://gist.github.com/booya/e10554cb6302a0a4b43dcdd16a9e4147 |
|
Hey guys, I just added basic service account support in version 1.0.0. Right now, you can authenticate as a service account in two ways:
We're still missing automatic detection from:
Adding them should be easy though, if someone's up for the task. You can find more info here in the docs. |
|
I'm going to close this. Please open a new feature request if there's a specific service-account feature that you want. |
This library looks really awesome but the one thing that stopped me before using it, it lacks of support service account. Any changes to implement it?
The text was updated successfully, but these errors were encountered: