-
Notifications
You must be signed in to change notification settings - Fork 997
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
google: add DelegateTokenSource #335
Conversation
This PR (HEAD: e19e35f) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it. Tip: You can toggle comments from me using the |
Message from Gerrit User 5976: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be During May-July and Nov-Jan the Go project is in a code freeze, during which Please don’t reply on this GitHub thread. Visit golang.org/cl/143957. |
This PR (HEAD: e8ef4a0) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it. Tip: You can toggle comments from me using the |
Message from Gerrit User 12446: Uploaded patch set 3: Commit message was updated. Please don’t reply on this GitHub thread. Visit golang.org/cl/143957. |
This PR (HEAD: df9bbd8) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it. Tip: You can toggle comments from me using the |
Message from Gerrit User 12446: Uploaded patch set 5: Commit message was updated. Please don’t reply on this GitHub thread. Visit golang.org/cl/143957. |
/comments off |
rename usage from Seems to fit better w/ the distinction described here |
Also renamed the parameters to i didn't rename the tokens source since |
@bradfitz Could someone kickoff a review on this? I think should be relatively straightfoward and I've documented the system test steps via Its not urgent but i do have the python-auth library support live know and i'm currently submitting one for java-auth separately. |
@bradfitz Could we resume the review on this PR? (the java and python version are actually live now in the library set). I think the main outstanding issue is how to deal w/ the |
Delegate Credentials is basically a way for a user or (more common) service account to impersonate another service account.
Ref:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role
https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken
I've verified the sample with service_account, user_credentials and with GCE metadata server (and also delgate of delgate in squence)
Fixes #336