Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

google: add DelegateTokenSource #335

Closed
wants to merge 8 commits into from

Conversation

salrashid123
Copy link

@salrashid123 salrashid123 commented Oct 23, 2018

Delegate Credentials is basically a way for a user or (more common) service account to impersonate another service account.

Ref:

https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role
https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken

I've verified the sample with service_account, user_credentials and with GCE metadata server (and also delgate of delgate in squence)

Fixes #336

@gopherbot
Copy link
Contributor

This PR (HEAD: e19e35f) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Gerrit User 5976:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.


Please don’t reply on this GitHub thread. Visit golang.org/cl/143957.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

This PR (HEAD: e8ef4a0) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Gerrit User 12446:

Uploaded patch set 3: Commit message was updated.


Please don’t reply on this GitHub thread. Visit golang.org/cl/143957.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

This PR (HEAD: df9bbd8) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/143957 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Gerrit User 12446:

Uploaded patch set 5: Commit message was updated.


Please don’t reply on this GitHub thread. Visit golang.org/cl/143957.
After addressing review feedback, remember to publish your drafts!

@salrashid123
Copy link
Author

/comments off

@bradfitz bradfitz changed the title Add DelegateTokenSource google: add DelegateTokenSource Oct 23, 2018
@salrashid123
Copy link
Author

rename usage from DelegateTokenSource -> ImpersonatedTokenSource.

Seems to fit better w/ the distinction described here

@salrashid123
Copy link
Author

Also renamed the parameters to source and target to make it more aligned with
the python PR thats merged:

i didn't rename the tokens source since source is already in the name...

@salrashid123
Copy link
Author

@bradfitz Could someone kickoff a review on this? I think should be relatively straightfoward and I've documented the system test steps via gcloud here:

Its not urgent but i do have the python-auth library support live know and i'm currently submitting one for java-auth separately.

@salrashid123
Copy link
Author

@bradfitz Could we resume the review on this PR? (the java and python version are actually live now in the library set). I think the main outstanding issue is how to deal w/ the context thats passed in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants