Skip to content

Add ImpersonatedCredentials #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chingor13 merged 3 commits into from
Nov 14, 2018
Merged

Add ImpersonatedCredentials #211

chingor13 merged 3 commits into from
Nov 14, 2018

Conversation

@salrashid123
Copy link
Contributor

@salrashid123 salrashid123 commented Nov 13, 2018

Addresses #210

Allow for ImpersonatedCredentials in core auth library set. Instructions to repro or to run system tests:

# Create source identity:
# gcloud iam service-accounts create source-serviceaccount --display-name="Source Identity"
# gcloud iam service-accounts keys  create svc-src.json --iam-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com


# Create target identity
# gcloud iam service-accounts create target-serviceaccount --display-name="Target Identity"

# Allow source to impersonate target
# gcloud iam service-accounts add-iam-policy-binding target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --member='serviceAccount:source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/iam.serviceAccountTokenCreator'

# Add resource ACL to target
# gcloud projects add-iam-policy-binding mineral-minutia-820 --member='serviceAccount:target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/storage.admin'

# Test the app below

# now create a GCE instance of the same source identity.
# comment out the service account section and uncomment the ComputeCredential section (as ADC)
# gcloud compute instances create impersonate-test --service-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --scopes=https://www.googleapis.com/auth/iam
# Upload the source below to GCE and rerun the test

output of unittests ran:

[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.066 s - in com.google.auth.oauth2.ImpersonatedCredentialsTest
``

@salrashid123 salrashid123 requested a review from a team as a code owner November 13, 2018 21:59
@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Nov 13, 2018
@chingor13 chingor13 self-assigned this Nov 13, 2018
@chingor13 chingor13 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 13, 2018
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 13, 2018
@codecov-io
Copy link

codecov-io commented Nov 13, 2018
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@1b5f8ac). Click here to learn what that means.
The diff coverage is 73.26%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #211   +/-   ##
=========================================
  Coverage          ?   76.03%           
  Complexity        ?      327           
=========================================
  Files             ?       21           
  Lines             ?     1456           
  Branches          ?      158           
=========================================
  Hits              ?     1107           
  Misses            ?      270           
  Partials          ?       79
Impacted Files Coverage Δ Complexity Δ
...om/google/auth/oauth2/ImpersonatedCredentials.java 73.26% <73.26%> (ø) 11 <11> (?)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1b5f8ac...9e2ec08. Read the comment docs.

chingor13
chingor13 requested changes Nov 14, 2018
View reviewed changes
Copy link
Contributor

@chingor13 chingor13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java Outdated
this.sourceCredentials = this.sourceCredentials.createScoped(Arrays.asList(CLOUD_PLATFORM_SCOPE));
this.sourceCredentials.refresh();
}
if (this.sourceCredentials.getAccessToken().getExpirationTime().before(new Date())) {

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

chingor13
chingor13 approved these changes Nov 14, 2018
View reviewed changes
Copy link
Contributor

@chingor13 chingor13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I can handle any other cleanup separately.

@chingor13 chingor13 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 14, 2018
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 14, 2018
@chingor13 chingor13 merged commit b037146 into googleapis:master Nov 14, 2018
@chingor13 chingor13 mentioned this pull request Nov 14, 2018
Merged
@salrashid123 salrashid123 deleted the add-impersonated-credentials branch November 15, 2018 04:12
@chingor13 chingor13 mentioned this pull request Dec 19, 2018
Closed
@jiangtaoli2016 jiangtaoli2016 mentioned this pull request Dec 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chingor13 chingor13 chingor13 approved these changes

Assignees

@chingor13 chingor13

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@salrashid123 @codecov-io @chingor13 @googlebot @kokoro-team