Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pigeon.FCM config, service_account_json, goth, and Google's Application Default Dredentials changes #232

Open
petermueller opened this issue Jan 29, 2023 · 2 comments · May be fixed by #235
Open

Pigeon.FCM config, service_account_json, goth, and Google's Application Default Dredentials changes #232

petermueller opened this issue Jan 29, 2023 · 2 comments · May be fixed by #235

Comments

@petermueller
Copy link

petermueller commented Jan 29, 2023
edited

Hello! Thank you for your work on Pigeon. We appreciate it <3

(Note: This is in regards to 2.0.0-rc.1)

Skip to "Describe the solution you'd like" for the TL;DR

Is your feature request related to a problem? Please describe

We are in the process of cleaning up some application security things in Google Cloud, and are trying to eliminate the usage of the GOOGLE_APPLICATION_CREDENTIALS env var, and just rely on the metadata server accessible by the GCP VMs to get an access token (https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#applications).

goth v1.3+ handles this as part of its initialization, or if called directly:

and handles refreshing the token w/ scopes at init, and on a schedule:

it actually seems like the goth implementation may have been inspired from the pigeon implementation:

Unfortunately Pigeon.FCM currently expects the service_account_json to exist and contain a service account key file (containing a private key, and other sensitive info). To support this when running in Google Compute Engine, we'll have to then generate a service account key file with limited access to FCM only, and propagate it onto the hosts (to reuse the same service account as the host VM would be dangerous as it has more permissions). This could make the service accounts susceptible to file traversal/exfil issues, as opposed to the metadata approach, which would require Remote Code Exec on the host to steal.

Describe the solution you'd like

I'd like to be able to pass something like MyApp.Goth or MyApp.GothFCM to Pigeon that I've configured and initialized with goth for the service account and scopes necessary for Pigeon.

Pigeon could then pass it to Goth.fetch to gather the required token (since the Goth genserver handles refreshing by itself)

This would potentially simplify the Pigeon.FCM code significantly, and let it focus just on notifications, leaning on goth for the logic around the ways GCP auth has changed in the last couple years.

What are your thoughts? If you think this sounds neat, I can take a crack at a first-pass/proof-of-concept <3
@petermueller
Copy link
Author

I have a working implementation of this if you'd like. It still requires some docs changes, and I wanted to chat about the scope of the change, but let me know if you have time to chat

@petermueller
Copy link
Author

petermueller commented Feb 15, 2023
edited

here's my fork. It's just the master branch.
https://github.com/petermueller/pigeon

If it works how I want in our production instance, I can open a PR w/ a checklist of things I'd need to do (docs, migration guide?, etc.) and questions we'd want to discuss (e.g. should service_account_json be supported still? if so, how? if not, do we need a migration guide, or an example? should the tests be made to be able to run without a real, live FCM auth setup, and then some integration tests?)

@petermueller petermueller linked a pull request Feb 15, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: support for Goth modules for FCM PrescribeFIT/pigeon
1 participant
@petermueller