feat: defines IdentityPoolClient used for K8s and Azure workloads
#1042
Conversation
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/5f7f9c6d-c75a-4c60-8bb8-0026a14cead7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@94421c4
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/b742586e-df31-4aac-8092-78288e9ea8e7/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@bd0deaa
This PR was generated using Autosynth. 🌈 - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@5747555
* chore: updated samples/package.json [ci skip] * chore: updated CHANGELOG.md [ci skip] * chore: updated package.json Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
This will subclass the abstract class `BaseExternalAccountClient` and will retrieve subject tokens from URLs (eg Azure Instance Metadata Service) or a file location (K8s KSA tokens). Renamed `ExternalAccountClient` to `BaseExternalAccountClient`. The latter will not be exported. Instead the former will be created as an empty class with a static `fromJSON()` method to initialize the right type of external client.
Codecov Report
@@ Coverage Diff @@
## byoid #1042 +/- ##
========================================
Coverage ? 93.10%
========================================
Files ? 25
Lines ? 5092
Branches ? 543
========================================
Hits ? 4741
Misses ? 351
Partials ? 0 Continue to review full report at Codecov.
|
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
google-cla
bot
added
the
cla: no
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
bcoe
added
cla: yes
test/test.identitypoolclient.ts
Outdated
| const projectNumber = '123456'; | ||
| const poolId = 'POOL_ID'; | ||
| const providerId = 'PROVIDER_ID'; | ||
| const audience = |
There was a problem hiding this comment.
If all these variables are used by the audience URL, and not elsewhere in test, I would be tempted to encapsulate them in a test helper, like getAudienceUrl; I read this and my immediate reaction was, that's a lot of variables, before I realized they're not all used in test cases.
There was a problem hiding this comment.
Ok, I made some refactor and moved a lot of these constants to common file and exported helper functions which are used by 2 test files.
src/auth/identitypoolclient.ts
Outdated
| throw err; | ||
| } | ||
|
|
||
| const stream = fs.createReadStream(filePath); |
There was a problem hiding this comment.
an alternate approach to createReadStream, I believe would be using the promises API:
const {readFile} = require('fs').promises
async function main () {
return readFile(filePath)
}
There was a problem hiding this comment.
I ended up using utils.promisify(fs.readFile) since Node 10 does not seem to play well with fs.promises.
…misify(fs.readFile)`.
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
google-cla
bot
added
cla: no
feat: implements the OAuth token exchange spec based on rfc8693 (#1026) feat: defines ExternalAccountClient abstract class for external_account credentials (#1030) feat: adds service account impersonation to `ExternalAccountClient` (#1041) feat: defines `IdentityPoolClient` used for K8s and Azure workloads (#1042) feat: implements AWS signature version 4 for signing requests (#1047) feat: defines `ExternalAccountClient` used to instantiate external account clients (#1050) feat!: integrates external_accounts with `GoogleAuth` and ADC (#1052) feat: adds text/json credential_source support to IdentityPoolClients (#1059) feat: get AWS region from environment variable (#1067) Co-authored-by: Wilfred van der Deijl <wilfred@vanderdeijl.com> Co-authored-by: Benjamin E. Coe <bencoe@google.com>
This will subclass the abstract class
BaseExternalAccountClientand will retrieve subject tokens from URLs (eg Azure Instance Metadata Service) or a file location (K8s KSA tokens).Renamed
ExternalAccountClienttoBaseExternalAccountClient. The latter will not be exported. Instead the former will be created as an empty class with a staticfromJSON()method to initialize the right type of external client (IdentityPoolClientorAwsClient).