Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting authentication client for google-cloud libraries #1210

Closed
salrashid123 opened this issue Jul 12, 2021 · 3 comments
Closed

Allow setting authentication client for google-cloud libraries #1210

salrashid123 opened this issue Jul 12, 2021 · 3 comments
Assignees
@danielbankhead
Labels
api: N/A Tells auto-label to not auto-detect the API for this issue type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@salrashid123
Copy link
Contributor

PR 1207 will implement the capability to impersonate a service account. That is given a set of source credentials, the implementation will derive a new set of credentials which are eventually intended to call an underlying GCP API.

The implementation there surfaces an object which can be used to make direct REST api calls (see 28->51. However, there isn't an easy way to inject this type of a client into any existing google-cloud-* library set.

The only way to do that now is to create a placeholder client (see 57->72 and set that into a library which internally extracts the raw client fromthe placeholder/wraper object

Also, this workaround with the wrapped client will work for some google apis (eg, it will not work for Storage )

This FR is to

Construct a uniform surface to allow injecting authenticated clients into google-cloud-* libraries. Essentially, it shoud not be necessary to setup the intermediate placeholder/wrapper for the client and also the same final mechanism should work for all libraries (Storage)

Finally there are several flavors of 'clients':

which actually differ in the classes it using:

export class DownscopedClient extends AuthClient {
export class OAuth2Client extends AuthClient {
export class Impersonated extends OAuth2Client {

which means the usage of these clients diverges (eg, i probably can't use a downscoped client into a google-cloud library even after this FR is done)
@tmatsuo tmatsuo added api: N/A Tells auto-label to not auto-detect the API for this issue type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Jul 12, 2021
@tmatsuo
Copy link
Contributor

tmatsuo commented Jul 12, 2021

Assigning @bcoe for triage.

This was referenced Jul 27, 2021
Merged
Closed
@salrashid123 salrashid123 mentioned this issue Nov 16, 2021
Closed
@salrashid123
Copy link
Contributor Author

here is the tmp workaround for impersonated+gcs which was shown to me yesterday:
https://gist.github.com/salrashid123/e5fc03761f62ef6ff213ac3b29661967

note, i manually added in the sign() method to node_modules/google-auth-library/build/src/auth/impersonated.js just to allow impersonated_credentials to issue signedurls

@danielbankhead danielbankhead assigned danielbankhead and unassigned bcoe Apr 6, 2022
@danielbankhead
Copy link
Member

This should be supported as of v7.14.0: #1372

GoogleAuth now accepts AuthClient:

google-auth-library-nodejs/src/auth/googleauth.ts

Lines 74 to 78 in b482544

export interface GoogleAuthOptions<T extends AuthClient = JSONClient> {
/**
* An `AuthClient` to use
*/
authClient?: T;

Sample: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/downscopedclient.js

@salrashid123 salrashid123 mentioned this issue Aug 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielbankhead danielbankhead

Labels
api: N/A Tells auto-label to not auto-detect the API for this issue type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tmatsuo @bcoe @danielbankhead @salrashid123