Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds README, samples and integration tests for downscoping with CAB #1311

Merged
merged 23 commits into from Dec 15, 2021
Merged

feat: adds README, samples and integration tests for downscoping with CAB #1311

merged 23 commits into from Dec 15, 2021

Conversation

xil222
Copy link
Contributor

@xil222 xil222 commented Oct 30, 2021

This PR does the followings for downscoping with CAB.

  1. Add samples and descriptions.
  2. Add a setup script and integration tests.

@xil222 xil222 requested review from a team as code owners October 30, 2021 00:32
@generated-files-bot
Copy link

Warning: This pull request is touching the following templated files:

@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label Oct 30, 2021
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Oct 30, 2021
@xil222
Copy link
Contributor Author

xil222 commented Nov 2, 2021

Hi @bcoe , could you get back to me when you are back?
Looks like the serviceAccount for integration test doesn't have certain access causing the failure.
Error: kokoro-system-test@long-door-651.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object.
it seems that the serviceAccount key is downloaded from gfile at here which I can't modify access by myself.
Is there any ways to do that? Thanks

lsirac
lsirac reviewed Nov 4, 2021
View reviewed changes
Copy link
Contributor

@lsirac lsirac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just did a quick first pass. Can you also take a look at the lint warnings on the downscoped files?

samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
samples/downscopedclient.js Outdated Show resolved Hide resolved
samples/downscopedclient.js Outdated Show resolved Hide resolved
samples/downscopedclient.js Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
@lsirac lsirac changed the title feat: Add description, samples and integration tests for downscoping with CAB. feat: adds README, samples and integration tests for downscoping with CAB Nov 4, 2021
@xil222 xil222 requested a review from lsirac November 4, 2021 23:53
bcoe
bcoe suggested changes Nov 8, 2021
View reviewed changes
Copy link
Contributor

@bcoe bcoe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one nit about tests, also question about API, mainly how does this compare to other implementations? Should we be planning work to give Node.js a more ergonomic API for extending the auth library.

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md
projectId: 'my_project_id',
authClient: {
sign: () => Promise.reject('unsupported'),
getCredentials: () => Promise.reject(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The approach you came up with here ends up not looking quite as ugly as I was fearing.

How does this compare to Python and other languages? Is there work we should be tracking to make this API easier?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Python and Java directly passing authClient as variable to create Storage object without need to redefine a couple of APIs such as sign() or getCredentials().
And, yes, the long-term work is referred in last PR
GoogleCloudPlatform/nodejs-docs-samples#2368 (comment)
and you can track in bug b/196442993

samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
lsirac
lsirac reviewed Nov 9, 2021
View reviewed changes
samples/downscopedclient.js Outdated Show resolved Hide resolved
@bcoe bcoe added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 11, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 11, 2021
@xil222 xil222 requested a review from bcoe November 12, 2021 17:44
@xil222 xil222 added the owlbot:run Add this label to trigger the Owlbot post processor. label Nov 18, 2021
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Nov 18, 2021
@xil222
Copy link
Contributor Author

xil222 commented Nov 19, 2021

@xil222 samples are looking reasonable, but integration tests appear to be flaky, or perhaps just an assertion isn't quite right.

just made it correct

@bcoe bcoe added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 19, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Nov 19, 2021
bojeil-google
bojeil-google suggested changes Nov 30, 2021
View reviewed changes
Copy link
Contributor

@bojeil-google bojeil-google left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this looks fine. However, this deviates from existing samples/integration tests.
The pattern is to have a sample file with output under this directory: https://github.com/googleapis/google-auth-library-nodejs/tree/main/samples

Example: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/signBlob.js

Then you would write the test asserting the output of the sample (via child_process.exec) in here:
https://github.com/googleapis/google-auth-library-nodejs/tree/main/samples/test

@xil222 xil222 added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Dec 15, 2021
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Dec 15, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Dec 15, 2021
@xil222 xil222 added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Dec 15, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Dec 15, 2021
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Dec 15, 2021
bojeil-google
bojeil-google suggested changes Dec 15, 2021
View reviewed changes
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
samples/test/downscoping-with-cab.test.js Outdated Show resolved Hide resolved
@bojeil-google
Copy link
Contributor

You could try to pass the bucket and object name via environment variable. Similar to here:

google-auth-library-nodejs/samples/test/externalclient.test.js

Line 281 in e91472a

GOOGLE_APPLICATION_CREDENTIALS: configFilePath,

@xil222 xil222 added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Dec 15, 2021
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Dec 15, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Dec 15, 2021
@xil222 xil222 merged commit 4549116 into googleapis:main Dec 15, 2021
gcf-merge-on-green bot pushed a commit that referenced this pull request Dec 15, 2021
@release-please
chore: release 7.11.0 (#1336)
7b6c041 
🤖 I have created a release \*beep\* \*boop\*
---
## [7.11.0](https://www.github.com/googleapis/google-auth-library-nodejs/compare/v7.10.4...v7.11.0) (2021-12-15)


### Features

* adds README, samples and integration tests for downscoping with CAB ([#1311](https://www.github.com/googleapis/google-auth-library-nodejs/issues/1311)) ([4549116](https://www.github.com/googleapis/google-auth-library-nodejs/commit/454911637eca6a1272a729b2b2dfcf690c53fe29))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lsirac lsirac lsirac approved these changes

@bcoe bcoe bcoe approved these changes

@bojeil-google bojeil-google bojeil-google approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement. samples Issues that are directly related to samples.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@xil222 @bcoe @bojeil-google @lsirac @yoshi-kokoro