Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: define CredentialAccessBoundary classes #793

Merged
merged 2 commits into from Jul 8, 2021
Merged

feat: define CredentialAccessBoundary classes #793

merged 2 commits into from Jul 8, 2021
+790 −0

Conversation

bojeil-google
Copy link
Contributor

Defines the following classes:

  • google.auth.downscoped.CredentialAccessBoundary
  • google.auth.downscoped.AccessBoundaryRule
  • google.auth.downscoped.AvailabilityCondition

This is based on Downscoping with Credential Access Boundaries.
These classes help define the list of access boundary rules,
each of which contains information on the resource that the rule
applies to, the upper bound of the permissions that are available
on that resource and an optional condition to further restrict
permissions.

@bojeil-google
feat: define CredentialAccessBoundary classes
3bfa715 
Defines the following classes:
- `google.auth.downscoped.CredentialAccessBoundary`
- `google.auth.downscoped.AccessBoundaryRule`
- `google.auth.downscoped.AvailabilityCondition`

This is based on [Downscoping with Credential Access Boundaries](https://cloud.google.com/iam/docs/downscoping-short-lived-credentials).
These classes help define the list of access boundary rules,
each of which contains information on the resource that the rule
applies to, the upper bound of the permissions that are available
on that resource and an optional condition to further restrict
permissions.
@bojeil-google bojeil-google requested a review from a team as a code owner July 2, 2021 23:08
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Jul 2, 2021
@bojeil-google
Copy link
Contributor Author

Note to reviewers. The failing tests seem to be unrelated to this change.

@arithmetic1728
Copy link
Contributor

@busunkim96 Seems the refresh token is expired/revoked again for the system test. Does the user account have token rotations now?

@busunkim96
Copy link
Contributor

@arithmetic1728 Nope the process for getting that approved has been rather slow. I'll rotate it again in a separate PR.

@tseaver tseaver mentioned this pull request Jul 8, 2021
Closed
@tseaver tseaver merged commit d883921 into googleapis:master Jul 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arithmetic1728 arithmetic1728 arithmetic1728 approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bojeil-google @arithmetic1728 @busunkim96 @tseaver