feat: support scopes for metadata credentials on GCF/Cloud Run/App Engine #376
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
googlebot
added
the
cla: yes
sqrrrl
changed the title
sqrrrl
changed the title
|
Superseded by #633. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on PR #333 which has been sitting for a while and has some unresolved issues blocking merging.
Updates that code to be more conservative in terms of compatibility -- default case is same as before and no scopes param is included if with_scopes() never used.
Only thing I'd like to change, but has some compatibility risks, is how
google.auth.default(scopes)works. Currently it only applies the scopes iff the credential requires scoping. This case is a little different -- the scoping is optional as the credential has default scopes.So instead of:
Code currently needs to be:
Minor difference, but kind of annoying that the short form doesn't work. Either requires changing the behavior of
default()to always attempting scoping (which sounds like the right behavior anyway) or falsely reporting that scoping is required for the credentials.