New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add AWS Workload Identity Federation Support #414
Conversation
…impersonated credential
…st compatible with apply_auth_examples. ExternalAccount was not fully compatible with the other providers, this brings it in line and moves some common methods between the other provides and ExternalAccount into a module which is now included by the AWSClient provider and Signet::Auth::Client
…external account, create dedicated Connection helper module, other misc PR cleanup
@dazuma Would you please take a look at this. We need to have it approved and unblock the customer request. |
@BigTailWolf I just noticed that the CLS is not signed. Can we please fix that? |
Hi Neha, I think the security check failed due to Ryan's CLA status. Mine is under Google CLA. Would you please try to remove him from the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments addressed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jin, I added a few more nit comments. Otherwise it looks good.
@@ -0,0 +1,114 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit:
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
require "time" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we're not using time
here
module ExternalAccount | ||
# Provides an entrypoint for all Exernal Account credential classes. | ||
class Credentials | ||
# The subject token type used for AWS external_account credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: the comment should be above AWS_SUBJECT_TOKEN_TYPE
@@ -0,0 +1,381 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit:
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
@@ -0,0 +1,140 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
@@ -0,0 +1,99 @@ | |||
# Copyright 2022 Google LLC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 2022 Google LLC | |
# Copyright 2023 Google LLC |
@@ -0,0 +1,511 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
@@ -0,0 +1,228 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
@@ -0,0 +1,86 @@ | |||
# Copyright 2022 Google, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 2022 Google, Inc. | |
# Copyright 2023 Google, Inc. |
This is a re-catch on the closed pull request:
#408