feat: Improve impersonation support. #2394
Conversation
|
@jskeet as always one commit at a time. The first commit is unrelated, but it's something that I caught while running the tests. |
| ""type"": ""authorized_user"" | ||
| }, | ||
| ""type"": ""impersonated_service_account""}"; | ||
| private const string RecursiveImpersonatedServiceAccountCredential = @"{ |
There was a problem hiding this comment.
Possibly add a blank line between each of these service credentials? (Or better yet, maybe now's a good time to move them to resource files that we load? That way we don't need the quote doubling etc.)
There was a problem hiding this comment.
Moving to files on the latest commit.
| } | ||
|
|
||
| // If source credential is of a credential type that does not support impersonation, attemting to create the | ||
| // impersonated credential will faill a few lines after. |
There was a problem hiding this comment.
faill => fail (and I'd personally use "later" instead of "after" but the meaning is clear)
There was a problem hiding this comment.
Yep, both done.
| /// <summary> | ||
| /// ImpersonatedCredential is created by the GCloud SDK tool when the user runs | ||
| /// <a href="https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login">GCloud Auth ADC Login</a> | ||
| /// using the <a href="https://cloud.google.com/sdk/gcloud/reference#--impersonate-service-account">--impersonate-service-accont</a> |
There was a problem hiding this comment.
accont => account (assuming there's no typo in gcloud itself)
There was a problem hiding this comment.
Luckily the typo is just mine, changing.
|
passing by comment ) Thanks! |
amanda-tarafa
force-pushed
the
impersonation-improvements
branch
from
f674a11 to
a0bd208
Compare
There was a problem hiding this comment.
@jskeet the las commit contains the changes to DefaultCredentialProvider tests.
The other couple requests are squashed in their respective commits, they were typos.
| ""type"": ""authorized_user"" | ||
| }, | ||
| ""type"": ""impersonated_service_account""}"; | ||
| private const string RecursiveImpersonatedServiceAccountCredential = @"{ |
There was a problem hiding this comment.
Moving to files on the latest commit.
| } | ||
|
|
||
| // If source credential is of a credential type that does not support impersonation, attemting to create the | ||
| // impersonated credential will faill a few lines after. |
There was a problem hiding this comment.
Yep, both done.
| /// <summary> | ||
| /// ImpersonatedCredential is created by the GCloud SDK tool when the user runs | ||
| /// <a href="https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login">GCloud Auth ADC Login</a> | ||
| /// using the <a href="https://cloud.google.com/sdk/gcloud/reference#--impersonate-service-account">--impersonate-service-accont</a> |
There was a problem hiding this comment.
Luckily the typo is just mine, changing.
| @@ -34,6 +35,25 @@ | |||
| <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="6.0.0" /> | |||
| </ItemGroup> | |||
|
|
|||
| <ItemGroup> | |||
| <EmbeddedResource Include="OAuth2\DummyCredentialFiles\aws_workforce_external_account_credential.json" /> | |||
There was a problem hiding this comment.
Any reason for not just using OAuth2\DummyCredentialFiles\*.json here?
There was a problem hiding this comment.
Just because I marked the files as embeded with right click on VS, but yes, this is better, changing. :)
|
|
||
| protected override Stream GetStream(string filePath) | ||
| { | ||
| if (!fileContents.ContainsKey(filePath)) | ||
| if (!pathToFileName.TryGetValue(filePath, out var resourcaName)) |
There was a problem hiding this comment.
Nit: resourcaName => resourceName
And maybe just:
var resourceName = pathToFileName.TryGetValue(filePath, out var mappedPath) ? mappedPath : filePath;There was a problem hiding this comment.
Yep, done on both.
Documentation does not specify the exact reason given on each case and this seems to have changed recently. StatusCode continues to be the same. See: https://developers.google.com/identity/protocols/oauth2/web-server#httprest_8
- Move all dummy credentials to files that are loaded as resources. - Use Assert.Throws instead of try ... catch.
amanda-tarafa
force-pushed
the
impersonation-improvements
branch
from
a0bd208 to
e226361
Compare
| @@ -34,6 +35,25 @@ | |||
| <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="6.0.0" /> | |||
| </ItemGroup> | |||
|
|
|||
| <ItemGroup> | |||
| <EmbeddedResource Include="OAuth2\DummyCredentialFiles\aws_workforce_external_account_credential.json" /> | |||
There was a problem hiding this comment.
Just because I marked the files as embeded with right click on VS, but yes, this is better, changing. :)
|
|
||
| protected override Stream GetStream(string filePath) | ||
| { | ||
| if (!fileContents.ContainsKey(filePath)) | ||
| if (!pathToFileName.TryGetValue(filePath, out var resourcaName)) |
There was a problem hiding this comment.
Yep, done on both.
Features - googleapis#2429 Utilities for date/time parsing. - googleapis#2394 Which improves impersonation support. - googleapis#2349 and googleapis#2379 Which improve error reported when ADC is not configured.
Updates support version: 1.61.0 - beta02 -> 1.61.0 Features - Improvements for date/time parsing. - googleapis#2441 - googleapis#2432 - googleapis#2429 - googleapis#2435 PKCE support. - googleapis#2394 Which improves impersonation support. - googleapis#2349 and googleapis#2379 Which improve error reported when ADC is not configured.
No description provided.