Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oauth2): add support for external account workforce identity #14800

Merged
merged 5 commits into from
Oct 28, 2024
Merged

feat(oauth2): add support for external account workforce identity #14800

merged 5 commits into from
Oct 28, 2024

Conversation

cuiy0006
Copy link
Collaborator

@cuiy0006 cuiy0006 commented Oct 24, 2024
edited by scotthart
Loading

External account has two types of identities:

Workload Identity - 3rd party identities that represent a workload, the configs for this are all handled at a project level

Workforce Identity - 3rd party identities that represent a user, configs for this are handled at the org level

We already support Workload Identity. To support Workforce Identity, I added options userProject in the request header.

This change is Reviewable

@codecov Codecov
Copy link

codecov bot commented Oct 24, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 97.36842% with 2 lines in your changes missing coverage. Please review.

Project coverage is 93.28%. Comparing base (d5962f8) to head (e24a974).
Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
...ternal/oauth2_external_account_credentials_test.cc 96.72% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #14800   +/-   ##
=======================================
  Coverage   93.27%   93.28%           
=======================================
  Files        2319     2319           
  Lines      208231   208290   +59     
=======================================
+ Hits       194230   194293   +63     
+ Misses      14001    13997    -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cuiy0006 cuiy0006 marked this pull request as ready for review October 24, 2024 23:13
@cuiy0006 cuiy0006 requested a review from a team as a code owner October 24, 2024 23:13
dbolduc
dbolduc approved these changes Oct 25, 2024
View reviewed changes
Copy link
Member

@dbolduc dbolduc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there an integration test for workforce identity? Like something that would fail before this PR and succeed after it?

google/cloud/internal/oauth2_external_account_credentials.cc Outdated Show resolved Hide resolved
google/cloud/internal/oauth2_external_account_credentials.cc Outdated Show resolved Hide resolved
google/cloud/internal/oauth2_external_account_credentials.cc Outdated Show resolved Hide resolved
@cuiy0006
Copy link
Collaborator Author

is there an integration test for workforce identity? Like something that would fail before this PR and succeed after it?

There is a case under domian_universe, I will figure out how to create a workforce identity for integration test.

@cuiy0006 cuiy0006 merged commit a552c93 into googleapis:main Oct 28, 2024
74 checks passed
@cuiy0006 cuiy0006 deleted the external-account-workforce-identity branch October 28, 2024 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbolduc dbolduc dbolduc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cuiy0006 @dbolduc