feat(rest): support generateIdToken in impersonation url #14853
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #14853 +/- ##
=======================================
Coverage 93.00% 93.00%
=======================================
Files 2351 2351
Lines 209479 209482 +3
=======================================
+ Hits 194818 194825 +7
+ Misses 14661 14657 -4 ☔ View full report in Codecov by Sentry. |
scotthart
approved these changes
Nov 22, 2024
There was a problem hiding this comment.
Reviewed 2 of 2 files at r1, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved (waiting on @cuiy0006)
ddelgrosso1
added a commit
that referenced
this pull request
Apr 9, 2025
* docs(pubsub): Fix region tags for Pub/Sub ingestion from GCS samples (#14773) * chore(deps): update actions/checkout digest to eef6144 (#14772) * chore(deps): update opentelemetry to v1.17.0 (#14774) * chore(deps): update grpc to v1.67.0 (#14711) * cleanup: remove unused otel compile def (#14775) * impl: API key creds for gRPC (#14776) * cleanup(oauth2): change universe domain endpoint (#14777) * impl: add ApiKeyConfig, implement in gRPC (#14778) * feat: API key authentication (#14779) * refactor(oauth2): prepare for API key auth (#14780) * impl(compute): reduce specificity on integration test error message (#14782) * cleanup(oauth2): MinimalIamCredentialsRestStub use universe domain in endpoint (#14781) * cleanup(oauth2): MinimalIamCredentialsRestStub use universe domain in endpoint * test * cleanup * split unit tests * cleanup * fix win build * fix msan-pr * impl: API key auth over REST (#14785) * docs(storage): better suggestion for deprecated API (#14786) * cleanup(storage): add comment on why no API key support (#14788) * ci: pin python version for gsutil (#14792) * chore: update vcpkg to v2024.09.30 (#14790) * chore: update googleapis SHA circa 2024-10-17 (#14793) PiperOrigin-RevId: 686790780 * cleanup: cmake compute features (#14794) * chore(deps): update dependency bazelbuild/bazelisk to v1.22.1 (#14796) * chore(deps): update protobuf to v28.3 (#14798) * chore(deps): update dependency bazel to v7.4.0 (#14797) * chore(deps): update actions/checkout digest to 11bd719 (#14799) * chore: update googleapis SHA circa 2024-10-24 (#14801) * chore: update googleapis SHA circa 2024-10-24 PiperOrigin-RevId: 689456358 * Update the protodeps/protolists * Regenerate libraries * docs: add more cases for generating new libraries (#14806) * docs: add more cases for generating new libraries * fix * feat(oauth2): add support for external account workforce identity (#14800) * feat(oauth2): add support for external account workforce identity * move * avoid cmake dep * format * address the comments * ci: do not fail universe-domain-demo tests (#14811) * impl(mixin): add missing mixin headers to rest stub headers (#14808) * feat(parallelstore): generate library (#14805) * feat(parallelstore): generate library * Run generators and format their outputs * Add API baseline * Manually update READMEs, quickstart, and top-level stuff * use zone-id for quickstart input * refactor: prepare to parse ADC json from string (#14810) * chore(deps): update dependency build_bazel_rules_apple to v3.11.2 (#14802) * impl(compute): remove FutureReservationsClient as the service is not GA (#14812) * impl: parse impersonated ADC json (#14809) * cleanup(mixin): add one API test case for location mixin (#14813) * cleanup(mixin): add one API test case for location mixin * fix format * add test fix nit * chore: update googleapis SHA circa 2024-10-31 (#14817) PiperOrigin-RevId: 691873596 * chore(deps): update dependency rules_python to v0.37.2 (#14795) * cleanup(mixin): deduplicate mixin pb headers (#14819) * cleanup(mixin): add more test cases (#14818) * chore(compute): update discovery doc circa 20241015 (#14822) * cleanup: chrono literals (#14826) * chore(deps): update dependency rules_proto to v7 (#14827) * docs(release): update changelog for the 2024-11 release (#14830) * chore: version bump to 2.32.0-rc (#14834) * chore(deps): update dependency google_cloud_cpp to v2.31.0 (#14835) * chore(deps): update dependency rules_python to v0.38.0 (#14831) * chore(deps): update dependency build_bazel_rules_apple to v3.12.0 (#14837) * cleanup(mixin): add integration tests (#14829) * cleanup(mixin): add integration tests * fix * format * cleanup(quickstart): disable speech_quickstart_global (#14842) * cleanup(quickstart): disable speech_quickstart_global * format * ci: re-enable universe-domain-demo tests (#14843) * chore(deps): update dependency bazel to v7.4.1 (#14840) * chore(deps): update dependency rules_proto to v7.0.2 (#14839) Co-authored-by: Yao Cui <cuiyao@google.com> * feat(rest): support impersonated ADC (#14815) * chore(deps): update dependency build_bazel_rules_apple to v3.13.0 (#14844) * chore(deps): update dependency rules_python to v0.39.0 (#14845) * refactor: prepare for breaking change in Protobuf C++ API. (#14828) * cleanup(mixin): remove duplicated operations stub (#14838) * ci: enable global and add non-us region to speech quickstart (#14848) * docs(managedkafka): change old title to new title (#14846) * chore(compute): update discovery doc circa 20241112 (#14850) * impl(generator): handle deprecated services (#14849) * chore(deps): update dependency rules_python to v0.40.0 (#14847) * chore(deps): update dependency bazelbuild/bazelisk to v1.24.0 (#14851) * impl: warn but do not error on deprecated proto types (#14855) * impl(generator): remove deprecated declaration pragma (#14854) * ci: use installed cmake (#14857) * feat(rest): support generateIdToken in impersonation url (#14853) * ci: update cmake quickstart handling for storage grpc (#14856) * ci: prepare for new mdformat (#14859) * chore(deps): update dependency bazelbuild/bazelisk to v1.24.1 (#14858) --------- Co-authored-by: Mike Prieto <michaelpri10@gmail.com> Co-authored-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: Darren Bolduc <dbolduc@google.com> Co-authored-by: Yao Cui <cuiyao@google.com> Co-authored-by: Scott Hart <sdhart@google.com> Co-authored-by: evalon32 <34560232+evalon32@users.noreply.github.com> Co-authored-by: Noah Dietz <noahdietz@users.noreply.github.com>
ddelgrosso1
added a commit
that referenced
this pull request
Apr 9, 2025
* docs(pubsub): Fix region tags for Pub/Sub ingestion from GCS samples (#14773) * chore(deps): update actions/checkout digest to eef6144 (#14772) * chore(deps): update opentelemetry to v1.17.0 (#14774) * chore(deps): update grpc to v1.67.0 (#14711) * cleanup: remove unused otel compile def (#14775) * impl: API key creds for gRPC (#14776) * cleanup(oauth2): change universe domain endpoint (#14777) * impl: add ApiKeyConfig, implement in gRPC (#14778) * feat: API key authentication (#14779) * refactor(oauth2): prepare for API key auth (#14780) * impl(compute): reduce specificity on integration test error message (#14782) * cleanup(oauth2): MinimalIamCredentialsRestStub use universe domain in endpoint (#14781) * cleanup(oauth2): MinimalIamCredentialsRestStub use universe domain in endpoint * test * cleanup * split unit tests * cleanup * fix win build * fix msan-pr * impl: API key auth over REST (#14785) * docs(storage): better suggestion for deprecated API (#14786) * cleanup(storage): add comment on why no API key support (#14788) * ci: pin python version for gsutil (#14792) * chore: update vcpkg to v2024.09.30 (#14790) * chore: update googleapis SHA circa 2024-10-17 (#14793) PiperOrigin-RevId: 686790780 * cleanup: cmake compute features (#14794) * chore(deps): update dependency bazelbuild/bazelisk to v1.22.1 (#14796) * chore(deps): update protobuf to v28.3 (#14798) * chore(deps): update dependency bazel to v7.4.0 (#14797) * chore(deps): update actions/checkout digest to 11bd719 (#14799) * chore: update googleapis SHA circa 2024-10-24 (#14801) * chore: update googleapis SHA circa 2024-10-24 PiperOrigin-RevId: 689456358 * Update the protodeps/protolists * Regenerate libraries * docs: add more cases for generating new libraries (#14806) * docs: add more cases for generating new libraries * fix * feat(oauth2): add support for external account workforce identity (#14800) * feat(oauth2): add support for external account workforce identity * move * avoid cmake dep * format * address the comments * ci: do not fail universe-domain-demo tests (#14811) * impl(mixin): add missing mixin headers to rest stub headers (#14808) * feat(parallelstore): generate library (#14805) * feat(parallelstore): generate library * Run generators and format their outputs * Add API baseline * Manually update READMEs, quickstart, and top-level stuff * use zone-id for quickstart input * refactor: prepare to parse ADC json from string (#14810) * chore(deps): update dependency build_bazel_rules_apple to v3.11.2 (#14802) * impl(compute): remove FutureReservationsClient as the service is not GA (#14812) * impl: parse impersonated ADC json (#14809) * cleanup(mixin): add one API test case for location mixin (#14813) * cleanup(mixin): add one API test case for location mixin * fix format * add test fix nit * chore: update googleapis SHA circa 2024-10-31 (#14817) PiperOrigin-RevId: 691873596 * chore(deps): update dependency rules_python to v0.37.2 (#14795) * cleanup(mixin): deduplicate mixin pb headers (#14819) * cleanup(mixin): add more test cases (#14818) * chore(compute): update discovery doc circa 20241015 (#14822) * cleanup: chrono literals (#14826) * chore(deps): update dependency rules_proto to v7 (#14827) * docs(release): update changelog for the 2024-11 release (#14830) * chore: version bump to 2.32.0-rc (#14834) * chore(deps): update dependency google_cloud_cpp to v2.31.0 (#14835) * chore(deps): update dependency rules_python to v0.38.0 (#14831) * chore(deps): update dependency build_bazel_rules_apple to v3.12.0 (#14837) * cleanup(mixin): add integration tests (#14829) * cleanup(mixin): add integration tests * fix * format * cleanup(quickstart): disable speech_quickstart_global (#14842) * cleanup(quickstart): disable speech_quickstart_global * format * ci: re-enable universe-domain-demo tests (#14843) * chore(deps): update dependency bazel to v7.4.1 (#14840) * chore(deps): update dependency rules_proto to v7.0.2 (#14839) Co-authored-by: Yao Cui <cuiyao@google.com> * feat(rest): support impersonated ADC (#14815) * chore(deps): update dependency build_bazel_rules_apple to v3.13.0 (#14844) * chore(deps): update dependency rules_python to v0.39.0 (#14845) * refactor: prepare for breaking change in Protobuf C++ API. (#14828) * cleanup(mixin): remove duplicated operations stub (#14838) * ci: enable global and add non-us region to speech quickstart (#14848) * docs(managedkafka): change old title to new title (#14846) * chore(compute): update discovery doc circa 20241112 (#14850) * impl(generator): handle deprecated services (#14849) * chore(deps): update dependency rules_python to v0.40.0 (#14847) * chore(deps): update dependency bazelbuild/bazelisk to v1.24.0 (#14851) * impl: warn but do not error on deprecated proto types (#14855) * impl(generator): remove deprecated declaration pragma (#14854) * ci: use installed cmake (#14857) * feat(rest): support generateIdToken in impersonation url (#14853) * ci: update cmake quickstart handling for storage grpc (#14856) * ci: prepare for new mdformat (#14859) * chore(deps): update dependency bazelbuild/bazelisk to v1.24.1 (#14858) --------- Co-authored-by: Mike Prieto <michaelpri10@gmail.com> Co-authored-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: Darren Bolduc <dbolduc@google.com> Co-authored-by: Yao Cui <cuiyao@google.com> Co-authored-by: Scott Hart <sdhart@google.com> Co-authored-by: evalon32 <34560232+evalon32@users.noreply.github.com> Co-authored-by: Noah Dietz <noahdietz@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There could be different formats of impersonation URLs in the ADC credential files like:
We already use
base_url:generateAccessTokento generate access token.base_url:generateIdTokenis not an alternative approach to generate access token, it is used for requesting a JWT token, then we can decode it and verify theemailandaud.No matter which of them appears in the impersonation URL in the credential file, we will ignore them, we will always use
base_url[:generateAccessToken]to request access token, and usebase_url[:generateIdToken]to do verification.As mentioned by Brent, the design of impersonation URL is TBD,
:generateAccessTokenand:generateIdTokencould be removed from the impersonation URL in the credential files. I think it makes sense to support all the formats above.This change is