Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update samples for new auth #4383

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

codyoss
Copy link
Member

@codyoss codyoss commented Sep 16, 2024

  • Remove a couple of old unused samples
  • Switch apiary examples to use NewService variant or constructs that don't require users to pass a client in
  • Update all refs of old auth library to new

@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label Sep 16, 2024
@codyoss codyoss marked this pull request as ready for review September 16, 2024 20:55
@codyoss codyoss requested review from a team as code owners September 16, 2024 20:55
Copy link

snippet-bot bot commented Sep 16, 2024

Here is the summary of changes.

You are about to delete 4 region tags.

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

  • Refresh this comment

@grayside
Copy link
Contributor

Thanks for updating these samples Cody! Did you intend to remove several region tags?

@codyoss
Copy link
Member Author

codyoss commented Sep 16, 2024

@grayside Yeah, should have called that out in the commit message. It is from the two files I deleted that were non-code and not associated with any code. I verified these relics where not being used anywhere :)

@codyoss codyoss requested a review from a team as a code owner September 17, 2024 13:52
@telpirion telpirion self-assigned this Sep 17, 2024
Copy link
Collaborator

@telpirion telpirion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No notes! I always learn so much from reading your Go code.

dts, err := downscope.NewTokenSource(ctx, downscope.DownscopingConfig{RootSource: rootSource, Rules: accessBoundary})
// downscope.NewCredentials constructs the credentials with the
// configuration provided.
downscopedCreds, err := downscope.NewCredentials(&downscope.Options{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

observation: this is interesting that it's no longer necessary to provide a context object for new credentials.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The context for the old libraries has one thing they were used for: a way to shove an http.Client into the context that was later used during token exchanges. This is now an explicit param on the options struct. Everything in auth is evaluated lazy so you don't need a context when creating objects as no network calls are made.

auth/id_token_from_impersonated_credentials.go Outdated Show resolved Hide resolved
codyoss added a commit to codyoss/golang-samples that referenced this pull request Sep 18, 2024
Noticed this was still needed in GoogleCloudPlatform#4383. Note we should also switch
latest to 1.23, but I did not in this PR because the image has not
been built yet.
serviceAccountFile = flag.String("service-account-file", "", "Path to service account JSON file. Required.")
serviceAccountEmail = flag.String("service-account-email", "", "Path email associated with the service account. Required.")
url = flag.String("url", "", "The request url. Required.")
audience = flag.String("audience", "", "The audience for the JWT. equired")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that this was already an issue but I think this is supposed to be Required instead of equired.

serviceAccountEmail = flag.String("service-account-email", "", "Path email associated with the service account. Required.")
url = flag.String("url", "", "The request url. Required.")
audience = flag.String("audience", "", "The audience for the JWT. equired")
serviceAccountFile = flag.String("service-account-file", "", "Path to service account JSON file. Required.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused why we are dropping the serviceAccountEmail but still leaving it in what is line 40 below.

)

func main() {
flag.Parse()

if *audience == "" || *url == "" || *serviceAccountFile == "" || *serviceAccountEmail == "" {
if *audience == "" || *url == "" || *serviceAccountFile == "" {
fmt.Println("requires: --url, --audience, --service-account-file, --service-account-email")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect you might have wanted to drop , --service-account-email" from this Println based on the removal of the serviceAccountEmail


// Extract the RSA private key from the service account keyfile.
sa, err := ioutil.ReadFile(saKeyfile)
func generateJWT(saKeyfile, audience string) (string, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one has me stumped and I looked over here https://github.com/googleapis/google-cloud-go/blob/f847c75df3bda9d74257ab68e55ac01191c287fc/auth/credentials/detect.go#L75

It seems like it's changing what we're showing here and maybe it's all taken care of by the underlying changes in the library.

If you take a look at this page https://cloud.google.com/api-gateway/docs/authenticate-service-account#go and look at the different language implementations it's showing the same overall concept, but now this has changed and it might be confusing if someone was comparing between implementations as to whether it's showing the same thing?

I checked the design doc and. Ididn't see anything about this, so could you explain it a bit more to me ? (not in the code, but just trying to figure out whether the sample is the same just implementation has changed and differs between languages)

muncus added a commit that referenced this pull request Oct 24, 2024
Noticed this was still needed in #4383. Note we should also switch
latest to 1.23, but I did not in this PR because the image has not
been built yet.

Co-authored-by: Eric Schmidt <erschmid@google.com>
Co-authored-by: Marc Dougherty <muncus@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
samples Issues that are directly related to samples.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants