feat: Support user defined or json defined scopes for impersonated token #1815
Conversation
lqiu96
force-pushed
the
impersonated-cred-scopes
branch
from
4ec205f to
7705a7b
Compare
|
| if (json.containsKey("scopes")) { | ||
| scopes = ImmutableList.copyOf((List<String>) json.get("scopes")); | ||
| } |
There was a problem hiding this comment.
This scopes field was recently added and may not exist in existing ImpersonatedCred Json files. Check if it exists
| */ | ||
| @CanIgnoreReturnValue | ||
| public Builder setScopes(List<String> scopes) { | ||
| Preconditions.checkNotNull(scopes, "Scopes cannot be null"); |
There was a problem hiding this comment.
Constructor has a null check that threw a IllegalStateException runtime exception. Enforce this on the setter so users don't pass in an invalid data.
This never worked, so we don't expect any breakages or changes in behavior.
zhumin8
left a comment
zhumin8
left a comment
There was a problem hiding this comment.
Change LGTM.
Got question about CLOUD_PLATFORM_SCOPE used for sourceCredentials, but I think it does not block this change.
| this.sourceCredentials = | ||
| this.sourceCredentials.createScoped(Arrays.asList(CLOUD_PLATFORM_SCOPE)); | ||
| this.sourceCredentials.createScoped( | ||
| Collections.singletonList(OAuth2Utils.CLOUD_PLATFORM_SCOPE)); |
There was a problem hiding this comment.
Does it work or is it better to switch to https://www.googleapis.com/auth/iam?
There was a problem hiding this comment.
I think either should work: https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/generateAccessToken#authorization-scopes
Not sure if there is a preference. I can update if there is.
2 participants
See b/450322374 for more information
Changes
scopesvalue from the JSON fileLots of smaller changes in test files from smaller refactors related to create a
CLOUD_PLATFORM_SCOPEconstant and such.