Skip to content

feat: enable self signed jwt for service account credentials#1553

Merged
gcf-merge-on-green[bot] merged 1 commit into
mainfrom
jwt
Oct 7, 2021
Merged

feat: enable self signed jwt for service account credentials#1553
gcf-merge-on-green[bot] merged 1 commit into
mainfrom
jwt

Conversation

@arithmetic1728

@arithmetic1728 arithmetic1728 commented Oct 6, 2021
edited
Loading

Copy link
Copy Markdown
Contributor

Enable self signed jwt if google-auth service account credentials are used.

Tested with Storage, Compute and PubSub APIs:

import googleapiclient.discovery

project = "<project>"
zone = "us-west1-a"

compute = googleapiclient.discovery.build('compute', 'v1')
result = compute.instances().list(project=project, zone=zone).execute()
print(result)

storage = googleapiclient.discovery.build('storage', 'v1')
result = storage.buckets().list(project=project).execute()
print(result)

topic = "<topic>"
pubsub = googleapiclient.discovery.build('pubsub', 'v1')
result = pubsub.projects().topics().get(topic=f"projects/{project}/topics/{topic}").execute()
print(result)

@google-cla google-cla Bot added the cla: yes This human has signed the Contributor License Agreement. label Oct 6, 2021
@arithmetic1728 arithmetic1728 marked this pull request as ready for review October 6, 2021 22:41
@arithmetic1728 arithmetic1728 requested review from a team and busunkim96 October 6, 2021 22:41
@busunkim96

busunkim96 commented Oct 7, 2021

Copy link
Copy Markdown
Contributor

@arithmetic1728 I vaguely remember being told this was only implemented for GAPICs as self-signed JWT isn't guaranteed to work for all the APIs listed in the directory. Is that a non-issue now?

@arithmetic1728 arithmetic1728 added automerge Merge the pull request once unit tests and other checks pass. kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Oct 7, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 7, 2021
@gcf-merge-on-green gcf-merge-on-green Bot merged commit 1fb3c8e into main Oct 7, 2021
@gcf-merge-on-green gcf-merge-on-green Bot deleted the jwt branch October 7, 2021 22:08
@gcf-merge-on-green gcf-merge-on-green Bot removed the automerge Merge the pull request once unit tests and other checks pass. label Oct 7, 2021
@vriesk

vriesk commented Oct 12, 2021

Copy link
Copy Markdown

Hi!

This breaks (at least) the drive/v3 files list API (server starts throwing 500s). Manually disabling this with build(.... always_use_jwt_access=False) makes it work again.

@arithmetic1728

arithmetic1728 commented Oct 12, 2021

Copy link
Copy Markdown
Contributor Author

@vriesk Thank you for bringing it up. I tested with the following sample, it did break. Will investigate more.

import googleapiclient.discovery

drive = googleapiclient.discovery.build('drive', 'v3', always_use_jwt_access=True)
result = drive.files().list(corpora="user").execute()
print(result)

@arithmetic1728

arithmetic1728 commented Oct 12, 2021

Copy link
Copy Markdown
Contributor Author

Created PR #1566 to disable self signed jwt.

@vriesk

vriesk commented Oct 13, 2021

Copy link
Copy Markdown

Thanks for the quick fix. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@busunkim96 busunkim96 busunkim96 approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@arithmetic1728 @busunkim96 @vriesk @yoshi-kokoro