Skip to content

feat: adds trust boundary lookup support for SA and impersonated credentials #1671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: adds trust boundary lookup support for SA and impersonated credentials #1671

wants to merge 1 commit into from

Conversation

aeitzman
Copy link
Contributor

No description provided.

@aeitzman aeitzman added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Feb 15, 2025
@aeitzman aeitzman requested review from a team as code owners February 15, 2025 00:24
nbayati
nbayati reviewed Feb 28, 2025
View reviewed changes
google/auth/credentials.py
@@ -26,6 +28,8 @@
from google.auth._refresh_worker import RefreshThreadManager

DEFAULT_UNIVERSE_DOMAIN = "googleapis.com"
NO_OP_TRUST_BOUNDARY_LOCATIONS: "typing.Tuple[str]" = ()
Copy link

@nbayati nbayati Feb 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know in the design doc we had an empty list for locations field in the response but it turns out the lookup endpoint only returns "encodedLocations": "0x0" if an account is not allow-listed, or trust boundary has not been setup. I got this response from the endpoint when testing, and confirmed it with Annan.

{
  "encodedLocations": "0x0"
}

So we need to update both the _parse_trust_boundary and _has_no_op_trust_boundary methods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbayati nbayati nbayati left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@sai-sunder-s sai-sunder-s

@lsirac lsirac

Labels
do not merge Indicates a pull request not ready for merge, due to either quality or timing.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aeitzman @nbayati @sai-sunder-s @lsirac