Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: enable self signed jwt for service account credentials #1553

Merged
merged 1 commit into from
Oct 7, 2021
Merged

feat: enable self signed jwt for service account credentials #1553

merged 1 commit into from
Oct 7, 2021

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Oct 6, 2021
edited
Loading

Enable self signed jwt if google-auth service account credentials are used.

Tested with Storage, Compute and PubSub APIs:

import googleapiclient.discovery

project = "<project>"
zone = "us-west1-a"

compute = googleapiclient.discovery.build('compute', 'v1')
result = compute.instances().list(project=project, zone=zone).execute()
print(result)

storage = googleapiclient.discovery.build('storage', 'v1')
result = storage.buckets().list(project=project).execute()
print(result)

topic = "<topic>"
pubsub = googleapiclient.discovery.build('pubsub', 'v1')
result = pubsub.projects().topics().get(topic=f"projects/{project}/topics/{topic}").execute()
print(result)

@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Oct 6, 2021
@arithmetic1728 arithmetic1728 marked this pull request as ready for review October 6, 2021 22:41
@arithmetic1728 arithmetic1728 requested a review from a team as a code owner October 6, 2021 22:41
@busunkim96
Copy link
Contributor

@arithmetic1728 I vaguely remember being told this was only implemented for GAPICs as self-signed JWT isn't guaranteed to work for all the APIs listed in the directory. Is that a non-issue now?

@arithmetic1728 arithmetic1728 added automerge Merge the pull request once unit tests and other checks pass. kokoro:force-run Add this label to force Kokoro to re-run the tests. labels Oct 7, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 7, 2021
@gcf-merge-on-green gcf-merge-on-green bot merged commit 1fb3c8e into main Oct 7, 2021
@gcf-merge-on-green gcf-merge-on-green bot deleted the jwt branch October 7, 2021 22:08
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge Merge the pull request once unit tests and other checks pass. label Oct 7, 2021
@vriesk
Copy link

vriesk commented Oct 12, 2021

Hi!

This breaks (at least) the drive/v3 files list API (server starts throwing 500s). Manually disabling this with build(.... always_use_jwt_access=False) makes it work again.

@arithmetic1728
Copy link
Contributor Author

@vriesk Thank you for bringing it up. I tested with the following sample, it did break. Will investigate more.

import googleapiclient.discovery

drive = googleapiclient.discovery.build('drive', 'v3', always_use_jwt_access=True)
result = drive.files().list(corpora="user").execute()
print(result)

@arithmetic1728
Copy link
Contributor Author

Created PR #1566 to disable self signed jwt.

@vriesk
Copy link

vriesk commented Oct 13, 2021

Thanks for the quick fix. :)

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@busunkim96 busunkim96 busunkim96 approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arithmetic1728 @busunkim96 @vriesk @yoshi-kokoro