Skip to content

feat(auth): external credential type in auth #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rakshasa-1729 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat(auth): external credential type in auth #906

rakshasa-1729 wants to merge 3 commits into from

Conversation

@rakshasa-1729
Copy link

@rakshasa-1729 rakshasa-1729 commented Jun 6, 2025

Summary

Related to #578

Adds support for the external_account service account type, which is used in Workload Identity Federation.

@rakshasa-1729 rakshasa-1729 requested review from a team, TheKevJames and cphoward as code owners June 6, 2025 18:43
@rakshasa-1729 rakshasa-1729 requested review from eddiedialpad, gabija-dialpad and olidp and removed request for a team June 6, 2025 18:43
@rakshasa-1729
Copy link
Author

rakshasa-1729 commented Jun 22, 2025

@TheKevJames Could use some help triggering the integration tests once

@cagataygurturk
Copy link

cagataygurturk commented Jul 14, 2025

Hi any ETA here?

cagataygurturk
cagataygurturk suggested changes Jul 15, 2025
View reviewed changes
auth/gcloud/aio/auth/token.py
"""Get the subject token from the credential source."""
source_type = credential_source.get('type')
if not source_type:
raise ValueError('Credential source missing type')
Copy link

@cagataygurturk cagataygurturk Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, the source_type property is not mandatory as far as I understand. When we download a configuration file, this is what we get:

{
  "universe_domain": "googleapis.com",
  "type": "external_account",
  "audience": "WORKLOAD_IDENTITY_PROVIDER_ID",
  "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
  "token_url": "https://sts.googleapis.com/v1/token",
  "credential_source": {
    "file": "/var/run/secrets/kubernetes.io/serviceaccount/token",
    "format": {
      "type": "text"
    }
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheKevJames TheKevJames Awaiting requested review from TheKevJames TheKevJames is a code owner

@cphoward cphoward Awaiting requested review from cphoward cphoward is a code owner

@eddiedialpad eddiedialpad Awaiting requested review from eddiedialpad eddiedialpad is a code owner automatically assigned from talkiq/engineering

@olidp olidp Awaiting requested review from olidp olidp is a code owner automatically assigned from talkiq/engineering

@gabija-dialpad gabija-dialpad Awaiting requested review from gabija-dialpad gabija-dialpad is a code owner automatically assigned from talkiq/engineering

1 more reviewer

@cagataygurturk cagataygurturk cagataygurturk requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rakshasa-1729 @cagataygurturk