Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): Add hard-bound token request to compute token provider. #11588

Merged
merged 20 commits into from
Feb 19, 2025
Merged

feat(auth): Add hard-bound token request to compute token provider. #11588

merged 20 commits into from
Feb 19, 2025
+203 −84

Conversation

yamandabbagh
Copy link
Contributor

This PR allows auth to request a hard-bound token when two conditions are met:

  1. Client is allowed to request hard-bound token using the InternalOptions.AllowHardBoundTokens
  2. The transport used is mTLS using S2A.

If the two conditions are met, the compute provider will add two query parameters: transport=mtls & binding-enforcement=on to the request sent to the metadata service which will return a hard-bound token.

@yamandabbagh
Add hard-bound token request to MDS.
Loading
Loading status checks…
2a499d7
@yamandabbagh
Copy link
Contributor Author

@codyoss @quartzmo I started this draft to get your feedback on the general approach before I send a full PR with tests. Can you please take a look and share with me your thoughts on whether the location of the logic make sense and any recommendations for variable types used.

@yamandabbagh
feat(auth): Add hard-bound token request to compute token provider.
Loading
Loading status checks…
d21bbd6
@yamandabbagh
Merge branch 'main' into main
Loading
Loading status checks…
4bb93b8
@yamandabbagh
Merge branch 'googleapis:main' into main

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
Loading
Loading status checks…
53568d2
@yamandabbagh
Merge branch 'googleapis:main' into main
Loading
Loading status checks…
e770111
@quartzmo quartzmo added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 14, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 14, 2025
yamandabbagh and others added 4 commits February 14, 2025 20:07
@yamandabbagh
Change TokenBindingType to enum.
2fe9545
@yamandabbagh
Merge branch 'main' of https://github.com/yamandabbagh/google-cloud-go
Loading
Loading status checks…
80cd581
@yamandabbagh
Fix CloneDetectOptions to include TokenBindingType.
Loading
Loading status checks…
5a649ce
@quartzmo
refactor(auth): refactor GetGRPCTransportCredsAndEndpoint return type…
Loading
Loading status checks…
3629b54 
… to struct

* Embed google.golang.org/grpc/credentials.TransportCredentials interface in new struct type with additional data.

refs: googleapis#11588
@quartzmo quartzmo mentioned this pull request Feb 15, 2025
Merged
@yamandabbagh yamandabbagh marked this pull request as ready for review February 18, 2025 05:36
@yamandabbagh yamandabbagh requested a review from a team as a code owner February 18, 2025 05:36
quartzmo added a commit that referenced this pull request Feb 18, 2025
@quartzmo
refactor(auth): refactor GetGRPCTransportCredsAndEndpoint return type…
Loading
Loading status checks…
535f52e 
… to struct (#11599)

* Embed google.golang.org/grpc/credentials.TransportCredentials interface in new struct type with additional data.

refs: #11588
@yamandabbagh
Merge branch 'main' into main
Loading
Loading status checks…
745e507
@yamandabbagh
added comments and fixed transport type name.
Loading
Loading status checks…
019a019
@yamandabbagh
Added a comment
Loading
Loading status checks…
a56f339
@quartzmo quartzmo added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 18, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 18, 2025
xmenxk
xmenxk reviewed Feb 18, 2025
View reviewed changes
Copy link
Contributor

@xmenxk xmenxk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

@yamandabbagh
fix comments in detect.go file.
Loading
Loading status checks…
c9393f6
@yamandabbagh
Merge branch 'main' into main
Loading
Loading status checks…
2d65beb
larryanz pushed a commit to larryanz/google-cloud-go that referenced this pull request Feb 19, 2025
@quartzmo @larryanz
refactor(auth): refactor GetGRPCTransportCredsAndEndpoint return type…
3ee2b2f 
… to struct (googleapis#11599)

* Embed google.golang.org/grpc/credentials.TransportCredentials interface in new struct type with additional data.

refs: googleapis#11588
@yamandabbagh
Merge branch 'main' into main
Loading
Loading status checks…
14b0577
@quartzmo quartzmo added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025
@quartzmo
Merge branch 'main' into main
Loading
Loading status checks…
d6d0c46
@quartzmo quartzmo added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025
@quartzmo quartzmo merged commit 0e608bb into googleapis:main Feb 19, 2025
8 checks passed
@release-please release-please bot mentioned this pull request Feb 19, 2025
Merged
gcf-merge-on-green bot pushed a commit that referenced this pull request Feb 20, 2025
@release-please
chore(main): release auth 0.15.0 (#11613)
Loading
Loading status checks…
f2d581c 
🤖 I have created a release *beep* *boop*
---


## [0.15.0](https://togithub.com/googleapis/google-cloud-go/compare/auth/v0.14.1...auth/v0.15.0) (2025-02-19)


### Features

* **auth:** Add hard-bound token request to compute token provider. ([#11588](https://togithub.com/googleapis/google-cloud-go/issues/11588)) ([0e608bb](https://togithub.com/googleapis/google-cloud-go/commit/0e608bb5ac3d694c8ad36ca4340071d3a2c78699))

---
This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xmenxk xmenxk

@rockspore rockspore

@quartzmo quartzmo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@yamandabbagh @quartzmo @xmenxk @rockspore @kokoro-team