Closed zhrebicek closed 5 months ago
@djc @hrvolapeter Hi, what do I need to do to get this merged?
As I added get_token_with_subject
and left get_token
as is, it should not be breaking change.
Hi @zhrebicek I had a look and I think it looks good. But I'd like to get review from @djc as well let's give him a few more days he might be on vacation somewhere
Most of this seems fine. The thing I'm somewhat concerned is about is that this offers the subject
API on all kinds of ServiceAccount
implementations, even though only the CustomServiceAccount
really supports it. Maybe this should be offered as an API that's only available directly from a CustomServiceAccount
instance instead? That will require a bit of refactoring...
@djc yeah it makes sense, how would you imagine it refactored?
Should AuthenticationManager
become trait with some special case for CustomServiceAccount
?
With something like DefaultAuthenticationManager
and CustomAuthenticationManager
?
Maybe I need to revisit our usage in code, and check this library some more to know better place as you say on CustomServiceAccount
.
I've submitted a different approach in #106, all feedback welcome!
Merged #106 instead.
This is useful when you want to access stuff like Google Workspace API, where you can't just use service account but need to impersonate use with correct rights in google workspace.
Tested it with my code and was able to access google workspace alerts.
If needed I can tweak naming of
get_token_with_subject
and comment, but otherwise looks it fits.