Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: define CredentialAccessBoundary classes #793

Merged
merged 2 commits into from
Jul 8, 2021
Merged

feat: define CredentialAccessBoundary classes #793

merged 2 commits into from
Jul 8, 2021

Conversation

bojeil-google
Copy link
Contributor

Defines the following classes:

  • google.auth.downscoped.CredentialAccessBoundary
  • google.auth.downscoped.AccessBoundaryRule
  • google.auth.downscoped.AvailabilityCondition

This is based on Downscoping with Credential Access Boundaries.
These classes help define the list of access boundary rules,
each of which contains information on the resource that the rule
applies to, the upper bound of the permissions that are available
on that resource and an optional condition to further restrict
permissions.

Defines the following classes:
- `google.auth.downscoped.CredentialAccessBoundary`
- `google.auth.downscoped.AccessBoundaryRule`
- `google.auth.downscoped.AvailabilityCondition`

This is based on [Downscoping with Credential Access Boundaries](https://cloud.google.com/iam/docs/downscoping-short-lived-credentials).
These classes help define the list of access boundary rules,
each of which contains information on the resource that the rule
applies to, the upper bound of the permissions that are available
on that resource and an optional condition to further restrict
permissions.
@bojeil-google bojeil-google requested a review from a team as a code owner July 2, 2021 23:08
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Jul 2, 2021
@bojeil-google
Copy link
Contributor Author

Note to reviewers. The failing tests seem to be unrelated to this change.

@arithmetic1728
Copy link
Contributor

@busunkim96 Seems the refresh token is expired/revoked again for the system test. Does the user account have token rotations now?

@busunkim96
Copy link
Contributor

@arithmetic1728 Nope the process for getting that approved has been rather slow. I'll rotate it again in a separate PR.

@tseaver tseaver mentioned this pull request Jul 8, 2021
@tseaver tseaver merged commit d883921 into googleapis:master Jul 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants