[
https://issues.apache.org/jira/browse/BEAM-12641?focusedWorklogId=644639&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-644639
]
ASF GitHub Bot logged work on BEAM-12641:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 31/Aug/21 21:26
Start Date: 31/Aug/21 21:26
Worklog Time Spent: 10m
Work Description: chunyang commented on a change in pull request #15004:
URL: https://github.com/apache/beam/pull/15004#discussion_r699685121
##########
File path: sdks/python/apache_beam/internal/gcp/auth.py
##########
@@ -115,29 +131,32 @@ def get_service_credentials(cls):
@staticmethod
def _get_service_credentials():
- if is_running_in_gce:
- # We are currently running as a GCE taskrunner worker.
- return _GceAssertionCredentials(user_agent='beam-python-sdk/1.0')
Review comment:
Thanks for the review @tvalentyn. My understanding is that the
`google.auth.default()` call in [line
151](https://github.com/apache/beam/pull/15004/files#diff-21a78a52eca0c898070d58302127a9bb5cdb5de512ec16b9b3d945e0b84b694cR151)
will attempt to find credentials on GCE VMs using the instance Metadata Server
so we don't need a special case within the Beam code. Is this something we can
check via the existing integration tests?
https://github.com/googleapis/google-auth-library-python/blob/08c987d0215c9d3e230efe5b7c13e6b8197267bc/google/auth/_default.py#L386-L389
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 644639)
Time Spent: 1h 40m (was: 1.5h)
> Support GCP auth using custom token URIs
> ----------------------------------------
>
> Key: BEAM-12641
> URL: https://issues.apache.org/jira/browse/BEAM-12641
> Project: Beam
> Issue Type: Improvement
> Components: sdk-py-core
> Reporter: Chun Yang
> Assignee: Chun Yang
> Priority: P3
> Labels: auth, gcp, python
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Feature request: Allow authenticating to GCP with service account credentials
> that use a custom token URI.
> {quote}We use the {{service_account}} credential type. Older versions
> (oauth2client) supported this type, BUT they only supported using google
> endpoints for issuing credentials, where we use a custom {{token_uri}} to
> issue credentials. New versions (google-auth) will reference our custom
> {{token_uri}}.{quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
