[GitHub] [nifi] s9514171 commented on a change in pull request #4905: NIFI-8332 Service account impersonation support for GCP credential co…

Wed, 17 Mar 2021 01:22:06 -0700 


s9514171 commented on a change in pull request #4905:
URL: https://github.com/apache/nifi/pull/4905#discussion_r595798854



##########
File path: 
nifi-nar-bundles/nifi-gcp-bundle/nifi-gcp-processors/src/main/java/org/apache/nifi/processors/gcp/credentials/factory/CredentialPropertyDescriptors.java
##########
@@ -89,4 +89,57 @@ private CredentialPropertyDescriptors() {}
             .sensitive(true)
             .build();
 
+    /**
+     * Specifies use of Service Account Impersonation Credentials
+     *
+     * @see <a 
href="https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials";>
+     *     Google Service Account Impersonation
+     *     </a>
+     */
+    public static final PropertyDescriptor IMPERSONATE_SERVICE_ACCOUNT = new 
PropertyDescriptor.Builder()
+            .name("impersonate-service-account")
+            .displayName("Impersonate Service Account")
+            
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+            .required(false)
+            .sensitive(false)
+            .description("The service account to impersonate.")
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            .build();
+
+    public static final PropertyDescriptor IMPERSONATE_DELEGATION_CHAIN = new 
PropertyDescriptor.Builder()
+            .name("impersonate-delegation-chain")
+            .displayName("Impersonate Delegation Chain")
+            
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+            .required(false)
+            .sensitive(false)
+            .description("A comma-separated list of chained delegates that 
required to grant the final access_token. "
+                    + "This property is valid only when using the service 
account impersonation strategy; otherwise, it is ignored.")
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            .dependsOn(IMPERSONATE_SERVICE_ACCOUNT)
+            .build();
+
+    public static final PropertyDescriptor IMPERSONATE_OAUTH_SCOPE = new 
PropertyDescriptor.Builder()
+            .name("impersonate-oauth-scope")
+            .displayName("Impersonate OAuth Scope")
+            
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
+            .required(true)
+            .sensitive(false)
+            .description("A comma-separated list of scopes to request during 
the authorization grant. "
+                    + "This property is valid only when using the service 
account impersonation strategy; otherwise, it is ignored.")
+            .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
+            .dependsOn(IMPERSONATE_SERVICE_ACCOUNT)
+            .build();
+
+    public static final PropertyDescriptor IMPERSONATE_CREDENTIAL_LIFETIME = 
new PropertyDescriptor.Builder()

Review comment:
       Google's SDK will auto-refreshed by itself. if you want to revoke, need 
to set in IAM




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to