Skip to content

feat: add support for service account impersonation #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
enocom merged 5 commits into from
Dec 7, 2022
Merged

feat: add support for service account impersonation #192

enocom merged 5 commits into from
Dec 7, 2022

Conversation

@enocom
Copy link
Member

@enocom enocom commented Dec 7, 2022

@enocom enocom requested a review from a team December 7, 2022 19:50
kurtisvg
kurtisvg approved these changes Dec 7, 2022
View reviewed changes
hessjcg
hessjcg previously requested changes Dec 7, 2022
View reviewed changes
Copy link
Contributor

@hessjcg hessjcg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See if you can get rid of the redundant switch statement.

internal/proxy/proxy.go
if c.ImpersonateTarget != "" {
var iopts []option.ClientOption
switch {
case c.Token != "":
Copy link
Contributor

@hessjcg hessjcg Dec 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this switch statement from line 130-150 are much identical to lines 166-189. Could you somehow
combine those into a separate function?

iopts := c.withCredentialSource(l) // switch statement in here
if c.ImpersonateTarget != "" {
   ts, err := impersonate.CredentialsTokenSource( ... iopts)
   // ... error handling, etc
   return alloydbconn.WithTokenSource(ts)
}
return iopts

Copy link
Contributor

@kurtisvg kurtisvg Dec 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are making significant changes to this PR we should make sure to update the Cloud SQL go connector as well

Copy link
Member Author

@enocom enocom Dec 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's fix this in the v2 proxy and port the change here.

@enocom enocom dismissed hessjcg’s stale review December 7, 2022 22:20

We'll land this change in the Cloud SQL proxy and port it back over here.

@enocom enocom merged commit de15073 into main Dec 7, 2022
@enocom enocom deleted the impersonation branch December 7, 2022 22:22
@release-please release-please bot mentioned this pull request Dec 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@kurtisvg kurtisvg kurtisvg approved these changes

@hessjcg hessjcg hessjcg left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@enocom @kurtisvg @hessjcg