diff options
| author | robot-piglet <robot-piglet@yandex-team.com> | 2024-07-23 07:47:34 +0300 |
|---|---|---|
| committer | robot-piglet <robot-piglet@yandex-team.com> | 2024-07-23 07:56:54 +0300 |
| commit | e9497f65d8bbe478a583fa31b74e03a8d342ff5f (patch) | |
| tree | 48793f79ab80ae9a82e77744ed89f82aeee8e59a /contrib/python/google-auth/py3/google/auth/external_account.py | |
| parent | 973312112362cf03ce0f7d4e5fdbcb63d1166670 (diff) | |
| download | ydb-e9497f65d8bbe478a583fa31b74e03a8d342ff5f.tar.gz | |
Intermediate changes
Diffstat (limited to 'contrib/python/google-auth/py3/google/auth/external_account.py')
| -rw-r--r-- | contrib/python/google-auth/py3/google/auth/external_account.py | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/contrib/python/google-auth/py3/google/auth/external_account.py b/contrib/python/google-auth/py3/google/auth/external_account.py index 3943de2a34..df0511f255 100644 --- a/contrib/python/google-auth/py3/google/auth/external_account.py +++ b/contrib/python/google-auth/py3/google/auth/external_account.py @@ -31,6 +31,7 @@ import abc import copy from dataclasses import dataclass import datetime +import functools import io import json import re @@ -394,6 +395,12 @@ class Credentials( def refresh(self, request): scopes = self._scopes if self._scopes is not None else self._default_scopes + # Inject client certificate into request. + if self._mtls_required(): + request = functools.partial( + request, cert=self._get_mtls_cert_and_key_paths() + ) + if self._should_initialize_impersonated_credentials(): self._impersonated_credentials = self._initialize_impersonated_credentials() @@ -523,6 +530,33 @@ class Credentials( return metrics_options + def _mtls_required(self): + """Returns a boolean representing whether the current credential is configured + for mTLS and should add a certificate to the outgoing calls to the sts and service + account impersonation endpoint. + + Returns: + bool: True if the credential is configured for mTLS, False if it is not. + """ + return False + + def _get_mtls_cert_and_key_paths(self): + """Gets the file locations for a certificate and private key file + to be used for configuring mTLS for the sts and service account + impersonation calls. Currently only expected to return a value when using + X509 workload identity federation. + + Returns: + Tuple[str, str]: The cert and key file locations as strings in a tuple. + + Raises: + NotImplementedError: When the current credential is not configured for + mTLS. + """ + raise NotImplementedError( + "_get_mtls_cert_and_key_location must be implemented." + ) + @classmethod def from_info(cls, info, **kwargs): """Creates a Credentials instance from parsed external account info. |