Re: [PR] feat: full support for google credentials in gcloud-aio clients [airflow]

Fri, 19 Jan 2024 00:10:49 -0800 


m1racoli commented on code in PR #36849:
URL: https://github.com/apache/airflow/pull/36849#discussion_r1458541688


##########
airflow/providers/google/common/hooks/base_google.py:
##########
@@ -623,6 +628,51 @@ def test_connection(self):
         return status, message
 
 
+class CredentialsToken(Token):
+    """A token implementation which makes Google credentials objects 
accessible to [gcloud-aio](https://talkiq.github.io/gcloud-aio/) clients.
+
+    This class allows us to create token instances from credentials objects 
and thus supports a variety of use cases for Google
+    credentials in Airflow (i.e. impersonation chain). By relying on a 
existing credentials object we leverage functionality provided by the 
GoogleBaseHook
+    for generating credentials objects.
+    """
+
+    def __init__(
+        self,
+        credentials: Credentials,
+        *,
+        project: str | None = None,
+        session: ClientSession | None = None,
+    ) -> None:
+        super().__init__(session=cast(Session, session))
+        self.credentials = credentials
+        self.project = project
+
+    @classmethod
+    async def from_hook(
+        cls,
+        hook: GoogleBaseHook,
+        *,
+        session: ClientSession | None = None,
+    ) -> CredentialsToken:
+        credentials, project = hook.get_credentials_and_project_id()
+        return cls(
+            credentials=credentials,
+            project=project,
+            session=session,
+        )
+
+    async def get_project(self) -> str | None:
+        return self.project

Review Comment:
   We are subclassing `cloud.aio.auth.token.Token` which is used in the 
corresponding `gcloud-aio` clients. It mostly provides two asynchronous methods 
`get` and `get_project`, which are used in the clients to perform certain 
actions. Without it the implementation of `CredentialsToken` would be 
incomplete and could cause problems.
   
   Even though we currently pass the `project` argument in all client 
instances, not re-implementing this method could cause side effects in those 
clients in the future. All clients rely on the [token's 
get_project](https://github.com/talkiq/gcloud-aio/blob/f1132b005ba35d8059229a9ca88b90f31f77456d/bigquery/gcloud/aio/bigquery/bigquery.py#L93)
 method, if no project has been specified.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to