diff --git a/.gitignore b/.gitignore
index 598752fa6..827456514 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,3 +39,6 @@ pylintrc.test
pytype_output/
.python-version
+.DS_Store
+cert_path
+key_path
\ No newline at end of file
diff --git a/google/auth/iam.py b/google/auth/iam.py
index bd0500457..9e3887909 100644
--- a/google/auth/iam.py
+++ b/google/auth/iam.py
@@ -28,7 +28,7 @@
from google.auth import crypt
from google.auth import exceptions
-_IAM_API_ROOT_URI = "https://iam.googleapis.com/v1"
+_IAM_API_ROOT_URI = "https://iamcredentials.googleapis.com/v1"
_SIGN_BLOB_URI = _IAM_API_ROOT_URI + "/projects/-/serviceAccounts/{}:signBlob?alt=json"
@@ -71,7 +71,7 @@ def _make_signing_request(self, message):
url = _SIGN_BLOB_URI.format(self._service_account_email)
headers = {}
body = json.dumps(
- {"bytesToSign": base64.b64encode(message).decode("utf-8")}
+ {"payload": base64.b64encode(message).decode("utf-8")}
).encode("utf-8")
self._credentials.before_request(self._request, method, url, headers)
@@ -97,4 +97,4 @@ def key_id(self):
@_helpers.copy_docstring(crypt.Signer)
def sign(self, message):
response = self._make_signing_request(message)
- return base64.b64decode(response["signature"])
+ return base64.b64decode(response["signedBlob"])
diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
index 262ce84f5..498b75b22 100644
--- a/system_tests/test_service_account.py
+++ b/system_tests/test_service_account.py
@@ -16,6 +16,7 @@
from google.auth import _helpers
from google.auth import exceptions
+from google.auth import iam
from google.oauth2 import service_account
@@ -46,3 +47,19 @@ def test_refresh_success(http_request, credentials, token_info):
"https://www.googleapis.com/auth/userinfo.profile",
]
)
+
+def test_iam_signer(http_request, credentials):
+ credentials = credentials.with_scopes(
+ ["https://www.googleapis.com/auth/iam"]
+ )
+
+ # Verify iamcredentials signer.
+ signer = iam.Signer(
+ http_request,
+ credentials,
+ credentials.service_account_email
+ )
+
+ signed_blob = signer.sign("message")
+
+ assert isinstance(signed_blob, bytes)
diff --git a/tests/compute_engine/test_credentials.py b/tests/compute_engine/test_credentials.py
index 98def0fc5..363dc9dbb 100644
--- a/tests/compute_engine/test_credentials.py
+++ b/tests/compute_engine/test_credentials.py
@@ -354,11 +354,11 @@ def test_with_target_audience_integration(self):
signature = base64.b64encode(b"some-signature").decode("utf-8")
responses.add(
responses.POST,
- "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
- "service-account@example.com:signBlob?alt=json",
+ "https://iamcredentials.googleapis.com/v1/projects/-/"
+ "serviceAccounts/service-account@example.com:signBlob?alt=json",
status=200,
content_type="application/json",
- json={"keyId": "some-key-id", "signature": signature},
+ json={"keyId": "some-key-id", "signedBlob": signature},
)
id_token = "{}.{}.{}".format(
diff --git a/tests/test_iam.py b/tests/test_iam.py
index c98a138f9..ea7d08a40 100644
--- a/tests/test_iam.py
+++ b/tests/test_iam.py
@@ -78,7 +78,7 @@ def test_key_id(self):
def test_sign_bytes(self):
signature = b"DEADBEEF"
encoded_signature = base64.b64encode(signature).decode("utf-8")
- request = make_request(http_client.OK, data={"signature": encoded_signature})
+ request = make_request(http_client.OK, data={"signedBlob": encoded_signature})
credentials = make_credentials()
signer = iam.Signer(request, credentials, mock.sentinel.service_account_email)
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy