fix: fix impersonated cred for gcloud (#516)
* fix: fix impersonated cred for gcloud
(1) For IDTokenCredentials.refresh(self.request), use the provided
request instead of creating a new one
(2) For Credentials, only refresh the source credentials if it is not
valid
* update expired func
diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py
index 4299802..c682277 100644
--- a/google/auth/impersonated_credentials.py
+++ b/google/auth/impersonated_credentials.py
@@ -226,10 +226,6 @@
def refresh(self, request):
self._update_token(request)
- @property
- def expired(self):
- return _helpers.utcnow() >= self.expiry
-
def _update_token(self, request):
"""Updates credentials with a new access_token representing
the impersonated account.
@@ -239,8 +235,9 @@
to use for refreshing credentials.
"""
- # Refresh our source credentials.
- self._source_credentials.refresh(request)
+ # Refresh our source credentials if it is not valid.
+ if not self._source_credentials.valid:
+ self._source_credentials.refresh(request)
body = {
"delegates": self._delegates,
@@ -347,7 +344,9 @@
headers = {"Content-Type": "application/json"}
- authed_session = AuthorizedSession(self._target_credentials._source_credentials)
+ authed_session = AuthorizedSession(
+ self._target_credentials._source_credentials, auth_request=request
+ )
response = authed_session.post(
url=iam_sign_endpoint,