airflow.providers.google.cloud.utils.external_token_supplier

Module Contents

Classes

CacheTokenSupplier

A superclass for all Subject Token Supplier classes that wish to implement a caching mechanism.

ClientCredentialsGrantFlowTokenSupplier

Class that retrieves an OIDC token from an external IdP using OAuth2.0 Client Credentials Grant flow.

Functions

cache_token_decorator(get_subject_token_method)

Cache calls to SubjectTokenSupplier instances' get_token_supplier methods.
airflow.providers.google.cloud.utils.external_token_supplier.cache_token_decorator(get_subject_token_method)[source]

Cache calls to SubjectTokenSupplier instances’ get_token_supplier methods.

Different instances of a same SubjectTokenSupplier class with the same attributes share the OIDC token cache.

Parameters

get_subject_token_method – A method that returns both a token and an integer specifying the time in seconds until the token expires

See also:

https://googleapis.dev/python/google-auth/latest/reference/google.auth.identity_pool.html#google.auth.identity_pool.SubjectTokenSupplier.get_subject_token

class airflow.providers.google.cloud.utils.external_token_supplier.CacheTokenSupplier[source]

Bases: airflow.utils.log.logging_mixin.LoggingMixin, google.auth.identity_pool.SubjectTokenSupplier

A superclass for all Subject Token Supplier classes that wish to implement a caching mechanism.

Child classes must implement the get_subject_key method to generate a string that serves as the cache key, ensuring that tokens are shared appropriately among instances.

Methods:

get_subject_key: Abstract method to be implemented by child classes. It should return a string that serves as the cache key.

abstract get_subject_key()[source]
class airflow.providers.google.cloud.utils.external_token_supplier.ClientCredentialsGrantFlowTokenSupplier(oidc_issuer_url, client_id, client_secret, **extra_params_kwargs)[source]

Bases: CacheTokenSupplier

Class that retrieves an OIDC token from an external IdP using OAuth2.0 Client Credentials Grant flow.

This class implements the SubjectTokenSupplier interface class used by google.auth.identity_pool.Credentials

Params oidc_issuer_url

URL of the IdP that performs OAuth2.0 Client Credentials Grant flow and returns an OIDC token.

Params client_id

Client ID of the application requesting the token

Params client_secret

Client secret of the application requesting the token

Params extra_params_kwargs

Extra parameters to be passed in the payload of the POST request to the oidc_issuer_url

See also:

https://googleapis.dev/python/google-auth/latest/reference/google.auth.identity_pool.html#google.auth.identity_pool.SubjectTokenSupplier

get_subject_token(context, request)[source]

Perform Client Credentials Grant flow with IdP and retrieves an OIDC token and expiration time.

get_subject_key()[source]

Create a cache key using the OIDC issuer URL, client ID, client secret and additional parameters.

Instances with the same credentials will share tokens.

Was this entry helpful?