deprecate ProjectID as its unused (#10)

Author: someone1

README.md

@@ -6,6 +6,12 @@ Google Cloud Platform (Cloud KMS, IAM API, & AppEngine App Identity API) jwt-go
 
 Google Cloud KMS [now supports signatures](https://cloud.google.com/kms/docs/create-validate-signatures) and support has been added to gcp-jwt-go!
 
+## Breaking Changes with v2.2
+
+- Switched to new iamcredentials API - this no longer allows signBlob to be used on the service account the client is authenticated as.
+- `IAMConfig.OAuth2HTTPClient` is deprecrated and unused - Use `IAMConfig.IAMClient` instead.
+- `IAMConfig.ProjectID` is deprecrated and unused. The API will infer the project from the service account name.
+
 ## Breaking Changes with v2.1
 
 - Dropping support for AppEngine Go 1.9 environment (last version with AppEngine App Identity support will be for Go 1.11)

config.go

@@ -35,6 +35,7 @@ type kmsConfigKey struct{}
 // IAMConfig is relevant for both the signBlob and signJWT IAM API use-cases
 type IAMConfig struct {
 	// ProjectID is the project id that contains the service account you want to sign with. Defaults to "-" to infer the project from the account
+	// Depcrecated: This field is no longer used as the API will reject all values other than "-".
 	ProjectID string
 
 	// Service account can be the email address or the uniqueId of the service account used to sign the JWT with

iam.go

@@ -60,11 +60,6 @@ func (s *SigningMethodIAM) Sign(signingString string, key interface{}) (string,
 		}
 	}
 
-	// Default the ProjectID to a wildcard
-	if config.ProjectID == "" {
-		config.ProjectID = "-"
-	}
-
 	// Do the call
 	return s.sign(ctx, iamService, config, signingString)
 }

iam_blob.go

@@ -11,7 +11,7 @@ import (
 
 var (
 	// SigningMethodIAMBlob implements signing JWTs with the IAM signBlob API.
-	// https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signBlob
+	// https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob
 	SigningMethodIAMBlob *SigningMethodIAM
 )
 
@@ -31,7 +31,7 @@ func signBlob(ctx context.Context, iamService *iamcredentials.Service, config *I
 	signReq := &iamcredentials.SignBlobRequest{
 		Payload: base64.StdEncoding.EncodeToString([]byte(signingString)),
 	}
-	name := fmt.Sprintf("projects/%s/serviceAccounts/%s", config.ProjectID, config.ServiceAccount)
+	name := fmt.Sprintf("projects/-/serviceAccounts/%s", config.ServiceAccount)
 
 	// Do the call
 	signResp, err := iamService.Projects.ServiceAccounts.SignBlob(name, signReq).Context(ctx).Do()

iam_jwt.go

@@ -11,7 +11,7 @@ import (
 
 var (
 	// SigningMethodIAMJWT implements signing JWTs with the IAM signJwt API.
-	// https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signJwt
+	// https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signJwt
 	SigningMethodIAMJWT *SigningMethodIAM
 )
 
@@ -39,7 +39,7 @@ func signJwt(ctx context.Context, iamService *iamcredentials.Service, config *IA
 	}
 
 	signReq := &iamcredentials.SignJwtRequest{Payload: string(jwtClaimSet)}
-	name := fmt.Sprintf("projects/%s/serviceAccounts/%s", config.ProjectID, config.ServiceAccount)
+	name := fmt.Sprintf("projects/-/serviceAccounts/%s", config.ServiceAccount)
 
 	// Do the call
 	signResp, err := iamService.Projects.ServiceAccounts.SignJwt(name, signReq).Context(ctx).Do()