...

Package impersonate

import "cloud.google.com/go/auth/credentials/internal/impersonate"
Overview
Index

Overview ▾

func NewTokenProvider

func NewTokenProvider(opts *Options) (auth.TokenProvider, error)

NewTokenProvider uses a source credential, stored in Ts, to request an access token to the provided URL. Scopes can be defined when the access token is requested.

type Options

Options for NewTokenProvider.

type Options struct {
    // Tp is the source credential used to generate a token on the
    // impersonated service account. Required.
    Tp auth.TokenProvider

    // URL is the endpoint to call to generate a token
    // on behalf of the service account. Required.
    URL string
    // Scopes that the impersonated credential should have. Required.
    Scopes []string
    // Delegates are the service account email addresses in a delegation chain.
    // Each service account must be granted roles/iam.serviceAccountTokenCreator
    // on the next service account in the chain. Optional.
    Delegates []string
    // TokenLifetimeSeconds is the number of seconds the impersonation token will
    // be valid for. Defaults to 1 hour if unset. Optional.
    TokenLifetimeSeconds int
    // Client configures the underlying client used to make network requests
    // when fetching tokens. Required.
    Client *http.Client
}

func (*Options) Token

func (o *Options) Token(ctx context.Context) (*auth.Token, error)

Token performs the exchange to get a temporary service account token to allow access to GCP.