...

Package credsfile

import "cloud.google.com/go/auth/internal/credsfile"
Overview
Index

Overview ▾

Package credsfile is meant to hide implementation details from the pubic surface of the detect package. It should not import any other packages in this module. It is located under the main internal package so other sub-packages can use these parsed types as well.

Constants

const (
    // GoogleAppCredsEnvVar is the environment variable for setting the
    // application default credentials.
    GoogleAppCredsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
)

func GetFileNameFromEnv 

func GetFileNameFromEnv(override string) string

GetFileNameFromEnv returns the override if provided or detects a filename from the environment.

func GetWellKnownFileName 

func GetWellKnownFileName() string

GetWellKnownFileName tries to locate the filepath for the user credential file based on the environment.

type ClientCredentialsFile

ClientCredentialsFile representation. 

type ClientCredentialsFile struct {
    Web            *Config3LO `json:"web"`
    Installed      *Config3LO `json:"installed"`
    UniverseDomain string     `json:"universe_domain"`
}

func ParseClientCredentials 

func ParseClientCredentials(b []byte) (*ClientCredentialsFile, error)

ParseClientCredentials parses bytes into a credsfile.ClientCredentialsFile.

type Config3LO

Config3LO is the internals of a client creds file. 

type Config3LO struct {
    ClientID     string   `json:"client_id"`
    ClientSecret string   `json:"client_secret"`
    RedirectURIs []string `json:"redirect_uris"`
    AuthURI      string   `json:"auth_uri"`
    TokenURI     string   `json:"token_uri"`
}

type CredentialSource

CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.

One field amongst File, URL, and Executable should be filled, depending on the kind of credential in question. The EnvironmentID should start with AWS if being used for an AWS credential. 

type CredentialSource struct {
    File                        string            `json:"file"`
    URL                         string            `json:"url"`
    Headers                     map[string]string `json:"headers"`
    Executable                  *ExecutableConfig `json:"executable,omitempty"`
    EnvironmentID               string            `json:"environment_id"`
    RegionURL                   string            `json:"region_url"`
    RegionalCredVerificationURL string            `json:"regional_cred_verification_url"`
    CredVerificationURL         string            `json:"cred_verification_url"`
    IMDSv2SessionTokenURL       string            `json:"imdsv2_session_token_url"`
    Format                      *Format           `json:"format,omitempty"`
}

type CredentialType

CredentialType represents different credential filetypes Google credentials can be. 

type CredentialType int
const (
    // UnknownCredType is an unidentified file type.
    UnknownCredType CredentialType = iota
    // UserCredentialsKey represents a user creds file type.
    UserCredentialsKey
    // ServiceAccountKey represents a service account file type.
    ServiceAccountKey
    // ImpersonatedServiceAccountKey represents a impersonated service account
    // file type.
    ImpersonatedServiceAccountKey
    // ExternalAccountKey represents a external account file type.
    ExternalAccountKey
    // GDCHServiceAccountKey represents a GDCH file type.
    GDCHServiceAccountKey
    // ExternalAccountAuthorizedUserKey represents a external account authorized
    // user file type.
    ExternalAccountAuthorizedUserKey
)

func ParseFileType 

func ParseFileType(b []byte) (CredentialType, error)

ParseFileType determines the CredentialType based on bytes provided.

type ExecutableConfig

ExecutableConfig represents the command to run for an executable CredentialSource. 

type ExecutableConfig struct {
    Command       string `json:"command"`
    TimeoutMillis int    `json:"timeout_millis"`
    OutputFile    string `json:"output_file"`
}

type ExternalAccountAuthorizedUserFile

ExternalAccountAuthorizedUserFile representation. 

type ExternalAccountAuthorizedUserFile struct {
    Type           string `json:"type"`
    Audience       string `json:"audience"`
    ClientID       string `json:"client_id"`
    ClientSecret   string `json:"client_secret"`
    RefreshToken   string `json:"refresh_token"`
    TokenURL       string `json:"token_url"`
    TokenInfoURL   string `json:"token_info_url"`
    RevokeURL      string `json:"revoke_url"`
    QuotaProjectID string `json:"quota_project_id"`
    UniverseDomain string `json:"universe_domain"`
}

func ParseExternalAccountAuthorizedUser 

func ParseExternalAccountAuthorizedUser(b []byte) (*ExternalAccountAuthorizedUserFile, error)

ParseExternalAccountAuthorizedUser parses bytes into a ExternalAccountAuthorizedUserFile.

type ExternalAccountFile

ExternalAccountFile representation. 

type ExternalAccountFile struct {
    Type                           string                           `json:"type"`
    ClientID                       string                           `json:"client_id"`
    ClientSecret                   string                           `json:"client_secret"`
    Audience                       string                           `json:"audience"`
    SubjectTokenType               string                           `json:"subject_token_type"`
    ServiceAccountImpersonationURL string                           `json:"service_account_impersonation_url"`
    TokenURL                       string                           `json:"token_url"`
    CredentialSource               *CredentialSource                `json:"credential_source,omitempty"`
    TokenInfoURL                   string                           `json:"token_info_url"`
    ServiceAccountImpersonation    *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
    QuotaProjectID                 string                           `json:"quota_project_id"`
    WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
    UniverseDomain                 string                           `json:"universe_domain"`
}

func ParseExternalAccount 

func ParseExternalAccount(b []byte) (*ExternalAccountFile, error)

ParseExternalAccount parses bytes into a ExternalAccountFile.

type Format

Format describes the format of a CredentialSource. 

type Format struct {
    // Type is either "text" or "json". When not provided "text" type is assumed.
    Type string `json:"type"`
    // SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
    SubjectTokenFieldName string `json:"subject_token_field_name"`
}

type GDCHServiceAccountFile

GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file. 

type GDCHServiceAccountFile struct {
    Type           string `json:"type"`
    FormatVersion  string `json:"format_version"`
    Project        string `json:"project"`
    Name           string `json:"name"`
    CertPath       string `json:"ca_cert_path"`
    PrivateKeyID   string `json:"private_key_id"`
    PrivateKey     string `json:"private_key"`
    TokenURL       string `json:"token_uri"`
    UniverseDomain string `json:"universe_domain"`
}

func ParseGDCHServiceAccount 

func ParseGDCHServiceAccount(b []byte) (*GDCHServiceAccountFile, error)

ParseGDCHServiceAccount parses bytes into a GDCHServiceAccountFile.

type ImpersonatedServiceAccountFile

ImpersonatedServiceAccountFile representation. 

type ImpersonatedServiceAccountFile struct {
    Type                           string          `json:"type"`
    ServiceAccountImpersonationURL string          `json:"service_account_impersonation_url"`
    Delegates                      []string        `json:"delegates"`
    CredSource                     json.RawMessage `json:"source_credentials"`
    UniverseDomain                 string          `json:"universe_domain"`
}

func ParseImpersonatedServiceAccount 

func ParseImpersonatedServiceAccount(b []byte) (*ImpersonatedServiceAccountFile, error)

ParseImpersonatedServiceAccount parses bytes into a ImpersonatedServiceAccountFile.

type ServiceAccountFile

ServiceAccountFile representation. 

type ServiceAccountFile struct {
    Type           string `json:"type"`
    ProjectID      string `json:"project_id"`
    PrivateKeyID   string `json:"private_key_id"`
    PrivateKey     string `json:"private_key"`
    ClientEmail    string `json:"client_email"`
    ClientID       string `json:"client_id"`
    AuthURL        string `json:"auth_uri"`
    TokenURL       string `json:"token_uri"`
    UniverseDomain string `json:"universe_domain"`
}

func ParseServiceAccount 

func ParseServiceAccount(b []byte) (*ServiceAccountFile, error)

ParseServiceAccount parses bytes into a ServiceAccountFile.

type ServiceAccountImpersonationInfo

ServiceAccountImpersonationInfo has impersonation configuration. 

type ServiceAccountImpersonationInfo struct {
    TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
}

type UserCredentialsFile

UserCredentialsFile representation. 

type UserCredentialsFile struct {
    Type           string `json:"type"`
    ClientID       string `json:"client_id"`
    ClientSecret   string `json:"client_secret"`
    QuotaProjectID string `json:"quota_project_id"`
    RefreshToken   string `json:"refresh_token"`
    UniverseDomain string `json:"universe_domain"`
}

func ParseUserCredentials 

func ParseUserCredentials(b []byte) (*UserCredentialsFile, error)

ParseUserCredentials parses bytes into a UserCredentialsFile.