Source file src/cloud.google.com/go/auth/credentials/internal/externalaccount/file_provider.go

Documentation: cloud.google.com/go/auth/credentials/internal/externalaccount

     1  // Copyright 2023 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package externalaccount
    16  
    17  import (
    18  	"bytes"
    19  	"context"
    20  	"encoding/json"
    21  	"errors"
    22  	"fmt"
    23  	"os"
    24  
    25  	"cloud.google.com/go/auth/internal"
    26  	"cloud.google.com/go/auth/internal/credsfile"
    27  )
    28  
    29  const (
    30  	fileProviderType = "file"
    31  )
    32  
    33  type fileSubjectProvider struct {
    34  	File   string
    35  	Format *credsfile.Format
    36  }
    37  
    38  func (sp *fileSubjectProvider) subjectToken(context.Context) (string, error) {
    39  	tokenFile, err := os.Open(sp.File)
    40  	if err != nil {
    41  		return "", fmt.Errorf("credentials: failed to open credential file %q: %w", sp.File, err)
    42  	}
    43  	defer tokenFile.Close()
    44  	tokenBytes, err := internal.ReadAll(tokenFile)
    45  	if err != nil {
    46  		return "", fmt.Errorf("credentials: failed to read credential file: %w", err)
    47  	}
    48  	tokenBytes = bytes.TrimSpace(tokenBytes)
    49  
    50  	if sp.Format == nil {
    51  		return string(tokenBytes), nil
    52  	}
    53  	switch sp.Format.Type {
    54  	case fileTypeJSON:
    55  		jsonData := make(map[string]interface{})
    56  		err = json.Unmarshal(tokenBytes, &jsonData)
    57  		if err != nil {
    58  			return "", fmt.Errorf("credentials: failed to unmarshal subject token file: %w", err)
    59  		}
    60  		val, ok := jsonData[sp.Format.SubjectTokenFieldName]
    61  		if !ok {
    62  			return "", errors.New("credentials: provided subject_token_field_name not found in credentials")
    63  		}
    64  		token, ok := val.(string)
    65  		if !ok {
    66  			return "", errors.New("credentials: improperly formatted subject token")
    67  		}
    68  		return token, nil
    69  	case fileTypeText:
    70  		return string(tokenBytes), nil
    71  	default:
    72  		return "", errors.New("credentials: invalid credential_source file format type: " + sp.Format.Type)
    73  	}
    74  }
    75  
    76  func (sp *fileSubjectProvider) providerType() string {
    77  	return fileProviderType
    78  }
    79  

View as plain text