filetype.go

Documentation: cloud.google.com/go/auth/internal/credsfile

     1  // Copyright 2023 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package credsfile
    16  
    17  import (
    18  	"encoding/json"
    19  )
    20  
    21  // Config3LO is the internals of a client creds file.
    22  type Config3LO struct {
    23  	ClientID     string   `json:"client_id"`
    24  	ClientSecret string   `json:"client_secret"`
    25  	RedirectURIs []string `json:"redirect_uris"`
    26  	AuthURI      string   `json:"auth_uri"`
    27  	TokenURI     string   `json:"token_uri"`
    28  }
    29  
    30  // ClientCredentialsFile representation.
    31  type ClientCredentialsFile struct {
    32  	Web            *Config3LO `json:"web"`
    33  	Installed      *Config3LO `json:"installed"`
    34  	UniverseDomain string     `json:"universe_domain"`
    35  }
    36  
    37  // ServiceAccountFile representation.
    38  type ServiceAccountFile struct {
    39  	Type           string `json:"type"`
    40  	ProjectID      string `json:"project_id"`
    41  	PrivateKeyID   string `json:"private_key_id"`
    42  	PrivateKey     string `json:"private_key"`
    43  	ClientEmail    string `json:"client_email"`
    44  	ClientID       string `json:"client_id"`
    45  	AuthURL        string `json:"auth_uri"`
    46  	TokenURL       string `json:"token_uri"`
    47  	UniverseDomain string `json:"universe_domain"`
    48  }
    49  
    50  // UserCredentialsFile representation.
    51  type UserCredentialsFile struct {
    52  	Type           string `json:"type"`
    53  	ClientID       string `json:"client_id"`
    54  	ClientSecret   string `json:"client_secret"`
    55  	QuotaProjectID string `json:"quota_project_id"`
    56  	RefreshToken   string `json:"refresh_token"`
    57  	UniverseDomain string `json:"universe_domain"`
    58  }
    59  
    60  // ExternalAccountFile representation.
    61  type ExternalAccountFile struct {
    62  	Type                           string                           `json:"type"`
    63  	ClientID                       string                           `json:"client_id"`
    64  	ClientSecret                   string                           `json:"client_secret"`
    65  	Audience                       string                           `json:"audience"`
    66  	SubjectTokenType               string                           `json:"subject_token_type"`
    67  	ServiceAccountImpersonationURL string                           `json:"service_account_impersonation_url"`
    68  	TokenURL                       string                           `json:"token_url"`
    69  	CredentialSource               *CredentialSource                `json:"credential_source,omitempty"`
    70  	TokenInfoURL                   string                           `json:"token_info_url"`
    71  	ServiceAccountImpersonation    *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
    72  	QuotaProjectID                 string                           `json:"quota_project_id"`
    73  	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
    74  	UniverseDomain                 string                           `json:"universe_domain"`
    75  }
    76  
    77  // ExternalAccountAuthorizedUserFile representation.
    78  type ExternalAccountAuthorizedUserFile struct {
    79  	Type           string `json:"type"`
    80  	Audience       string `json:"audience"`
    81  	ClientID       string `json:"client_id"`
    82  	ClientSecret   string `json:"client_secret"`
    83  	RefreshToken   string `json:"refresh_token"`
    84  	TokenURL       string `json:"token_url"`
    85  	TokenInfoURL   string `json:"token_info_url"`
    86  	RevokeURL      string `json:"revoke_url"`
    87  	QuotaProjectID string `json:"quota_project_id"`
    88  	UniverseDomain string `json:"universe_domain"`
    89  }
    90  
    91  // CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
    92  //
    93  // One field amongst File, URL, and Executable should be filled, depending on the kind of credential in question.
    94  // The EnvironmentID should start with AWS if being used for an AWS credential.
    95  type CredentialSource struct {
    96  	File                        string            `json:"file"`
    97  	URL                         string            `json:"url"`
    98  	Headers                     map[string]string `json:"headers"`
    99  	Executable                  *ExecutableConfig `json:"executable,omitempty"`
   100  	EnvironmentID               string            `json:"environment_id"`
   101  	RegionURL                   string            `json:"region_url"`
   102  	RegionalCredVerificationURL string            `json:"regional_cred_verification_url"`
   103  	CredVerificationURL         string            `json:"cred_verification_url"`
   104  	IMDSv2SessionTokenURL       string            `json:"imdsv2_session_token_url"`
   105  	Format                      *Format           `json:"format,omitempty"`
   106  }
   107  
   108  // Format describes the format of a [CredentialSource].
   109  type Format struct {
   110  	// Type is either "text" or "json". When not provided "text" type is assumed.
   111  	Type string `json:"type"`
   112  	// SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
   113  	SubjectTokenFieldName string `json:"subject_token_field_name"`
   114  }
   115  
   116  // ExecutableConfig represents the command to run for an executable
   117  // [CredentialSource].
   118  type ExecutableConfig struct {
   119  	Command       string `json:"command"`
   120  	TimeoutMillis int    `json:"timeout_millis"`
   121  	OutputFile    string `json:"output_file"`
   122  }
   123  
   124  // ServiceAccountImpersonationInfo has impersonation configuration.
   125  type ServiceAccountImpersonationInfo struct {
   126  	TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
   127  }
   128  
   129  // ImpersonatedServiceAccountFile representation.
   130  type ImpersonatedServiceAccountFile struct {
   131  	Type                           string          `json:"type"`
   132  	ServiceAccountImpersonationURL string          `json:"service_account_impersonation_url"`
   133  	Delegates                      []string        `json:"delegates"`
   134  	CredSource                     json.RawMessage `json:"source_credentials"`
   135  	UniverseDomain                 string          `json:"universe_domain"`
   136  }
   137  
   138  // GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file.
   139  type GDCHServiceAccountFile struct {
   140  	Type           string `json:"type"`
   141  	FormatVersion  string `json:"format_version"`
   142  	Project        string `json:"project"`
   143  	Name           string `json:"name"`
   144  	CertPath       string `json:"ca_cert_path"`
   145  	PrivateKeyID   string `json:"private_key_id"`
   146  	PrivateKey     string `json:"private_key"`
   147  	TokenURL       string `json:"token_uri"`
   148  	UniverseDomain string `json:"universe_domain"`
   149  }
   150
View as plain text