example_test.go

Documentation: google.golang.org/api/impersonate

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package impersonate_test
     6  
     7  import (
     8  	"context"
     9  	"log"
    10  
    11  	admin "google.golang.org/api/admin/directory/v1"
    12  	"google.golang.org/api/impersonate"
    13  	"google.golang.org/api/option"
    14  	"google.golang.org/api/secretmanager/v1"
    15  	"google.golang.org/api/transport"
    16  )
    17  
    18  func ExampleCredentialsTokenSource_serviceAccount() {
    19  	ctx := context.Background()
    20  
    21  	// Base credentials sourced from ADC or provided client options.
    22  	ts, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
    23  		TargetPrincipal: "foo@project-id.iam.gserviceaccount.com",
    24  		Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
    25  		// Optionally supply delegates.
    26  		Delegates: []string{"bar@project-id.iam.gserviceaccount.com"},
    27  	})
    28  	if err != nil {
    29  		log.Fatal(err)
    30  	}
    31  
    32  	// Pass an impersonated credential to any function that takes client
    33  	// options.
    34  	client, err := secretmanager.NewService(ctx, option.WithTokenSource(ts))
    35  	if err != nil {
    36  		log.Fatal(err)
    37  	}
    38  
    39  	// Use your client that is authenticated with impersonated credentials to
    40  	// make requests.
    41  	client.Projects.Secrets.Get("...")
    42  }
    43  
    44  func ExampleCredentialsTokenSource_adminUser() {
    45  	ctx := context.Background()
    46  
    47  	// Base credentials sourced from ADC or provided client options.
    48  	ts, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
    49  		TargetPrincipal: "foo@project-id.iam.gserviceaccount.com",
    50  		Scopes:          []string{"https://www.googleapis.com/auth/cloud-platform"},
    51  		// Optionally supply delegates.
    52  		Delegates: []string{"bar@project-id.iam.gserviceaccount.com"},
    53  		// Specify user to impersonate
    54  		Subject: "admin@example.com",
    55  	})
    56  	if err != nil {
    57  		log.Fatal(err)
    58  	}
    59  
    60  	// Pass an impersonated credential to any function that takes client
    61  	// options.
    62  	client, err := admin.NewService(ctx, option.WithTokenSource(ts))
    63  	if err != nil {
    64  		log.Fatal(err)
    65  	}
    66  
    67  	// Use your client that is authenticated with impersonated credentials to
    68  	// make requests.
    69  	client.Groups.Delete("...")
    70  }
    71  
    72  func ExampleIDTokenSource() {
    73  	ctx := context.Background()
    74  
    75  	// Base credentials sourced from ADC or provided client options.
    76  	ts, err := impersonate.IDTokenSource(ctx, impersonate.IDTokenConfig{
    77  		Audience:        "http://example.com/",
    78  		TargetPrincipal: "foo@project-id.iam.gserviceaccount.com",
    79  		IncludeEmail:    true,
    80  		// Optionally supply delegates.
    81  		Delegates: []string{"bar@project-id.iam.gserviceaccount.com"},
    82  	})
    83  	if err != nil {
    84  		log.Fatal(err)
    85  	}
    86  
    87  	// Pass an impersonated credential to any function that takes client
    88  	// options.
    89  	client, _, err := transport.NewHTTPClient(ctx, option.WithTokenSource(ts))
    90  	if err != nil {
    91  		log.Fatal(err)
    92  	}
    93  
    94  	// Use your client that is authenticated with impersonated credentials to
    95  	// make requests.
    96  	client.Get("http://example.com/")
    97  }
    98
View as plain text