credsfile

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package credsfile is meant to hide implementation details from the pubic surface of the detect package. It should not import any other packages in this module. It is located under the main internal package so other sub-packages can use these parsed types as well.

Index

Constants

View Source
const (
	// GoogleAppCredsEnvVar is the environment variable for setting the
	// application default credentials.
	GoogleAppCredsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
)

Variables

This section is empty.

Functions

func GetFileNameFromEnv

func GetFileNameFromEnv(override string) string

GetFileNameFromEnv returns the override if provided or detects a filename from the environment.

func GetWellKnownFileName

func GetWellKnownFileName() string

GetWellKnownFileName tries to locate the filepath for the user credential file based on the environment.

Types

type CertificateConfig added in v0.8.0

type CertificateConfig struct {
	UseDefaultCertificateConfig bool   `json:"use_default_certificate_config"`
	CertificateConfigLocation   string `json:"certificate_config_location"`
}

CertificateConfig represents the options used to set up X509 based workload CredentialSource

type ClientCredentialsFile

type ClientCredentialsFile struct {
	Web            *Config3LO `json:"web"`
	Installed      *Config3LO `json:"installed"`
	UniverseDomain string     `json:"universe_domain"`
}

ClientCredentialsFile representation.

func ParseClientCredentials

func ParseClientCredentials(b []byte) (*ClientCredentialsFile, error)

ParseClientCredentials parses bytes into a credsfile.ClientCredentialsFile.

type Config3LO

type Config3LO struct {
	ClientID     string   `json:"client_id"`
	ClientSecret string   `json:"client_secret"`
	RedirectURIs []string `json:"redirect_uris"`
	AuthURI      string   `json:"auth_uri"`
	TokenURI     string   `json:"token_uri"`
}

Config3LO is the internals of a client creds file.

type CredentialSource

type CredentialSource struct {
	File                        string             `json:"file"`
	URL                         string             `json:"url"`
	Headers                     map[string]string  `json:"headers"`
	Executable                  *ExecutableConfig  `json:"executable,omitempty"`
	Certificate                 *CertificateConfig `json:"certificate"`
	EnvironmentID               string             `json:"environment_id"` // TODO: Make type for this
	RegionURL                   string             `json:"region_url"`
	RegionalCredVerificationURL string             `json:"regional_cred_verification_url"`
	CredVerificationURL         string             `json:"cred_verification_url"`
	IMDSv2SessionTokenURL       string             `json:"imdsv2_session_token_url"`
	Format                      *Format            `json:"format,omitempty"`
}

CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.

One field amongst File, URL, Certificate, and Executable should be filled, depending on the kind of credential in question. The EnvironmentID should start with AWS if being used for an AWS credential.

type CredentialType

type CredentialType int

CredentialType represents different credential filetypes Google credentials can be.

const (
	// UnknownCredType is an unidentified file type.
	UnknownCredType CredentialType = iota
	// UserCredentialsKey represents a user creds file type.
	UserCredentialsKey
	// ServiceAccountKey represents a service account file type.
	ServiceAccountKey
	// ImpersonatedServiceAccountKey represents a impersonated service account
	// file type.
	ImpersonatedServiceAccountKey
	// ExternalAccountKey represents a external account file type.
	ExternalAccountKey
	// GDCHServiceAccountKey represents a GDCH file type.
	GDCHServiceAccountKey
	// ExternalAccountAuthorizedUserKey represents a external account authorized
	// user file type.
	ExternalAccountAuthorizedUserKey
)

func ParseFileType

func ParseFileType(b []byte) (CredentialType, error)

ParseFileType determines the CredentialType based on bytes provided.

type ExecutableConfig

type ExecutableConfig struct {
	Command       string `json:"command"`
	TimeoutMillis int    `json:"timeout_millis"`
	OutputFile    string `json:"output_file"`
}

ExecutableConfig represents the command to run for an executable CredentialSource.

type ExternalAccountAuthorizedUserFile

type ExternalAccountAuthorizedUserFile struct {
	Type           string `json:"type"`
	Audience       string `json:"audience"`
	ClientID       string `json:"client_id"`
	ClientSecret   string `json:"client_secret"`
	RefreshToken   string `json:"refresh_token"`
	TokenURL       string `json:"token_url"`
	TokenInfoURL   string `json:"token_info_url"`
	RevokeURL      string `json:"revoke_url"`
	QuotaProjectID string `json:"quota_project_id"`
	UniverseDomain string `json:"universe_domain"`
}

ExternalAccountAuthorizedUserFile representation.

func ParseExternalAccountAuthorizedUser

func ParseExternalAccountAuthorizedUser(b []byte) (*ExternalAccountAuthorizedUserFile, error)

ParseExternalAccountAuthorizedUser parses bytes into a ExternalAccountAuthorizedUserFile.

type ExternalAccountFile

type ExternalAccountFile struct {
	Type                           string                           `json:"type"`
	ClientID                       string                           `json:"client_id"`
	ClientSecret                   string                           `json:"client_secret"`
	Audience                       string                           `json:"audience"`
	SubjectTokenType               string                           `json:"subject_token_type"`
	ServiceAccountImpersonationURL string                           `json:"service_account_impersonation_url"`
	TokenURL                       string                           `json:"token_url"`
	CredentialSource               *CredentialSource                `json:"credential_source,omitempty"`
	TokenInfoURL                   string                           `json:"token_info_url"`
	ServiceAccountImpersonation    *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
	QuotaProjectID                 string                           `json:"quota_project_id"`
	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
	UniverseDomain                 string                           `json:"universe_domain"`
}

ExternalAccountFile representation.

func ParseExternalAccount

func ParseExternalAccount(b []byte) (*ExternalAccountFile, error)

ParseExternalAccount parses bytes into a ExternalAccountFile.

type Format

type Format struct {
	// Type is either "text" or "json". When not provided "text" type is assumed.
	Type string `json:"type"`
	// SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
	SubjectTokenFieldName string `json:"subject_token_field_name"`
}

Format describes the format of a CredentialSource.

type GDCHServiceAccountFile

type GDCHServiceAccountFile struct {
	Type           string `json:"type"`
	FormatVersion  string `json:"format_version"`
	Project        string `json:"project"`
	Name           string `json:"name"`
	CertPath       string `json:"ca_cert_path"`
	PrivateKeyID   string `json:"private_key_id"`
	PrivateKey     string `json:"private_key"`
	TokenURL       string `json:"token_uri"`
	UniverseDomain string `json:"universe_domain"`
}

GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file.

func ParseGDCHServiceAccount

func ParseGDCHServiceAccount(b []byte) (*GDCHServiceAccountFile, error)

ParseGDCHServiceAccount parses bytes into a GDCHServiceAccountFile.

type ImpersonatedServiceAccountFile

type ImpersonatedServiceAccountFile struct {
	Type                           string          `json:"type"`
	ServiceAccountImpersonationURL string          `json:"service_account_impersonation_url"`
	Delegates                      []string        `json:"delegates"`
	CredSource                     json.RawMessage `json:"source_credentials"`
	UniverseDomain                 string          `json:"universe_domain"`
}

ImpersonatedServiceAccountFile representation.

func ParseImpersonatedServiceAccount

func ParseImpersonatedServiceAccount(b []byte) (*ImpersonatedServiceAccountFile, error)

ParseImpersonatedServiceAccount parses bytes into a ImpersonatedServiceAccountFile.

type ServiceAccountFile

type ServiceAccountFile struct {
	Type           string `json:"type"`
	ProjectID      string `json:"project_id"`
	PrivateKeyID   string `json:"private_key_id"`
	PrivateKey     string `json:"private_key"`
	ClientEmail    string `json:"client_email"`
	ClientID       string `json:"client_id"`
	AuthURL        string `json:"auth_uri"`
	TokenURL       string `json:"token_uri"`
	UniverseDomain string `json:"universe_domain"`
}

ServiceAccountFile representation.

func ParseServiceAccount

func ParseServiceAccount(b []byte) (*ServiceAccountFile, error)

ParseServiceAccount parses bytes into a ServiceAccountFile.

type ServiceAccountImpersonationInfo

type ServiceAccountImpersonationInfo struct {
	TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
}

ServiceAccountImpersonationInfo has impersonation configuration.

type UserCredentialsFile

type UserCredentialsFile struct {
	Type           string `json:"type"`
	ClientID       string `json:"client_id"`
	ClientSecret   string `json:"client_secret"`
	QuotaProjectID string `json:"quota_project_id"`
	RefreshToken   string `json:"refresh_token"`
	UniverseDomain string `json:"universe_domain"`
}

UserCredentialsFile representation.

func ParseUserCredentials

func ParseUserCredentials(b []byte) (*UserCredentialsFile, error)

ParseUserCredentials parses bytes into a UserCredentialsFile.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL