impersonate

package

v0.14.0 Latest Latest Go to latest Published: Jan 8, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/googleapis/google-cloud-go

Documentation ¶

Index ¶

func NewTokenProvider(opts *Options) (auth.TokenProvider, error)
type GenerateIDTokenRequest
type GenerateIDTokenResponse
type IDTokenIAMOptions
- func (o IDTokenIAMOptions) Token(ctx context.Context) (*auth.Token, error)
type Options
- func (o *Options) Token(ctx context.Context) (*auth.Token, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewTokenProvider ¶

func NewTokenProvider(opts *Options) (auth.TokenProvider, error)

NewTokenProvider uses a source credential, stored in Ts, to request an access token to the provided URL. Scopes can be defined when the access token is requested.

Types ¶

type GenerateIDTokenRequest ¶ added in v0.14.0

type GenerateIDTokenRequest struct {
	Audience     string `json:"audience"`
	IncludeEmail bool   `json:"includeEmail"`
	// Delegates are the ordered, fully-qualified resource name for service
	// accounts in a delegation chain. Each service account must be granted
	// roles/iam.serviceAccountTokenCreator on the next service account in the
	// chain. The delegates must have the following format:
	// projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard
	// character is required; replacing it with a project ID is invalid.
	// Optional.
	Delegates []string `json:"delegates,omitempty"`
}

GenerateIDTokenRequest holds the request to the IAM generateIdToken RPC.

type GenerateIDTokenResponse ¶ added in v0.14.0

type GenerateIDTokenResponse struct {
	Token string `json:"token"`
}

GenerateIDTokenResponse holds the response from the IAM generateIdToken RPC.

type IDTokenIAMOptions ¶ added in v0.14.0

type IDTokenIAMOptions struct {
	// Client is required.
	Client *http.Client
	// Logger is required.
	Logger              *slog.Logger
	UniverseDomain      auth.CredentialsPropertyProvider
	ServiceAccountEmail string
	GenerateIDTokenRequest
}

IDTokenIAMOptions provides configuration for IDTokenIAMOptions.Token.

func (IDTokenIAMOptions) Token ¶ added in v0.14.0

func (o IDTokenIAMOptions) Token(ctx context.Context) (*auth.Token, error)

Token call IAM generateIdToken with the configuration provided in IDTokenIAMOptions.

type Options ¶

type Options struct {
	// Tp is the source credential used to generate a token on the
	// impersonated service account. Required.
	Tp auth.TokenProvider

	// URL is the endpoint to call to generate a token
	// on behalf of the service account. Required.
	URL string
	// Scopes that the impersonated credential should have. Required.
	Scopes []string
	// Delegates are the service account email addresses in a delegation chain.
	// Each service account must be granted roles/iam.serviceAccountTokenCreator
	// on the next service account in the chain. Optional.
	Delegates []string
	// TokenLifetimeSeconds is the number of seconds the impersonation token will
	// be valid for. Defaults to 1 hour if unset. Optional.
	TokenLifetimeSeconds int
	// Client configures the underlying client used to make network requests
	// when fetching tokens. Required.
	Client *http.Client
	// Logger is used for debug logging. If provided, logging will be enabled
	// at the loggers configured level. By default logging is disabled unless
	// enabled by setting GOOGLE_SDK_GO_LOGGING_LEVEL in which case a default
	// logger will be used. Optional.
	Logger *slog.Logger
}

Options for NewTokenProvider.

func (*Options) Token ¶

func (o *Options) Token(ctx context.Context) (*auth.Token, error)

Token performs the exchange to get a temporary service account token to allow access to GCP.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL