Documentation
¶
Overview ¶
Package credsfile is meant to hide implementation details from the pubic surface of the detect package. It should not import any other packages in this module. It is located under the main internal package so other sub-packages can use these parsed types as well.
Index ¶
- Constants
- func GetFileNameFromEnv(override string) string
- func GetWellKnownFileName() string
- type CertificateConfig
- type ClientCredentialsFile
- type Config3LO
- type CredentialSource
- type CredentialType
- type ExecutableConfig
- type ExternalAccountAuthorizedUserFile
- type ExternalAccountFile
- type Format
- type GDCHServiceAccountFile
- type ImpersonatedServiceAccountFile
- type ServiceAccountFile
- type ServiceAccountImpersonationInfo
- type UserCredentialsFile
Constants ¶
const ( // GoogleAppCredsEnvVar is the environment variable for setting the // application default credentials. GoogleAppCredsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS" )
Variables ¶
This section is empty.
Functions ¶
func GetFileNameFromEnv ¶
GetFileNameFromEnv returns the override if provided or detects a filename from the environment.
func GetWellKnownFileName ¶
func GetWellKnownFileName() string
GetWellKnownFileName tries to locate the filepath for the user credential file based on the environment.
Types ¶
type CertificateConfig ¶ added in v0.8.0
type CertificateConfig struct {
UseDefaultCertificateConfig bool `json:"use_default_certificate_config"`
CertificateConfigLocation string `json:"certificate_config_location"`
}
CertificateConfig represents the options used to set up X509 based workload CredentialSource
type ClientCredentialsFile ¶
type ClientCredentialsFile struct {
Web *Config3LO `json:"web"`
Installed *Config3LO `json:"installed"`
UniverseDomain string `json:"universe_domain"`
}
ClientCredentialsFile representation.
func ParseClientCredentials ¶
func ParseClientCredentials(b []byte) (*ClientCredentialsFile, error)
ParseClientCredentials parses bytes into a credsfile.ClientCredentialsFile.
type Config3LO ¶
type Config3LO struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RedirectURIs []string `json:"redirect_uris"`
AuthURI string `json:"auth_uri"`
TokenURI string `json:"token_uri"`
}
Config3LO is the internals of a client creds file.
type CredentialSource ¶
type CredentialSource struct {
File string `json:"file"`
URL string `json:"url"`
Headers map[string]string `json:"headers"`
Executable *ExecutableConfig `json:"executable,omitempty"`
Certificate *CertificateConfig `json:"certificate"`
EnvironmentID string `json:"environment_id"` // TODO: Make type for this
RegionURL string `json:"region_url"`
RegionalCredVerificationURL string `json:"regional_cred_verification_url"`
CredVerificationURL string `json:"cred_verification_url"`
IMDSv2SessionTokenURL string `json:"imdsv2_session_token_url"`
Format *Format `json:"format,omitempty"`
}
CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
One field amongst File, URL, Certificate, and Executable should be filled, depending on the kind of credential in question. The EnvironmentID should start with AWS if being used for an AWS credential.
type CredentialType ¶
type CredentialType int
CredentialType represents different credential filetypes Google credentials can be.
const ( // UnknownCredType is an unidentified file type. UnknownCredType CredentialType = iota // UserCredentialsKey represents a user creds file type. UserCredentialsKey // ServiceAccountKey represents a service account file type. ServiceAccountKey // ImpersonatedServiceAccountKey represents a impersonated service account // file type. ImpersonatedServiceAccountKey // ExternalAccountKey represents a external account file type. ExternalAccountKey // GDCHServiceAccountKey represents a GDCH file type. GDCHServiceAccountKey // ExternalAccountAuthorizedUserKey represents a external account authorized // user file type. ExternalAccountAuthorizedUserKey )
func ParseFileType ¶
func ParseFileType(b []byte) (CredentialType, error)
ParseFileType determines the CredentialType based on bytes provided.
type ExecutableConfig ¶
type ExecutableConfig struct {
Command string `json:"command"`
TimeoutMillis int `json:"timeout_millis"`
OutputFile string `json:"output_file"`
}
ExecutableConfig represents the command to run for an executable CredentialSource.
type ExternalAccountAuthorizedUserFile ¶
type ExternalAccountAuthorizedUserFile struct {
Type string `json:"type"`
Audience string `json:"audience"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RefreshToken string `json:"refresh_token"`
TokenURL string `json:"token_url"`
TokenInfoURL string `json:"token_info_url"`
RevokeURL string `json:"revoke_url"`
QuotaProjectID string `json:"quota_project_id"`
UniverseDomain string `json:"universe_domain"`
}
ExternalAccountAuthorizedUserFile representation.
func ParseExternalAccountAuthorizedUser ¶
func ParseExternalAccountAuthorizedUser(b []byte) (*ExternalAccountAuthorizedUserFile, error)
ParseExternalAccountAuthorizedUser parses bytes into a ExternalAccountAuthorizedUserFile.
type ExternalAccountFile ¶
type ExternalAccountFile struct {
Type string `json:"type"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
Audience string `json:"audience"`
SubjectTokenType string `json:"subject_token_type"`
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
TokenURL string `json:"token_url"`
CredentialSource *CredentialSource `json:"credential_source,omitempty"`
TokenInfoURL string `json:"token_info_url"`
ServiceAccountImpersonation *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
QuotaProjectID string `json:"quota_project_id"`
WorkforcePoolUserProject string `json:"workforce_pool_user_project"`
UniverseDomain string `json:"universe_domain"`
}
ExternalAccountFile representation.
func ParseExternalAccount ¶
func ParseExternalAccount(b []byte) (*ExternalAccountFile, error)
ParseExternalAccount parses bytes into a ExternalAccountFile.
type Format ¶
type Format struct {
// Type is either "text" or "json". When not provided "text" type is assumed.
Type string `json:"type"`
// SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
SubjectTokenFieldName string `json:"subject_token_field_name"`
}
Format describes the format of a CredentialSource.
type GDCHServiceAccountFile ¶
type GDCHServiceAccountFile struct {
Type string `json:"type"`
FormatVersion string `json:"format_version"`
Project string `json:"project"`
Name string `json:"name"`
CertPath string `json:"ca_cert_path"`
PrivateKeyID string `json:"private_key_id"`
PrivateKey string `json:"private_key"`
TokenURL string `json:"token_uri"`
UniverseDomain string `json:"universe_domain"`
}
GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file.
func ParseGDCHServiceAccount ¶
func ParseGDCHServiceAccount(b []byte) (*GDCHServiceAccountFile, error)
ParseGDCHServiceAccount parses bytes into a GDCHServiceAccountFile.
type ImpersonatedServiceAccountFile ¶
type ImpersonatedServiceAccountFile struct {
Type string `json:"type"`
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
Delegates []string `json:"delegates"`
CredSource json.RawMessage `json:"source_credentials"`
UniverseDomain string `json:"universe_domain"`
}
ImpersonatedServiceAccountFile representation.
func ParseImpersonatedServiceAccount ¶
func ParseImpersonatedServiceAccount(b []byte) (*ImpersonatedServiceAccountFile, error)
ParseImpersonatedServiceAccount parses bytes into a ImpersonatedServiceAccountFile.
type ServiceAccountFile ¶
type ServiceAccountFile struct {
Type string `json:"type"`
ProjectID string `json:"project_id"`
PrivateKeyID string `json:"private_key_id"`
PrivateKey string `json:"private_key"`
ClientEmail string `json:"client_email"`
ClientID string `json:"client_id"`
AuthURL string `json:"auth_uri"`
TokenURL string `json:"token_uri"`
UniverseDomain string `json:"universe_domain"`
}
ServiceAccountFile representation.
func ParseServiceAccount ¶
func ParseServiceAccount(b []byte) (*ServiceAccountFile, error)
ParseServiceAccount parses bytes into a ServiceAccountFile.
type ServiceAccountImpersonationInfo ¶
type ServiceAccountImpersonationInfo struct {
TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
}
ServiceAccountImpersonationInfo has impersonation configuration.
type UserCredentialsFile ¶
type UserCredentialsFile struct {
Type string `json:"type"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
QuotaProjectID string `json:"quota_project_id"`
RefreshToken string `json:"refresh_token"`
UniverseDomain string `json:"universe_domain"`
}
UserCredentialsFile representation.
func ParseUserCredentials ¶
func ParseUserCredentials(b []byte) (*UserCredentialsFile, error)
ParseUserCredentials parses bytes into a UserCredentialsFile.
Source Files