gcp

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2020 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAudienceNotWhitelisted      = errors.New("audience not whitelisted")
	ErrProjectIDNotWhitelisted     = errors.New("project id not whitelisted")
	ErrProjectNumberNotWhitelisted = errors.New("project number not whitelisted")
	ErrZoneNotWhitelisted          = errors.New("zone not whitelisted")
	ErrLicenseIDWhitelisted        = errors.New("license id not whitelisted")

	ErrTokenClaimsParse   = errors.New("unable to parse claims in token")
	ErrTokenClaimsExpired = errors.New("token claims expired")
	ErrTokenMissingKeyID  = errors.New("missing kid in token")
)

Errors returned by Verifier

View Source 
var (
	// MetadataURL is the endpoint to make requests to fetch instance metadata from
	MetadataURL = "http://metadata.google.internal./computeMetadata/v1"

	MetadataIdentity = func() string { return fmt.Sprintf("%s/%s/identity", serviceAccounts(), defaultServiceAccount) }
	MetadataScopes   = func() string { return fmt.Sprintf("%s/%s/scopes", serviceAccounts(), defaultServiceAccount) }
	MetadataToken    = func() string { return fmt.Sprintf("%s/%s/token", serviceAccounts(), defaultServiceAccount) }
	MetadataEmail    = func() string { return fmt.Sprintf("%s/%s/email", serviceAccounts(), defaultServiceAccount) }
)
View Source 
var GoogleOAuth2CertsURL = "https://www.googleapis.com/oauth2/v1/certs"

GoogleOAuth2CertsURL is the default endpoint for retrieving public keys to verify the given JWT with

View Source 
var MetadataHeader = &http.Header{
	"Metadata-Flavor": []string{"Google"},
}

Functions

func CheckStringWhitelist 

func CheckStringWhitelist(value string, whitelist []string) bool

func CheckUint64Whitelist 

func CheckUint64Whitelist(value uint64, whitelist []uint64) bool

func GetMaxAgeFromHeader 

func GetMaxAgeFromHeader(header http.Header) time.Duration

GetMaxAgeFromHeader returns the max-age value from the cache-control header, defaulting to 1800.

Types

type CertificateManager 

type CertificateManager struct {
	// Certificates (kid:cert(*rsa.PublicKey))
	Certificates map[string]*rsa.PublicKey
	// contains filtered or unexported fields
}

CertificateManager represents a certificate manager

func NewCertificateManager 

func NewCertificateManager() *CertificateManager

NewCertificateManager returns a new certificate manager

func (*CertificateManager) GetPublicKeyByKeyID 

func (cM *CertificateManager) GetPublicKeyByKeyID(kid string) (*rsa.PublicKey, error)

GetPublicKeyByKeyID returns the associated public key to given kid

func (*CertificateManager) Run 

func (cM *CertificateManager) Run(wg *sync.WaitGroup)

Run runs the certificate manager, this should most likely be executed as a go-routine

func (*CertificateManager) Stop 

func (cM *CertificateManager) Stop()

Stop stops the certificate manager

type Claims 

type Claims struct {
	TokenIssuer     string       `json:"iss"`
	IssuedTime      ClaimsTime   `json:"iat"`
	ExpiredTime     ClaimsTime   `json:"exp"`
	Audience        string       `json:"aud"`
	Subject         string       `json:"sub"`
	AuthorizedParty string       `json:"azp"`
	Google          ClaimsGoogle `json:"google"`
	Email           string       `json:"email"`
	EmailVerified   bool         `json:"email_verified"`
}

Claims represents the expected claims of the JWT returned by GCE instance metadata. https://cloud.google.com/compute/docs/instances/verifying-instance-identity#token_format

func GetTokenClaims 

func GetTokenClaims(tokenStr string, certManager *CertificateManager) (*Claims, error)

func (*Claims) Valid 

func (c *Claims) Valid() error

Valid validates that the given claims are valid

type ClaimsGoogle 

type ClaimsGoogle struct {
	ComputeEngine ClaimsGoogleComputeEngine `json:"compute_engine"`
}

ClaimsGoogle represents the Google subclaims

type ClaimsGoogleComputeEngine 

type ClaimsGoogleComputeEngine struct {
	ProjectID         string     `json:"project_id"`
	ProjectNumber     uint64     `json:"project_number"`
	Zone              string     `json:"zone"`
	InstanceID        string     `json:"instance_id"`
	InstanceName      string     `json:"instance_name"`
	CreationTimestamp ClaimsTime `json:"instance_creation_timestamp"`
	LicenseIDs        []string   `json:"license_id"`
}

ClaimsGoogleComputeEngine represents the Google Compute Engine subclaims

type ClaimsTime 

type ClaimsTime struct {
	time.Time
}

func (*ClaimsTime) MarshalJSON 

func (t *ClaimsTime) MarshalJSON() ([]byte, error)

func (*ClaimsTime) UnmarshalJSON 

func (t *ClaimsTime) UnmarshalJSON(b []byte) error

type RespCertificates 

type RespCertificates map[string]string

RespCertificates represents the data structure returned by the endpoint (kid:cert)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.