Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Option ¶
type Option func(*smartSignerConfig) error
func WithDelegates ¶
func WithTargetPrincipal ¶
type Signer ¶
type Signer interface { ServiceAccount(context.Context) string SignBlob(context.Context, []byte) (string, []byte, error) SignJwt(context.Context, string) (string, error) }
func AppEngineSigner ¶
func IamCredentialsSigner ¶
func IamCredentialsSigner(targetPrincipal string, delegates []string, ts oauth2.TokenSource) (Signer, error)
IamCredentialsSigner makes new Signer. targetPrincipal and delegates is passed to iamcredentials.SignBlob. if ts is nil, ADC will be used.
func ServiceAccountSigner ¶
ServiceAccountSigner returns Signer which can sign without any network access.
func SmartSigner ¶
SmartSigner create signer for ADC with optional impersonation. Impersonation setting is supplied from below in descending order of priority.
- options e.g. signer.WithTargetPrincipal, signer.WithDelegates
- `CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT` environment variable
If impersonation is not applied, all credentials except App Engine 1st gen(only Go 1.11) and Service Account Key need a Token Creator role to themselves.
Source Files ¶
Click to show internal directories.
Click to hide internal directories.