README
¶
Various utilities around main, authz and common network protocols - mostly boilerplate to copy instead of adding a dependency.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindConfig ¶
FindConfig is a simple loader for a config file.
func GetString ¶
Main config helper - base implementation for minimal deps CLI.
Larger binaries should use viper - which provides support for: - ini, json, yaml, java properties - remote providers (with encryption) - built in etcd3, consul, firestore
Types ¶
type Error ¶
type Error struct {
// Code is the HTTP response status code.
Code int
// Message is the server response message.
Message string
}
Error contains an error response from the server.
type MDS ¶
type MDS struct {
MDSBase string
// contains filtered or unexported fields
}
MDS provides access to the metadata server, tokens and host info.
func NewMDSClient ¶
NewMDSClient returns a client for an GCP MDS-like server.
It can return JWT tokens for the 'primary' service account, as well as metadata.
func (*MDS) Get ¶
Get returns a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
If the GCE_METADATA_HOST environment variable is not defined, a default of 169.254.169.254 will be used instead.
If the requested metadata is not defined, the returned error will be of type NotDefinedError.
func (*MDS) GetToken ¶
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-<GCP project number>@gcp-sa-meshdataplane.iam.gserviceaccount.com:generateAccessToken Content-Type: application/json Authorization: Bearer <federated token>
{
"Delegates": [],
"Scope": [
https://www.googleapis.com/auth/cloud-platform
],
}
func (*MDS) Subscribe ¶
Subscribe subscribes to a value from the metadata service. The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/". The suffix may contain query parameters.
Subscribe calls fn with the latest metadata value indicated by the provided suffix. If the metadata value is deleted, fn is called with the empty string and ok false. Subscribe blocks until fn returns a non-nil error or the value is deleted. Subscribe returns the error value returned from the last call to fn, which may be nil when ok == false.
type MDSRoundTripper ¶
type MDSRoundTripper struct {
// contains filtered or unexported fields
}
type NotDefinedError ¶
type NotDefinedError string
func (NotDefinedError) Error ¶
func (suffix NotDefinedError) Error() string
type TokenResponse ¶
type TokenResponse struct {
// REQUIRED. The security token issued by the authorization server
// in response to the token exchange request.
AccessToken string `json:"access_token"`
// REQUIRED. An identifier, representation of the issued security token.
IssuedTokenType string `json:"issued_token_type"`
// REQUIRED. A case-insensitive value specifying the method of using the access
// token issued. It provides the client with information about how to utilize the
// access token to access protected resources.
TokenType string `json:"token_type"`
// RECOMMENDED. The validity lifetime, in seconds, of the token issued by the
// authorization server.
ExpiresIn int64 `json:"expires_in"`
// OPTIONAL, if the Scope of the issued security token is identical to the
// Scope requested by the client; otherwise, REQUIRED.
Scope string `json:"scope"`
// OPTIONAL. A refresh token will typically not be issued when the exchange is
// of one temporary credential (the subject_token) for a different temporary
// credential (the issued token) for use in some other context.
RefreshToken string `json:"refresh_token"`
}
TokenResponse stores all attributes sent as JSON in a successful STS response. These attributes are defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.2.1 Also returned by MDS and federated token.
Source Files