Documentation
¶
Overview ¶
Copyright 2018 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2019 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2021 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2020 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2020 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2021 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2018 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2020 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2018 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2020 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func BuildHeader(tokenType string, token string) string
- func BuildRefreshTokenJSON(refreshToken string, creds *google.Credentials) string
- func ClearCache() error
- func Curl(settings *Settings, taskSettings *TaskSettings)
- func CurlCommand(cli string, header string, url string, extraArgs ...string)
- func EncodeClaims(settings *Settings) string
- func Fetch(settings *Settings, taskSettings *TaskSettings)
- func FetchToken(ctx context.Context, settings *Settings) (*oauth2.Token, error)
- func FindJSONCredentials(ctx context.Context, settings *Settings) (*google.Credentials, error)
- func GenerateServiceAccountAccessToken(accessToken string, serviceAccount string, scope string) (*oauth2.Token, error)
- func GuessUnixHomeDir() string
- func Header(settings *Settings, taskSettings *TaskSettings)
- func Info(token string) int
- func InsertCache(settings *Settings, token *oauth2.Token) error
- func JWTTokenSource(ctx context.Context, settings *Settings) (oauth2.TokenSource, error)
- func LookupCache(settings *Settings) (*oauth2.Token, error)
- func OAuthJSONTokenSource(ctx context.Context, settings *Settings) (oauth2.TokenSource, error)
- func Reset()
- func SSOFetch(cli string, email string, scope string) (*oauth2.Token, error)
- func StsExchange(accessToken string, encodedClaims string) (*oauth2.Token, error)
- func Test(token string) int
- func Web()
- func WebStop()
- type CacheKey
- type Settings
- type TaskSettings
Constants ¶
const CacheFileName = ".oauth2l"
const IamServiceAccountAccessTokenURL = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateAccessToken"
IamServiceAccountAccessTokenURL is used for generating accesss token for a Service Account.
const StsURL = "https://securetoken.googleapis.com/v1alpha2/identitybindingtoken"
StsURL is Google's Secure Token Service endpoint used for obtaining STS token. TODO (andyzhao): Replace with https://sts.googleapis.com/v1/token when ready.
Variables ¶
var CacheLocation string = filepath.Join(GuessUnixHomeDir(), CacheFileName)
var DefaultScope = "https://www.googleapis.com/auth/cloud-platform"
var MethodAPIKey = "apikey"
var MethodJWT = "jwt"
var MethodOAuth = "oauth"
var WebDirectory string = filepath.Join(GuessUnixHomeDir(), defaultWebPackageName)
Functions ¶
func BuildHeader ¶
Returns the given token in standard header format.
func BuildRefreshTokenJSON ¶ added in v1.2.0
func BuildRefreshTokenJSON(refreshToken string, creds *google.Credentials) string
BuildRefreshTokenJSON attempts to construct a gcloud refresh token JSON using a refreshToken and an OAuth Client ID Credentials object. Empty string is returned if this is not possible.
func ClearCache ¶
func ClearCache() error
func Curl ¶
func Curl(settings *Settings, taskSettings *TaskSettings)
Fetches token with the given settings using Google Authenticator and use the token as header to make curl request.
func CurlCommand ¶
Executes curl command with provided header and params.
func EncodeClaims ¶ added in v1.1.0
EncodeClaims base64 encodes supported STS claims in settings
func Fetch ¶
func Fetch(settings *Settings, taskSettings *TaskSettings)
Fetches and prints the token in plain text with the given settings using Google Authenticator.
func FetchToken ¶ added in v1.2.0
Returns a token from the given settings. Returns nil for API keys.
func FindJSONCredentials ¶ added in v1.2.0
FindJSONCredentials obtains credentials from settings or Application Default Credentials
func GenerateServiceAccountAccessToken ¶ added in v1.2.0
func GenerateServiceAccountAccessToken(accessToken string, serviceAccount string, scope string) (*oauth2.Token, error)
GenerateServiceAccountAccessToken generates a Service Account access token using a User access token approved for at least one of the following scopes: * https://www.googleapis.com/auth/iam * https://www.googleapis.com/auth/cloud-platform
func GuessUnixHomeDir ¶ added in v1.2.0
func GuessUnixHomeDir() string
func Header ¶
func Header(settings *Settings, taskSettings *TaskSettings)
Fetches and prints the token in header format with the given settings using Google Authenticator.
func JWTTokenSource ¶ added in v1.2.0
func OAuthJSONTokenSource ¶ added in v1.2.0
func StsExchange ¶ added in v1.1.0
Exchanges an OAuth Access Token to an Sts token with base64 encoded claims
Types ¶
type CacheKey ¶
type CacheKey struct {
// The JSON credentials content downloaded from Google Cloud Console.
CredentialsJSON string
// If specified, use OAuth. Otherwise, JWT.
Scope string
// The audience field for JWT auth and UAT
Audience string
// The email used for SSO and domain-wide delegation.
Email string
// The Google API key
APIKey string
// The QuotaProject field for STS
QuotaProject string
// If specified, performs STS exchange on top of base OAuth
Sts bool
// Exchange User access token for Service Account access token.
ServiceAccount string
}
The key struct that used to identify an auth token fetch operation.
type Settings ¶ added in v1.2.0
type Settings struct {
// The JSON credentials content downloaded from Google Cloud Console.
CredentialsJSON string
// If specified, use OAuth. Otherwise, JWT.
Scope string
// The audience field for JWT auth
Audience string
// The Google API key
APIKey string
// This is only used for domain-wide delegation.
// DEPRECATED
User string
// The email used for SSO and domain-wide delegation.
Email string
// A user specified project that is responsible for the request quota and
// billing charges.
QuotaProject string
// AuthHandler is the AuthorizationHandler used for 3-legged OAuth flow.
AuthHandler authhandler.AuthorizationHandler
// State is a unique string used with AuthHandler.
State string
// Indicates that STS token exchange should be performed.
Sts bool
// Used for Service Account Impersonation.
// Exchange User access token for Service Account access token.
ServiceAccount string
}
An extensible structure that holds the credentials for Google API authentication.
func (Settings) AuthMethod ¶ added in v1.2.0
type TaskSettings ¶ added in v1.1.0
type TaskSettings struct {
// AuthType determines which auth tool to use (sso vs sgauth)
AuthType string
// Output format for Fetch task
Format string
// CurlCli override for Curl task
CurlCli string
// Url endpoint for Curl task
Url string
// Extra args for Curl task
ExtraArgs []string
// SsoCli override for Sso task
SsoCli string
// Refresh expired access token in cache
Refresh bool
}
An extensible structure that holds the settings used by different oauth2l tasks. These settings are used by oauth2l only and are not part of GUAC settings.
Source Files