auth

package
v0.0.0-...-03d6fc4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2019 License: BSD-3-Clause Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DEFAULT_JWT_FILENAME           = "service-account.json"
	DEFAULT_CLIENT_SECRET_FILENAME = "client_secret.json"
	DEFAULT_TOKEN_STORE_FILENAME   = "google_storage_token.data"
)
View Source 
const (
	// Supported Cloud storage API OAuth scopes.
	SCOPE_READ_ONLY         = storage.DevstorageReadOnlyScope
	SCOPE_READ_WRITE        = storage.DevstorageReadWriteScope
	SCOPE_FULL_CONTROL      = storage.DevstorageFullControlScope
	SCOPE_COMPUTE_READ_ONLY = compute.ComputeReadonlyScope
	SCOPE_GCE               = compute.ComputeScope
	SCOPE_GERRIT            = "https://www.googleapis.com/auth/gerritcodereview"
	SCOPE_PLUS_ME           = "https://www.googleapis.com/auth/plus.me"
	SCOPE_PUBSUB            = pubsub.ScopePubSub
	SCOPE_USERINFO_EMAIL    = "https://www.googleapis.com/auth/userinfo.email"
	SCOPE_USERINFO_PROFILE  = "https://www.googleapis.com/auth/userinfo.profile"
)

Variables

This section is empty.

Functions

func NewDefaultJWTServiceAccountTokenSource 

func NewDefaultJWTServiceAccountTokenSource(scopes ...string) (oauth2.TokenSource, error)

NewDefaultJWTServiceAccountTokenSource creates a new oauth2.TokenSource that is loaded first by attempting to load JWT JSON Service Account data from GCE Project Level metadata, and if that fails falls back to loading the data from a local file.

func NewDefaultLegacyTokenSource 

func NewDefaultLegacyTokenSource(local bool, scopes ...string) (oauth2.TokenSource, error)

NewDefaultLegacyTokenSource creates a new OAuth 2.0 token source with all the defaults for the given scopes. If local is true then a 3-legged flow is initiated, otherwise the GCE Service Account is used if running in GCE, and the Skolo access token provider is used if running in Skolo.

The default OAuth config filename is "client_secret.json". The default OAuth token store filename is "google_storage_token.data".

func NewDefaultTokenSource 

func NewDefaultTokenSource(local bool, scopes ...string) (oauth2.TokenSource, error)

NewDefaultTokenSource creates a new OAuth 2.0 token source. If local is true then it uses the credentials it gets from running: 

gcloud auth print-access-token

otherwise the GCE Service Account is used if running in GCE, and the Skolo access token provider is used if running in Skolo.

Note: The default project for gcloud is used, and can be changed by running 

$ gcloud config set project [project name]

local - If true then use the gcloud command line tool. scopes - The scopes requested.

When run on GCE the scopes are ignored in favor of the scopes set on the instance, see: 

https://cloud.google.com/sdk/gcloud/reference/compute/instances/set-service-account

func NewGCloudTokenSource 

func NewGCloudTokenSource(projectId string) oauth2.TokenSource

NewGCloudTokenSource creates an oauth2.TokenSource that returns tokens from the locally authorized gcloud command line tool, i.e. it gets them from running: 

gcloud auth print-access-token

projectId - The name of the GCP project, e.g. 'skia-public'. If empty, "", then 

the default project id for gcloud is used.

func NewJWTServiceAccountTokenSource 

func NewJWTServiceAccountTokenSource(metadataname, filename string, scopes ...string) (oauth2.TokenSource, error)

NewJWTServiceAccountTokenSource creates a new oauth2.TokenSource that is loaded first by attempting to load JWT JSON Service Account data from GCE Project Level metadata, and if that fails falls back to loading the data from a local file. 

metadataname - The name of the GCE project level metadata key that holds the JWT JSON. If empty a default is used.
filename - The name of the local file that holds the JWT JSON. If empty a default is used.

func NewLUCIContextTokenSource 

func NewLUCIContextTokenSource(scopes ...string) (oauth2.TokenSource, error)

NewLUCIContextTokenSource creates a new oauth2.TokenSource that uses LUCI_CONTEXT to generate tokens. This is the canonical way to obtain tokens for a service account tied to a Swarming task, ie. not the default GCE service account for a VM, but a service account specified in the task request. For more information, see: https://github.com/luci/luci-py/blob/master/client/LUCI_CONTEXT.md

Individual scopes need to be whitelisted by the LUCI token server. For this reason, it is recommended to use the compute.CloudPlatform scope.

func NewLegacyTokenSource 

func NewLegacyTokenSource(local bool, oauthCacheFile string, oauthConfigFile string, scopes ...string) (oauth2.TokenSource, error)

NewLegacyTokenSource creates a new OAuth 2.0 token source. If local is true then a 3-legged flow is initiated, otherwise the GCE Service Account is used if running in GCE, and the Skolo access token provider is used if running in Skolo.

The OAuth tokens will be stored in oauthCacheFile. The OAuth config will come from oauthConfigFile.

func NewTokenSourceFromIdAndSecret 

func NewTokenSourceFromIdAndSecret(clientId, clientSecret, oauthCacheFile string, scopes ...string) (oauth2.TokenSource, error)

NewTokenSourceFromIdAndSecret creates a new OAuth 2.0 token source with all the defaults for the given scopes, and the given token store filename.

func SimpleTokenSrc 

func SimpleTokenSrc(token *oauth2.Token) oauth2.TokenSource

SimpleTokenSrc implements the oauth2.TokenSource interface and wraps around a token that has been retrieved by other means

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.