Documentation
¶
Index ¶
- Constants
- func GetHttpClient(credentials *GcpCredentials, clientScopes ...string) (*http.Client, error)
- func IsValidInstanceStatus(status string) bool
- func OAuth2RSAPublicKey(ctx context.Context, keyID string) (interface{}, error)
- func OAuth2RSAPublicKeyWithEndpoint(ctx context.Context, keyID, endpoint string) (interface{}, error)
- func ParseGcpLabels(labels []string) (parsed map[string]string, invalid []string)
- func PublicKey(pemString string) (interface{}, error)
- func ServiceAccount(iamClient *iam.Service, accountId *ServiceAccountId) (*iam.ServiceAccount, error)
- func ServiceAccountKey(iamClient *iam.Service, keyId *ServiceAccountKeyId) (*iam.ServiceAccountKey, error)
- func ServiceAccountPublicKey(serviceAccount string, keyId string) (interface{}, error)
- func ServiceAccountPublicKeyWithEndpoint(ctx context.Context, serviceAccount, keyID, endpoint string) (interface{}, error)
- type CustomJWTClaims
- type ExternalAccountConfig
- type FullResourceName
- type GCEIdentityMetadata
- type GcpCredentials
- type GoogleJWTClaims
- type RelativeResourceName
- type SelfLink
- type ServiceAccountId
- type ServiceAccountKeyId
Constants ¶
const ( // ServiceAccountTemplate is used with Google IAM v1. // // Deprecated: Use ServiceAccountCredentialsTemplate with Service Account Credentials API v1 // instead. See https://cloud.google.com/iam/docs/migrating-to-credentials-api // ServiceAccountTemplate is used with // https://pkg.go.dev/google.golang.org/api@v0.3.0/iam/v1 ServiceAccountTemplate = "projects/%s/serviceAccounts/%s" // ServiceAccountCredentialsTemplate is used with // https://pkg.go.dev/google.golang.org/api@v0.3.0/iamcredentials/v1 ServiceAccountCredentialsTemplate = "projects/-/serviceAccounts/%s" ServiceAccountKeyTemplate = "projects/%s/serviceAccounts/%s/keys/%s" ServiceAccountKeyFileType = "TYPE_X509_PEM_FILE" )
Variables ¶
This section is empty.
Functions ¶
func GetHttpClient ¶
func GetHttpClient(credentials *GcpCredentials, clientScopes ...string) (*http.Client, error)
GetHttpClient creates an HTTP client from the given Google credentials and scopes.
func IsValidInstanceStatus ¶
func OAuth2RSAPublicKey ¶
OAuth2RSAPublicKey returns the public key with the given key ID from Google's public set of OAuth 2.0 keys. If the key does not exist, an error is returned.
func OAuth2RSAPublicKeyWithEndpoint ¶ added in v0.8.0
func OAuth2RSAPublicKeyWithEndpoint(ctx context.Context, keyID, endpoint string) (interface{}, error)
OAuth2RSAPublicKeyWithEndpoint returns the public key with the given key ID from Google's public set of OAuth 2.0 keys. If endpoint is provided, it will be used as the service endpoint for the request. If endpoint is not provided, a default of "https://www.googleapis.com" will be used. If the key does not exist, an error is returned.
func ParseGcpLabels ¶
func PublicKey ¶
PublicKey returns a public key from a Google PEM key file (type TYPE_X509_PEM_FILE).
func ServiceAccount ¶
func ServiceAccount(iamClient *iam.Service, accountId *ServiceAccountId) (*iam.ServiceAccount, error)
ServiceAccount wraps a call to the GCP IAM API to get a service account.
func ServiceAccountKey ¶
func ServiceAccountKey(iamClient *iam.Service, keyId *ServiceAccountKeyId) (*iam.ServiceAccountKey, error)
ServiceAccountKey wraps a call to the GCP IAM API to get a service account key.
func ServiceAccountPublicKey ¶ added in v0.6.0
ServiceAccountPublicKey returns the public key with the given key ID for the given service account if it exists. If the key does not exist, an error is returned.
func ServiceAccountPublicKeyWithEndpoint ¶ added in v0.8.0
func ServiceAccountPublicKeyWithEndpoint(ctx context.Context, serviceAccount, keyID, endpoint string) (interface{}, error)
ServiceAccountPublicKeyWithEndpoint returns the public key with the given key ID for the given service account if it exists. If endpoint is provided, it will be used as the service endpoint for the request. If endpoint is not provided, a default of "https://www.googleapis.com" will be used. If the key does not exist, an error is returned.
Types ¶
type CustomJWTClaims ¶
type CustomJWTClaims struct {
Google *GoogleJWTClaims `json:"google,omitempty"`
}
type ExternalAccountConfig ¶ added in v0.9.0
type ExternalAccountConfig struct { // External Account fields Audience string TTL time.Duration ServiceAccountEmail string TokenSupplier externalaccount.SubjectTokenSupplier }
func (*ExternalAccountConfig) GetExternalAccountCredentials ¶ added in v0.9.0
func (c *ExternalAccountConfig) GetExternalAccountCredentials(ctx context.Context) (*google.Credentials, error)
type FullResourceName ¶
type FullResourceName struct { Service string *RelativeResourceName }
func ParseFullResourceName ¶
func ParseFullResourceName(name string) (*FullResourceName, error)
type GCEIdentityMetadata ¶
type GCEIdentityMetadata struct { // ProjectId is the ID for the project where you created the instance. ProjectId string `json:"project_id" structs:"project_id" mapstructure:"project_id"` // ProjectNumber is the unique ID for the project where you created the instance. ProjectNumber int64 `json:"project_number" structs:"project_number" mapstructure:"project_number"` // Zone is the zone where the instance is located. Zone string `json:"zone" structs:"zone" mapstructure:"zone"` // InstanceId is the unique ID for the instance to which this token belongs. This ID is unique and never reused. InstanceId string `json:"instance_id" structs:"instance_id" mapstructure:"instance_id"` // InstanceName is the name of the instance to which this token belongs. This name can be reused by several // instances over time, so use the instance_id value to identify a unique instance ID. InstanceName string `json:"instance_name" structs:"instance_name" mapstructure:"instance_name"` // CreatedAt is a unix timestamp indicating when you created the instance. CreatedAt int64 `json:"instance_creation_timestamp" structs:"instance_creation_timestamp" mapstructure:"instance_creation_timestamp"` }
func (*GCEIdentityMetadata) GetVerifiedInstance ¶
func (meta *GCEIdentityMetadata) GetVerifiedInstance(gceClient *compute.Service) (*compute.Instance, error)
GetVerifiedInstance returns the Instance as described by the identity metadata or an error. If the instance has an invalid status or its creation timestamp does not match the metadata value, this will return nil and an error.
type GcpCredentials ¶
type GcpCredentials struct { ClientEmail string `json:"client_email" structs:"client_email" mapstructure:"client_email"` ClientId string `json:"client_id" structs:"client_id" mapstructure:"client_id"` PrivateKeyId string `json:"private_key_id" structs:"private_key_id" mapstructure:"private_key_id"` PrivateKey string `json:"private_key" structs:"private_key" mapstructure:"private_key"` ProjectId string `json:"project_id" structs:"project_id" mapstructure:"project_id"` }
GcpCredentials represents a simplified version of the Google Cloud Platform credentials file format.
func Credentials ¶
func Credentials(credentialsJson string) (*GcpCredentials, error)
Credentials attempts to parse GcpCredentials from a JSON string.
func FindCredentials ¶
func FindCredentials(credsJson string, ctx context.Context, scopes ...string) (*GcpCredentials, oauth2.TokenSource, error)
FindCredentials attempts to obtain GCP credentials in the following ways: * Parse JSON from provided credentialsJson * Parse JSON from the environment variables GOOGLE_CREDENTIALS or GOOGLE_CLOUD_KEYFILE_JSON * Parse JSON file ~/.gcp/credentials * Google Application Default Credentials (see https://developers.google.com/identity/protocols/application-default-credentials)
type GoogleJWTClaims ¶
type GoogleJWTClaims struct {
Compute *GCEIdentityMetadata `json:"compute_engine,omitempty"`
}
type RelativeResourceName ¶
type RelativeResourceName struct { Name string TypeKey string IdTuples map[string]string OrderedCollectionIds []string }
func ParseRelativeName ¶
func ParseRelativeName(resource string) (*RelativeResourceName, error)
type SelfLink ¶
type SelfLink struct { Prefix string *RelativeResourceName }
type ServiceAccountId ¶
func (*ServiceAccountId) ResourceName ¶
func (id *ServiceAccountId) ResourceName() string
type ServiceAccountKeyId ¶
func (*ServiceAccountKeyId) ResourceName ¶
func (id *ServiceAccountKeyId) ResourceName() string