gserviceaccount

package

v0.2.5 Latest Latest Go to latest Published: Jan 7, 2024 License: MIT Imports: 13 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kenshaw/jwt

Links

Open Source Insights

Documentation ¶

Overview ¶

Package gserviceaccount provides a simple way to load Google service account credentials and create a corresponding oauth2.TokenSource from it.

Constants ¶

View Source

const (
	// DefaultAlgorithm is the default jwt.Algothrithm to use with service
	// account tokens.
	DefaultAlgorithm = jwt.RS256

	// DefaultExpiration is the default token expiration duration to use with
	// service account tokens.
	DefaultExpiration = 1 * time.Hour
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type GServiceAccount ¶

type GServiceAccount struct {
	Type                    string `json:"type,omitempty"`
	ProjectID               string `json:"project_id,omitempty"`
	PrivateKeyID            string `json:"private_key_id,omitempty"`
	PrivateKey              string `json:"private_key,omitempty"`
	ClientEmail             string `json:"client_email,omitempty"`
	ClientID                string `json:"client_id,omitempty"`
	AuthURI                 string `json:"auth_uri,omitempty"`
	TokenURI                string `json:"token_uri,omitempty"`
	AuthProviderX509CertURL string `json:"auth_provider_x509_cert_url,omitempty"`
	ClientX509CertURL       string `json:"client_x509_cert_url,omitempty"`
	// contains filtered or unexported fields
}

GServiceAccount wraps Google Service Account parameters, and are the same values found in a standard JSON-encoded credentials file provided by Google.

func FromFile ¶

func FromFile(path string, opts ...Option) (*GServiceAccount, error)

FromFile loads Google service account credentials from a reader.

func FromJSON ¶

func FromJSON(buf []byte, opts ...Option) (*GServiceAccount, error)

FromJSON loads service account credentials from the JSON encoded buf.

func FromReader ¶

func FromReader(r io.Reader, opts ...Option) (*GServiceAccount, error)

FromReader loads Google service account credentials from a reader.

func (*GServiceAccount) Client ¶

func (gsa *GServiceAccount) Client(ctx context.Context, scopes ...string) (*http.Client, error)

Client returns a HTTP client using the provided context and scopes for the service account as the underlying transport.

When called with the appropriate scopes, the created client can be used to create any Google API Service:

		import (
			dns "google.golang.org/api/dns/v2beta1"
     )
     cl, err := gsa.Client(ctx, dns.CloudPlatformScope, dns.NdevClouddnsReadwriteScope)
		if err != nil { /* ... */ }
     dnsService, err := dns.New(cl)
		if err != nil { /* ... */ }

Note: this is a convenience func only.

func (*GServiceAccount) Signer ¶

func (gsa *GServiceAccount) Signer() (jwt.Signer, error)

Signer returns a jwt.Signer for use when signing tokens.

func (*GServiceAccount) TokenSource ¶

func (gsa *GServiceAccount) TokenSource(ctx context.Context, scopes ...string) (*bearer.Bearer, error)

TokenSource returns a oauth2.TokenSource for the Google Service Account using the provided context and scopes. The resulting token source should be wrapped with oauth2.ReusableTokenSource prior to being used elsewhere.

If additional claims need to be added to the TokenSource (ie, subject or the "sub" field), use WithClaim option to add claims before wrapping the TokenSource with oauth2.ReusableTokenSource.

type Option ¶

type Option func(*GServiceAccount) error

Option is a GServiceAccount option.

func WithClaim ¶

func WithClaim(name string, v interface{}) Option

WithClaim is a GServiceAccount option to set additional claims for tokens generated from the token source.

func WithExpiration ¶

func WithExpiration(expiration time.Duration) Option

WithExpiration is a GServiceAccount option to set a expiration limit for tokens generated from the token source.

func WithProxy ¶

func WithProxy(proxy string) Option

WithProxy is a GServiceAccount option to set a HTTP proxy used for by the token source.

func WithSubject ¶

func WithSubject(sub string) Option

WithSubject is a GServiceAccount option to set a subject ("sub") claim for tokens generated from the token source.

This is useful when using domain-wide delegation to impersonate a user.

Example:

import (
	"github.com/kenshaw/jwt/gserviceaccount"
	admin "google.golang.org/api/admin/directory/v1"
)
func main() {
	gsa, err := gserviceaccount.FromFile("/path/to/gsa.json", gserviceaccount.WithSubject("user@example.com"))
	if err != nil { /* ... */ }
	cl, err := gsa.Client()
	if err != nil { /* ... */ }
	adminService, err := admin.New(cl)
	if err != nil { /* ... */ }
	users, err := adminService.Users.Domain("example.com").List()
	if err != nil { /* ... */ }
	for _, u := range users.Users { /* ... */ }
}

func WithTransport ¶

func WithTransport(transport http.RoundTripper) Option

WithTransport is a GServiceAccount option to set the client transport used by the token source.

Source Files ¶

View all Source files

gserviceaccount.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL