Documentation
¶
Index ¶
- Constants
- Variables
- func CredentialsFromJSON(ctx context.Context, jsonData []byte, opts ...CredentialsFromJSONOption) (*google.Credentials, error)
- func NewTokenSource(ctx context.Context, jsonData []byte, opts ...TokenSourceOption) (oauth2.TokenSource, error)
- func TokenSourceConfigFromJSON(jsonData []byte, opts ...TokenSourceOption) (*externalaccount.Config, error)
- type AwsEcsSecurityCredentialsSupplier
- type CredentialsFromJSONOption
- type CredentialsFromJSONOptionParams
- type CredentialsFromJSONOptionTokenSourceConfigOption
- type TokenSourceConfigOptionAwsContainerCredentialsRelativeURI
- type TokenSourceConfigOptionAwsEcsMetadataEndpointHost
- type TokenSourceConfigOptionDefaultAwsRegion
- type TokenSourceConfigOptionHTTPClient
- type TokenSourceConfigOptionScopes
- type TokenSourceOption
- func WithTokenSourceOptionAwsContainerCredentialsRelativeURI(uri string) TokenSourceOption
- func WithTokenSourceOptionAwsEcsMetadataEndpointHost(host string) TokenSourceOption
- func WithTokenSourceOptionDefaultAwsRegion(region string) TokenSourceOption
- func WithTokenSourceOptionHTTPClient(httpClient *http.Client) TokenSourceOption
- func WithTokenSourceOptionScopes(scopes []string) TokenSourceOption
Constants ¶
const ( AWS_REGION = "AWS_REGION" AWS_DEFAULT_REGION = "AWS_DEFAULT_REGION" AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" )
env keys
const (
DefaultMetadataEndpointHost = "http://169.254.170.2"
)
defaults
Variables ¶
var ( ErrUnableToDetermineAwsRegion = errors.New("unable to determine AWS region") ErrUnableToGetAwsCredentials = errors.New("unable to get AWS credentials") ErrEnvAwsContainerCredentialsRelativeURIIsNotSet = errors.New(fmt.Sprintf("env %s is not set", AWS_CONTAINER_CREDENTIALS_RELATIVE_URI)) //nolint:revive,gosimple // because the return types of errors.New and fmt.Errorf are not the same, and I explicitly choose to use errors.New. )
errors
var (
DefaultTokenSourceConfigScopes = []string{"https://www.googleapis.com/auth/cloud-platform"}
)
defaults
Functions ¶
func CredentialsFromJSON ¶
func CredentialsFromJSON(ctx context.Context, jsonData []byte, opts ...CredentialsFromJSONOption) (*google.Credentials, error)
func NewTokenSource ¶
func NewTokenSource(ctx context.Context, jsonData []byte, opts ...TokenSourceOption) (oauth2.TokenSource, error)
NewTokenSource creates a new token source from Google Workload Identity Federation JSON configuration.
The documentation here mentions the method of Workload Identity Federation using EC2 Instance Metadata, but it does not mention the method of Federation using ECS Metadata. Additionally, golang.org/x/oauth2/google/externalaccount does not support ECS Metadata by default. Therefore, it is possible to enable Federation using ECS Metadata by implementing the golang.org/x/oauth2/google/externalaccount.AwsSecurityCredentialsSupplier interface and replacing it in the Config.
example:
data, _ := os.ReadFile(os.Getenv("GOOGLE_APPLICATION_CREDENTIALS"))
ts, _ := NewTokenSource(ctx, data)
client, _ := storage.NewClient(ctx, option.WithCredentials(&google.Credentials{TokenSource: ts}))
func TokenSourceConfigFromJSON ¶
func TokenSourceConfigFromJSON(jsonData []byte, opts ...TokenSourceOption) (*externalaccount.Config, error)
TokenSourceConfigFromJSON creates a new token source config from Google Workload Identity Federation JSON configuration.
The documentation here mentions the method of Workload Identity Federation using EC2 Instance Metadata, but it does not mention the method of Federation using ECS Metadata. Additionally, golang.org/x/oauth2/google/externalaccount does not support ECS Metadata by default. Therefore, it is possible to enable Federation using ECS Metadata by implementing the golang.org/x/oauth2/google/externalaccount.AwsSecurityCredentialsSupplier interface and replacing it in the Config.
example:
data, _ := os.ReadFile(os.Getenv("GOOGLE_APPLICATION_CREDENTIALS"))
cfg, _ := TokenSourceConfigFromJSON(data)
ts, _ := externalaccount.NewTokenSource(ctx, cfg)
client, _ := storage.NewClient(ctx, option.WithCredentials(&google.Credentials{TokenSource: ts}))
Types ¶
type AwsEcsSecurityCredentialsSupplier ¶
type AwsEcsSecurityCredentialsSupplier struct {
// contains filtered or unexported fields
}
AwsEcsSecurityCredentialsSupplier is a supplier for AWS security credentials.
func (*AwsEcsSecurityCredentialsSupplier) AwsRegion ¶
func (h *AwsEcsSecurityCredentialsSupplier) AwsRegion(_ context.Context, _ externalaccount.SupplierOptions) (string, error)
func (*AwsEcsSecurityCredentialsSupplier) AwsSecurityCredentials ¶
func (h *AwsEcsSecurityCredentialsSupplier) AwsSecurityCredentials(ctx context.Context, _ externalaccount.SupplierOptions) (*externalaccount.AwsSecurityCredentials, error)
type CredentialsFromJSONOption ¶
type CredentialsFromJSONOption interface {
// contains filtered or unexported methods
}
func WithCredentialsFromJSONOptionParams ¶
func WithCredentialsFromJSONOptionParams(params google.CredentialsParams) CredentialsFromJSONOption
WithCredentialsFromJSONOptionParams sets the google.CredentialsParams for google.CredentialsFromJSONWithParams.
func WithCredentialsFromJSONOptionTokenSourceConfigOptions ¶
func WithCredentialsFromJSONOptionTokenSourceConfigOptions(tokenSourceConfigOptions ...TokenSourceOption) CredentialsFromJSONOption
WithCredentialsFromJSONOptionTokenSourceConfigOptions sets the TokenSourceConfigOption for the credentials. This allows customization of the token source configuration when creating credentials from JSON.
type CredentialsFromJSONOptionParams ¶
type CredentialsFromJSONOptionParams struct {
// contains filtered or unexported fields
}
type CredentialsFromJSONOptionTokenSourceConfigOption ¶
type CredentialsFromJSONOptionTokenSourceConfigOption struct {
// contains filtered or unexported fields
}
type TokenSourceConfigOptionAwsContainerCredentialsRelativeURI ¶
type TokenSourceConfigOptionAwsContainerCredentialsRelativeURI struct {
// contains filtered or unexported fields
}
type TokenSourceConfigOptionAwsEcsMetadataEndpointHost ¶
type TokenSourceConfigOptionAwsEcsMetadataEndpointHost struct {
// contains filtered or unexported fields
}
type TokenSourceConfigOptionDefaultAwsRegion ¶
type TokenSourceConfigOptionDefaultAwsRegion struct {
// contains filtered or unexported fields
}
type TokenSourceConfigOptionHTTPClient ¶
type TokenSourceConfigOptionHTTPClient struct {
// contains filtered or unexported fields
}
type TokenSourceConfigOptionScopes ¶
type TokenSourceConfigOptionScopes struct {
// contains filtered or unexported fields
}
type TokenSourceOption ¶
type TokenSourceOption interface {
// contains filtered or unexported methods
}
func WithTokenSourceOptionAwsContainerCredentialsRelativeURI ¶
func WithTokenSourceOptionAwsContainerCredentialsRelativeURI(uri string) TokenSourceOption
WithTokenSourceOptionAwsContainerCredentialsRelativeURI sets the AWS container credentials relative URI.
func WithTokenSourceOptionAwsEcsMetadataEndpointHost ¶
func WithTokenSourceOptionAwsEcsMetadataEndpointHost(host string) TokenSourceOption
WithTokenSourceOptionAwsEcsMetadataEndpointHost sets the AWS ECS Metadata Endpoint host.
func WithTokenSourceOptionDefaultAwsRegion ¶
func WithTokenSourceOptionDefaultAwsRegion(region string) TokenSourceOption
WithTokenSourceOptionDefaultAwsRegion sets the default AWS region.
func WithTokenSourceOptionHTTPClient ¶
func WithTokenSourceOptionHTTPClient(httpClient *http.Client) TokenSourceOption
WithTokenSourceOptionHTTPClient sets the HTTP client to be used by the AwsEcsSecurityCredentialsSupplier. This allows for custom configurations such as timeouts, transport settings, and other HTTP client options.
func WithTokenSourceOptionScopes ¶
func WithTokenSourceOptionScopes(scopes []string) TokenSourceOption
WithTokenSourceOptionScopes sets the scopes.
Source Files