iam

package
v2.10.5-fix Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 17, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package iam provides interface for retrieving and caching iam tokens.

Index

Constants

View Source
const (
	DefaultAudience = "https://iam.api.cloud.yandex.net/iam/v1/tokens"
	DefaultEndpoint = "iam.api.cloud.yandex.net:443"
	DefaultTokenTTL = time.Hour
)

Default client parameters.

Variables

View Source
var (
	ErrServiceFileInvalid = errors.New("service account file is not valid")
	ErrKeyCannotBeParsed  = errors.New("private key can not be parsed")
	ErrEndpointRequired   = errors.New("iam: endpoint required")
)

Functions

func InstanceServiceAccount

func InstanceServiceAccount(ctx context.Context) ydb.Credentials

Credentials provider that uses instance metadata with default url to obtain token for service account attached to instance. Cancelling context will lead to credentials refresh halt. It should be used during application stop or credentials recreation.

func InstanceServiceAccountURL

func InstanceServiceAccountURL(ctx context.Context, url string) ydb.Credentials

Credentials provider that uses instance metadata url to obtain token for service account attached to instance. Cancelling context will lead to credentials refresh halt. It should be used during application stop or credentials recreation.

func NewClient

func NewClient(opts ...ClientOption) (ydb.Credentials, error)

NewClient creates IAM (jwt) authorized client from provided ClientOptions list.

To create successfully at least one of endpoint options must be provided.

Types

type ClientOption

type ClientOption func(*client) error

func WithAudience

func WithAudience(audience string) ClientOption

WithAudience set provided audience.

func WithCertPool

func WithCertPool(certPool *x509.CertPool) ClientOption

WithCertPool set provided certPool.

func WithCertPoolFile

func WithCertPoolFile(caFile string) ClientOption

WithCertPoolFile try set root certPool from provided cert file path.

func WithDefaultEndpoint

func WithDefaultEndpoint() ClientOption

WithDefaultEndpoint set endpoint with default value.

func WithEndpoint

func WithEndpoint(endpoint string) ClientOption

WithEndpoint set provided endpoint.

func WithInsecureSkipVerify

func WithInsecureSkipVerify(insecure bool) ClientOption

WithInsecureSkipVerify set insecureSkipVerify to true which force client accepts any TLS certificate presented by the iam server and any host name in that certificate.

If InsecureSkipVerify is set, then certPool field is not used.

This should be used only for testing purposes.

func WithIssuer

func WithIssuer(issuer string) ClientOption

WithIssuer set provided issuer.

func WithKeyID

func WithKeyID(keyID string) ClientOption

WithKeyID set provided keyID.

func WithPrivateKey

func WithPrivateKey(key *rsa.PrivateKey) ClientOption

WithPrivateKey set provided private key.

func WithPrivateKeyFile

func WithPrivateKeyFile(path string) ClientOption

WithPrivateKeyFile try set key from provided private key file path

func WithServiceFile

func WithServiceFile(path string) ClientOption

WithServiceFile try set key, keyID, issuer from provided service account file path.

Do not mix this option with WithKeyID, WithIssuer and key options (WithPrivateKey, WithPrivateKeyFile, etc).

func WithSourceInfo

func WithSourceInfo(sourceInfo string) ClientOption

WithSourceInfo set sourceInfo

func WithSystemCertPool

func WithSystemCertPool() ClientOption

WithSystemCertPool try set certPool with system root certificates.

func WithTokenTTL

func WithTokenTTL(tokenTTL time.Duration) ClientOption

WithTokenTTL set provided tokenTTL duration.

type CreateTokenError

type CreateTokenError struct {
	Cause  error
	Reason string
}

CreateTokenError contains reason of token creation failure.

func (*CreateTokenError) Error

func (e *CreateTokenError) Error() string

Error implements error interface.

func (*CreateTokenError) Unwrap

func (e *CreateTokenError) Unwrap() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL