Documentation ¶
Overview ¶
Package iam provides interface for retrieving and caching iam tokens.
Index ¶
- Constants
- Variables
- func InstanceServiceAccount(ctx context.Context) ydb.Credentials
- func InstanceServiceAccountURL(ctx context.Context, url string) ydb.Credentials
- func NewClient(opts ...ClientOption) (ydb.Credentials, error)
- type ClientOption
- func WithAudience(audience string) ClientOption
- func WithCertPool(certPool *x509.CertPool) ClientOption
- func WithCertPoolFile(caFile string) ClientOption
- func WithDefaultEndpoint() ClientOption
- func WithEndpoint(endpoint string) ClientOption
- func WithInsecureSkipVerify(insecure bool) ClientOption
- func WithIssuer(issuer string) ClientOption
- func WithKeyID(keyID string) ClientOption
- func WithPrivateKey(key *rsa.PrivateKey) ClientOption
- func WithPrivateKeyFile(path string) ClientOption
- func WithServiceFile(path string) ClientOption
- func WithSourceInfo(sourceInfo string) ClientOption
- func WithSystemCertPool() ClientOption
- func WithTokenTTL(tokenTTL time.Duration) ClientOption
- type CreateTokenError
Constants ¶
const ( DefaultAudience = "https://iam.api.cloud.yandex.net/iam/v1/tokens" DefaultEndpoint = "iam.api.cloud.yandex.net:443" DefaultTokenTTL = time.Hour )
Default client parameters.
Variables ¶
Functions ¶
func InstanceServiceAccount ¶
Credentials provider that uses instance metadata with default url to obtain token for service account attached to instance. Cancelling context will lead to credentials refresh halt. It should be used during application stop or credentials recreation.
func InstanceServiceAccountURL ¶
Credentials provider that uses instance metadata url to obtain token for service account attached to instance. Cancelling context will lead to credentials refresh halt. It should be used during application stop or credentials recreation.
func NewClient ¶
func NewClient(opts ...ClientOption) (ydb.Credentials, error)
NewClient creates IAM (jwt) authorized client from provided ClientOptions list.
To create successfully at least one of endpoint options must be provided.
Types ¶
type ClientOption ¶
type ClientOption func(*client) error
func WithAudience ¶
func WithAudience(audience string) ClientOption
WithAudience set provided audience.
func WithCertPool ¶
func WithCertPool(certPool *x509.CertPool) ClientOption
WithCertPool set provided certPool.
func WithCertPoolFile ¶
func WithCertPoolFile(caFile string) ClientOption
WithCertPoolFile try set root certPool from provided cert file path.
func WithDefaultEndpoint ¶
func WithDefaultEndpoint() ClientOption
WithDefaultEndpoint set endpoint with default value.
func WithEndpoint ¶
func WithEndpoint(endpoint string) ClientOption
WithEndpoint set provided endpoint.
func WithInsecureSkipVerify ¶
func WithInsecureSkipVerify(insecure bool) ClientOption
WithInsecureSkipVerify set insecureSkipVerify to true which force client accepts any TLS certificate presented by the iam server and any host name in that certificate.
If InsecureSkipVerify is set, then certPool field is not used.
This should be used only for testing purposes.
func WithPrivateKey ¶
func WithPrivateKey(key *rsa.PrivateKey) ClientOption
WithPrivateKey set provided private key.
func WithPrivateKeyFile ¶
func WithPrivateKeyFile(path string) ClientOption
WithPrivateKeyFile try set key from provided private key file path
func WithServiceFile ¶
func WithServiceFile(path string) ClientOption
WithServiceFile try set key, keyID, issuer from provided service account file path.
Do not mix this option with WithKeyID, WithIssuer and key options (WithPrivateKey, WithPrivateKeyFile, etc).
func WithSourceInfo ¶
func WithSourceInfo(sourceInfo string) ClientOption
WithSourceInfo set sourceInfo
func WithSystemCertPool ¶
func WithSystemCertPool() ClientOption
WithSystemCertPool try set certPool with system root certificates.
func WithTokenTTL ¶
func WithTokenTTL(tokenTTL time.Duration) ClientOption
WithTokenTTL set provided tokenTTL duration.
type CreateTokenError ¶
CreateTokenError contains reason of token creation failure.
func (*CreateTokenError) Error ¶
func (e *CreateTokenError) Error() string
Error implements error interface.
func (*CreateTokenError) Unwrap ¶
func (e *CreateTokenError) Unwrap() error