Documentation
¶
Index ¶
- Constants
- func GetHttpClient(credentials *GcpCredentials, clientScopes ...string) (*http.Client, error)
- func IsValidInstanceStatus(status string) bool
- func OAuth2RSAPublicKey(ctx context.Context, keyId string) (interface{}, error)
- func ParseGcpLabels(labels []string) (parsed map[string]string, invalid []string)
- func PublicKey(pemString string) (interface{}, error)
- func ServiceAccount(iamClient *iam.Service, accountId *ServiceAccountId) (*iam.ServiceAccount, error)
- func ServiceAccountKey(iamClient *iam.Service, keyId *ServiceAccountKeyId) (*iam.ServiceAccountKey, error)
- func ServiceAccountPublicKey(serviceAccount string, keyId string) (interface{}, error)
- type CustomJWTClaims
- type FullResourceName
- type GCEIdentityMetadata
- type GcpCredentials
- type GoogleJWTClaims
- type RelativeResourceName
- type SelfLink
- type ServiceAccountId
- type ServiceAccountKeyId
Constants ¶
View Source
const ( // ServiceAccountTemplate is used with Google IAM v1. // // Deprecated: Use ServiceAccountCredentialsTemplate with Service Account Credentials API v1 // instead. See https://cloud.google.com/iam/docs/migrating-to-credentials-api // ServiceAccountTemplate is used with // https://pkg.go.dev/google.golang.org/api@v0.3.0/iam/v1 ServiceAccountTemplate = "projects/%s/serviceAccounts/%s" // ServiceAccountCredentialsTemplate is used with // https://pkg.go.dev/google.golang.org/api@v0.3.0/iamcredentials/v1 ServiceAccountCredentialsTemplate = "projects/-/serviceAccounts/%s" ServiceAccountKeyTemplate = "projects/%s/serviceAccounts/%s/keys/%s" ServiceAccountKeyFileType = "TYPE_X509_PEM_FILE" )
Variables ¶
This section is empty.
Functions ¶
func GetHttpClient ¶
func GetHttpClient(credentials *GcpCredentials, clientScopes ...string) (*http.Client, error)
GetHttpClient creates an HTTP client from the given Google credentials and scopes.
func IsValidInstanceStatus ¶
func OAuth2RSAPublicKey ¶
OAuth2RSAPublicKey returns the PEM key file string for Google Oauth2 public cert for the given 'kid' id.
func ParseGcpLabels ¶
func PublicKey ¶
PublicKey returns a public key from a Google PEM key file (type TYPE_X509_PEM_FILE).
func ServiceAccount ¶
func ServiceAccount(iamClient *iam.Service, accountId *ServiceAccountId) (*iam.ServiceAccount, error)
ServiceAccount wraps a call to the GCP IAM API to get a service account.
func ServiceAccountKey ¶
func ServiceAccountKey(iamClient *iam.Service, keyId *ServiceAccountKeyId) (*iam.ServiceAccountKey, error)
ServiceAccountKey wraps a call to the GCP IAM API to get a service account key.
func ServiceAccountPublicKey ¶
Types ¶
type CustomJWTClaims ¶
type CustomJWTClaims struct {
Google *GoogleJWTClaims `json:"google,omitempty"`
}
type FullResourceName ¶
type FullResourceName struct {
Service string
*RelativeResourceName
}
func ParseFullResourceName ¶
func ParseFullResourceName(name string) (*FullResourceName, error)
type GCEIdentityMetadata ¶
type GCEIdentityMetadata struct {
// ProjectId is the ID for the project where you created the instance.
ProjectId string `json:"project_id" structs:"project_id" mapstructure:"project_id"`
// ProjectNumber is the unique ID for the project where you created the instance.
ProjectNumber int64 `json:"project_number" structs:"project_number" mapstructure:"project_number"`
// Zone is the zone where the instance is located.
Zone string `json:"zone" structs:"zone" mapstructure:"zone"`
// InstanceId is the unique ID for the instance to which this token belongs. This ID is unique and never reused.
InstanceId string `json:"instance_id" structs:"instance_id" mapstructure:"instance_id"`
// InstanceName is the name of the instance to which this token belongs. This name can be reused by several
// instances over time, so use the instance_id value to identify a unique instance ID.
InstanceName string `json:"instance_name" structs:"instance_name" mapstructure:"instance_name"`
// CreatedAt is a unix timestamp indicating when you created the instance.
CreatedAt int64 `json:"instance_creation_timestamp" structs:"instance_creation_timestamp" mapstructure:"instance_creation_timestamp"`
}
func (*GCEIdentityMetadata) GetVerifiedInstance ¶
func (meta *GCEIdentityMetadata) GetVerifiedInstance(gceClient *compute.Service) (*compute.Instance, error)
GetVerifiedInstance returns the Instance as described by the identity metadata or an error. If the instance has an invalid status or its creation timestamp does not match the metadata value, this will return nil and an error.
type GcpCredentials ¶
type GcpCredentials struct {
ClientEmail string `json:"client_email" structs:"client_email" mapstructure:"client_email"`
ClientId string `json:"client_id" structs:"client_id" mapstructure:"client_id"`
PrivateKeyId string `json:"private_key_id" structs:"private_key_id" mapstructure:"private_key_id"`
PrivateKey string `json:"private_key" structs:"private_key" mapstructure:"private_key"`
ProjectId string `json:"project_id" structs:"project_id" mapstructure:"project_id"`
}
GcpCredentials represents a simplified version of the Google Cloud Platform credentials file format.
func Credentials ¶
func Credentials(credentialsJson string) (*GcpCredentials, error)
Credentials attempts to parse GcpCredentials from a JSON string.
func FindCredentials ¶
func FindCredentials(credsJson string, ctx context.Context, scopes ...string) (*GcpCredentials, oauth2.TokenSource, error)
FindCredentials attempts to obtain GCP credentials in the following ways: * Parse JSON from provided credentialsJson * Parse JSON from the environment variables GOOGLE_CREDENTIALS or GOOGLE_CLOUD_KEYFILE_JSON * Parse JSON file ~/.gcp/credentials * Google Application Default Credentials (see https://developers.google.com/identity/protocols/application-default-credentials)
type GoogleJWTClaims ¶
type GoogleJWTClaims struct {
Compute *GCEIdentityMetadata `json:"compute_engine,omitempty"`
}
type RelativeResourceName ¶
type RelativeResourceName struct {
Name string
TypeKey string
IdTuples map[string]string
OrderedCollectionIds []string
}
func ParseRelativeName ¶
func ParseRelativeName(resource string) (*RelativeResourceName, error)
type SelfLink ¶
type SelfLink struct {
Prefix string
*RelativeResourceName
}
type ServiceAccountId ¶
func (*ServiceAccountId) ResourceName ¶
func (id *ServiceAccountId) ResourceName() string
type ServiceAccountKeyId ¶
func (*ServiceAccountKeyId) ResourceName ¶
func (id *ServiceAccountKeyId) ResourceName() string
Source Files
Click to show internal directories.
Click to hide internal directories.