README
¶
signer
This package is EXPERIMENTAL.
Underlying signing method
| credential/impersonate | yes | no |
|---|---|---|
| service_account | Credentials API | Sign by JSON key |
| authorized_user | Credentials API | Not Supported |
| external_account | Credentials API | Credentials API as itself |
| compute_metadata | Credentials API | Credentials API as itself |
App Engine 1st gen(only if WithExperimentalAppEngineSigner(true)) |
Credentials API | appengine.SignBytes() |
- "Credentials API" is Service Account Credentials API (
projects.serviceAccounts.signBlob,projects.serviceAccounts.signJwt)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Option ¶
type Option func(*smartSignerConfig) error
func WithDelegates ¶
func WithTargetPrincipal ¶
type Signer ¶
type Signer interface {
ServiceAccount(context.Context) string
SignBlob(context.Context, []byte) (string, []byte, error)
SignJwt(context.Context, string) (string, error)
}
func AppEngineSigner ¶
func IamCredentialsSigner ¶
func IamCredentialsSigner(targetPrincipal string, delegates []string, ts oauth2.TokenSource) (Signer, error)
IamCredentialsSigner makes new Signer. targetPrincipal and delegates is passed to iamcredentials.SignBlob. if ts is nil, ADC will be used.
func ServiceAccountSigner ¶
ServiceAccountSigner returns Signer which can sign without any network access.
func SmartSigner ¶
SmartSigner create signer for ADC with optional impersonation. Impersonation setting is supplied from below in descending order of priority.
- options e.g. signer.WithTargetPrincipal, signer.WithDelegates
- `CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT` environment variable
If impersonation is not applied, all credentials except App Engine 1st gen(only Go 1.11) and Service Account Key need a Token Creator role to themselves.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.