diff options
Diffstat (limited to 'vendor/google.golang.org/api/internal/creds.go')
-rw-r--r-- | vendor/google.golang.org/api/internal/creds.go | 78 |
1 files changed, 8 insertions, 70 deletions
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go index b546b63..c16b7b6 100644 --- a/vendor/google.golang.org/api/internal/creds.go +++ b/vendor/google.golang.org/api/internal/creds.go @@ -15,90 +15,28 @@ package internal import ( - "encoding/json" "fmt" "io/ioutil" - "time" "golang.org/x/net/context" - "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) // Creds returns credential information obtained from DialSettings, or if none, then // it returns default credential information. func Creds(ctx context.Context, ds *DialSettings) (*google.DefaultCredentials, error) { + if ds.Credentials != nil { + return ds.Credentials, nil + } if ds.CredentialsFile != "" { - return credFileTokenSource(ctx, ds.CredentialsFile, ds.Scopes...) + data, err := ioutil.ReadFile(ds.CredentialsFile) + if err != nil { + return nil, fmt.Errorf("cannot read credentials file: %v", err) + } + return google.CredentialsFromJSON(ctx, data, ds.Scopes...) } if ds.TokenSource != nil { return &google.DefaultCredentials{TokenSource: ds.TokenSource}, nil } return google.FindDefaultCredentials(ctx, ds.Scopes...) } - -// credFileTokenSource reads a refresh token file or a service account and returns -// a TokenSource constructed from the config. -func credFileTokenSource(ctx context.Context, filename string, scope ...string) (*google.DefaultCredentials, error) { - data, err := ioutil.ReadFile(filename) - if err != nil { - return nil, fmt.Errorf("cannot read credentials file: %v", err) - } - // See if it is a refresh token credentials file first. - ts, ok, err := refreshTokenTokenSource(ctx, data, scope...) - if err != nil { - return nil, err - } - if ok { - return &google.DefaultCredentials{ - TokenSource: ts, - JSON: data, - }, nil - } - - // If not, it should be a service account. - cfg, err := google.JWTConfigFromJSON(data, scope...) - if err != nil { - return nil, fmt.Errorf("google.JWTConfigFromJSON: %v", err) - } - // jwt.Config does not expose the project ID, so re-unmarshal to get it. - var pid struct { - ProjectID string `json:"project_id"` - } - if err := json.Unmarshal(data, &pid); err != nil { - return nil, err - } - return &google.DefaultCredentials{ - ProjectID: pid.ProjectID, - TokenSource: cfg.TokenSource(ctx), - JSON: data, - }, nil -} - -func refreshTokenTokenSource(ctx context.Context, data []byte, scope ...string) (oauth2.TokenSource, bool, error) { - var c cred - if err := json.Unmarshal(data, &c); err != nil { - return nil, false, fmt.Errorf("cannot unmarshal credentials file: %v", err) - } - if c.ClientID == "" || c.ClientSecret == "" || c.RefreshToken == "" || c.Type != "authorized_user" { - return nil, false, nil - } - cfg := &oauth2.Config{ - ClientID: c.ClientID, - ClientSecret: c.ClientSecret, - Endpoint: google.Endpoint, - RedirectURL: "urn:ietf:wg:oauth:2.0:oob", - Scopes: scope, - } - return cfg.TokenSource(ctx, &oauth2.Token{ - RefreshToken: c.RefreshToken, - Expiry: time.Now(), - }), true, nil -} - -type cred struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - RefreshToken string `json:"refresh_token"` - Type string `json:"type"` -} |