diff options
Diffstat (limited to 'vendor/google.golang.org/api/internal')
-rw-r--r-- | vendor/google.golang.org/api/internal/creds.go | 104 | ||||
-rw-r--r-- | vendor/google.golang.org/api/internal/service-account.json | 12 | ||||
-rw-r--r-- | vendor/google.golang.org/api/internal/settings.go | 18 |
3 files changed, 125 insertions, 9 deletions
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go new file mode 100644 index 0000000..b546b63 --- /dev/null +++ b/vendor/google.golang.org/api/internal/creds.go @@ -0,0 +1,104 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "time" + + "golang.org/x/net/context" + "golang.org/x/oauth2" + "golang.org/x/oauth2/google" +) + +// Creds returns credential information obtained from DialSettings, or if none, then +// it returns default credential information. +func Creds(ctx context.Context, ds *DialSettings) (*google.DefaultCredentials, error) { + if ds.CredentialsFile != "" { + return credFileTokenSource(ctx, ds.CredentialsFile, ds.Scopes...) + } + if ds.TokenSource != nil { + return &google.DefaultCredentials{TokenSource: ds.TokenSource}, nil + } + return google.FindDefaultCredentials(ctx, ds.Scopes...) +} + +// credFileTokenSource reads a refresh token file or a service account and returns +// a TokenSource constructed from the config. +func credFileTokenSource(ctx context.Context, filename string, scope ...string) (*google.DefaultCredentials, error) { + data, err := ioutil.ReadFile(filename) + if err != nil { + return nil, fmt.Errorf("cannot read credentials file: %v", err) + } + // See if it is a refresh token credentials file first. + ts, ok, err := refreshTokenTokenSource(ctx, data, scope...) + if err != nil { + return nil, err + } + if ok { + return &google.DefaultCredentials{ + TokenSource: ts, + JSON: data, + }, nil + } + + // If not, it should be a service account. + cfg, err := google.JWTConfigFromJSON(data, scope...) + if err != nil { + return nil, fmt.Errorf("google.JWTConfigFromJSON: %v", err) + } + // jwt.Config does not expose the project ID, so re-unmarshal to get it. + var pid struct { + ProjectID string `json:"project_id"` + } + if err := json.Unmarshal(data, &pid); err != nil { + return nil, err + } + return &google.DefaultCredentials{ + ProjectID: pid.ProjectID, + TokenSource: cfg.TokenSource(ctx), + JSON: data, + }, nil +} + +func refreshTokenTokenSource(ctx context.Context, data []byte, scope ...string) (oauth2.TokenSource, bool, error) { + var c cred + if err := json.Unmarshal(data, &c); err != nil { + return nil, false, fmt.Errorf("cannot unmarshal credentials file: %v", err) + } + if c.ClientID == "" || c.ClientSecret == "" || c.RefreshToken == "" || c.Type != "authorized_user" { + return nil, false, nil + } + cfg := &oauth2.Config{ + ClientID: c.ClientID, + ClientSecret: c.ClientSecret, + Endpoint: google.Endpoint, + RedirectURL: "urn:ietf:wg:oauth:2.0:oob", + Scopes: scope, + } + return cfg.TokenSource(ctx, &oauth2.Token{ + RefreshToken: c.RefreshToken, + Expiry: time.Now(), + }), true, nil +} + +type cred struct { + ClientID string `json:"client_id"` + ClientSecret string `json:"client_secret"` + RefreshToken string `json:"refresh_token"` + Type string `json:"type"` +} diff --git a/vendor/google.golang.org/api/internal/service-account.json b/vendor/google.golang.org/api/internal/service-account.json new file mode 100644 index 0000000..2cb54c2 --- /dev/null +++ b/vendor/google.golang.org/api/internal/service-account.json @@ -0,0 +1,12 @@ +{ + "type": "service_account", + "project_id": "project_id", + "private_key_id": "private_key_id", + "private_key": "private_key", + "client_email": "xyz@developer.gserviceaccount.com", + "client_id": "123", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://accounts.google.com/o/oauth2/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xyz%40developer.gserviceaccount.com" +} diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go index d7b9f57..5147191 100644 --- a/vendor/google.golang.org/api/internal/settings.go +++ b/vendor/google.golang.org/api/internal/settings.go @@ -25,13 +25,13 @@ import ( // DialSettings holds information needed to establish a connection with a // Google API service. type DialSettings struct { - Endpoint string - Scopes []string - ServiceAccountJSONFilename string // if set, TokenSource is ignored. - TokenSource oauth2.TokenSource - UserAgent string - APIKey string - HTTPClient *http.Client - GRPCDialOpts []grpc.DialOption - GRPCConn *grpc.ClientConn + Endpoint string + Scopes []string + TokenSource oauth2.TokenSource + CredentialsFile string // if set, Token Source is ignored. + UserAgent string + APIKey string + HTTPClient *http.Client + GRPCDialOpts []grpc.DialOption + GRPCConn *grpc.ClientConn } |