diff options
Diffstat (limited to 'vendor/google.golang.org/api/internal')
| -rw-r--r-- | vendor/google.golang.org/api/internal/creds.go | 78 | ||||
| -rw-r--r-- | vendor/google.golang.org/api/internal/settings.go | 25 |
2 files changed, 33 insertions, 70 deletions
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go index b546b63..c16b7b6 100644 --- a/vendor/google.golang.org/api/internal/creds.go +++ b/vendor/google.golang.org/api/internal/creds.go @@ -15,90 +15,28 @@ package internal import ( - "encoding/json" "fmt" "io/ioutil" - "time" "golang.org/x/net/context" - "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) // Creds returns credential information obtained from DialSettings, or if none, then // it returns default credential information. func Creds(ctx context.Context, ds *DialSettings) (*google.DefaultCredentials, error) { + if ds.Credentials != nil { + return ds.Credentials, nil + } if ds.CredentialsFile != "" { - return credFileTokenSource(ctx, ds.CredentialsFile, ds.Scopes...) + data, err := ioutil.ReadFile(ds.CredentialsFile) + if err != nil { + return nil, fmt.Errorf("cannot read credentials file: %v", err) + } + return google.CredentialsFromJSON(ctx, data, ds.Scopes...) } if ds.TokenSource != nil { return &google.DefaultCredentials{TokenSource: ds.TokenSource}, nil } return google.FindDefaultCredentials(ctx, ds.Scopes...) } - -// credFileTokenSource reads a refresh token file or a service account and returns -// a TokenSource constructed from the config. -func credFileTokenSource(ctx context.Context, filename string, scope ...string) (*google.DefaultCredentials, error) { - data, err := ioutil.ReadFile(filename) - if err != nil { - return nil, fmt.Errorf("cannot read credentials file: %v", err) - } - // See if it is a refresh token credentials file first. - ts, ok, err := refreshTokenTokenSource(ctx, data, scope...) - if err != nil { - return nil, err - } - if ok { - return &google.DefaultCredentials{ - TokenSource: ts, - JSON: data, - }, nil - } - - // If not, it should be a service account. - cfg, err := google.JWTConfigFromJSON(data, scope...) - if err != nil { - return nil, fmt.Errorf("google.JWTConfigFromJSON: %v", err) - } - // jwt.Config does not expose the project ID, so re-unmarshal to get it. - var pid struct { - ProjectID string `json:"project_id"` - } - if err := json.Unmarshal(data, &pid); err != nil { - return nil, err - } - return &google.DefaultCredentials{ - ProjectID: pid.ProjectID, - TokenSource: cfg.TokenSource(ctx), - JSON: data, - }, nil -} - -func refreshTokenTokenSource(ctx context.Context, data []byte, scope ...string) (oauth2.TokenSource, bool, error) { - var c cred - if err := json.Unmarshal(data, &c); err != nil { - return nil, false, fmt.Errorf("cannot unmarshal credentials file: %v", err) - } - if c.ClientID == "" || c.ClientSecret == "" || c.RefreshToken == "" || c.Type != "authorized_user" { - return nil, false, nil - } - cfg := &oauth2.Config{ - ClientID: c.ClientID, - ClientSecret: c.ClientSecret, - Endpoint: google.Endpoint, - RedirectURL: "urn:ietf:wg:oauth:2.0:oob", - Scopes: scope, - } - return cfg.TokenSource(ctx, &oauth2.Token{ - RefreshToken: c.RefreshToken, - Expiry: time.Now(), - }), true, nil -} - -type cred struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - RefreshToken string `json:"refresh_token"` - Type string `json:"type"` -} diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go index 5147191..34dfa5a 100644 --- a/vendor/google.golang.org/api/internal/settings.go +++ b/vendor/google.golang.org/api/internal/settings.go @@ -16,9 +16,11 @@ package internal import ( + "errors" "net/http" "golang.org/x/oauth2" + "golang.org/x/oauth2/google" "google.golang.org/grpc" ) @@ -28,10 +30,33 @@ type DialSettings struct { Endpoint string Scopes []string TokenSource oauth2.TokenSource + Credentials *google.DefaultCredentials CredentialsFile string // if set, Token Source is ignored. UserAgent string APIKey string HTTPClient *http.Client GRPCDialOpts []grpc.DialOption GRPCConn *grpc.ClientConn + NoAuth bool +} + +// Validate reports an error if ds is invalid. +func (ds *DialSettings) Validate() error { + hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil + if ds.NoAuth && hasCreds { + return errors.New("options.WithoutAuthentication is incompatible with any option that provides credentials") + } + // Credentials should not appear with other options. + // We currently allow TokenSource and CredentialsFile to coexist. + // TODO(jba): make TokenSource & CredentialsFile an error (breaking change). + if ds.Credentials != nil && (ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "") { + return errors.New("multiple credential options provided") + } + if ds.HTTPClient != nil && ds.GRPCConn != nil { + return errors.New("WithHTTPClient is incompatible with WithGRPCConn") + } + if ds.HTTPClient != nil && ds.GRPCDialOpts != nil { + return errors.New("WithHTTPClient is incompatible with gRPC dial options") + } + return nil } |