Documentation ¶
Index ¶
- Constants
- type GoogleClientConfig
- type GoogleClientJSON
- type GoogleCredential
- func (gc GoogleCredential) DeleteCredential(credentialName string) error
- func (gc GoogleCredential) GetCredential(credentialName string) (GoogleToken, error)
- func (gc GoogleCredential) JSON() ([]byte, error)
- func (gc GoogleCredential) Login(c utils.Configuration, credentialName string, port int) error
- func (gc GoogleCredential) SaveCredential(credentialName string, credential GoogleToken) error
- func (gc GoogleCredential) ValidateContext() error
- type GoogleToken
Constants ¶
const CredentialVar = "GOOGLE_APPLICATION_CREDENTIALS"
CredentialVar is a reference to the google application credential env configuration path which can be used to short-circuit the credential provider storage and read directly from the provided credential.json
const KeyNamespace = "scuttle"
KeyNamespace is the application domain in which we will store credentials in the OS keyring
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GoogleClientConfig ¶
type GoogleClientConfig struct { AuthProviderX509CertURL string `json:"auth_provider_x509_cert_url"` AuthURI string `json:"auth_uri"` ClientID string `json:"client_id"` ClientSecret string `json:"client_secret"` ProjectID string `json:"project_id"` RedirectUris []string `json:"redirect_uris"` TokenURI string `json:"token_uri"` }
GoogleClientConfig is a struct wrapping the credential detail needed to provide sctl to identify itself to the google API.
type GoogleClientJSON ¶
type GoogleClientJSON struct {
ClientConfig GoogleClientConfig `json:"installed"`
}
GoogleClientJSON is the wrapping object in a downloaded client configuration.
type GoogleCredential ¶
type GoogleCredential struct {
Name string
}
GoogleCredential represents the workflow needed to attain a google client credential from the google API. The resulting credential will be a RefreshToken scoped to the google cloud platform KMS api.
func (GoogleCredential) DeleteCredential ¶
func (gc GoogleCredential) DeleteCredential(credentialName string) error
DeleteCredential removes a stored credential from the system keystore, and will remove the assigned defualt credential from configuration.
func (GoogleCredential) GetCredential ¶
func (gc GoogleCredential) GetCredential(credentialName string) (GoogleToken, error)
GetCredential returns a decoded GoogleToken from the system keystore. The resulting object is serializeable and should be used in conjunction with API Options configFromJSON()
func (GoogleCredential) JSON ¶
func (gc GoogleCredential) JSON() ([]byte, error)
JSON will attempt to return a byte array representation of a given google credential. This method passively checks for the environment variable GOOGLE_APPLICATION_CREDENTIALS and will short circuit based on this ENV VAR. Otherwise it tries to retrieve the default application credentials from the OS Keystore. If all else fails, it halts execution with helpful messaging on how to possibly correct the issue
func (GoogleCredential) Login ¶
func (gc GoogleCredential) Login(c utils.Configuration, credentialName string, port int) error
Login initiates a CLI workflow to authenticate the user with offline credentials limited to the KMS scope
func (GoogleCredential) SaveCredential ¶
func (gc GoogleCredential) SaveCredential(credentialName string, credential GoogleToken) error
SaveCredential marshals the received GoogleToken and stores the resulting json blob in the system keystore for secure storage at rest.
func (GoogleCredential) ValidateContext ¶
func (gc GoogleCredential) ValidateContext() error
ValidateContext scans the environment for a declaration of authentication via ENV In the case of the GCP provider, we scan for GOOGLE_APPLICAITON_CREDENTIALS and return an error if the environment variable is declared.
type GoogleToken ¶
type GoogleToken struct { ClientID string `json:"client_id"` ClientSecret string `json:"client_secret"` RefreshToken string `json:"refresh_token"` TheType string `json:"type"` }
GoogleToken is the data structure to be used when serializing to token storage. This json object contains all the details needed to configure the client.