Documentation ¶
Overview ¶
Package auth provides interface for retrieving and caching iam tokens.
Index ¶
- Constants
- Variables
- func NewClient(opts ...ClientOption) (_ credentials.Credentials, err error)
- type ClientOption
- func WithAudience(audience string) ClientOption
- func WithCertPool(certPool *x509.CertPool) ClientOption
- func WithCertPoolFile(caFile string) ClientOption
- func WithDefaultEndpoint() ClientOption
- func WithEndpoint(endpoint string) ClientOption
- func WithFallbackCredentials(fallback credentials.Credentials) ClientOption
- func WithInsecureSkipVerify(insecure bool) ClientOption
- func WithIssuer(issuer string) ClientOption
- func WithKeyID(keyID string) ClientOption
- func WithPrivateKey(key *rsa.PrivateKey) ClientOption
- func WithPrivateKeyFile(path string) ClientOption
- func WithServiceFile(path string) ClientOption
- func WithServiceKey(key string) ClientOption
- func WithSourceInfo(sourceInfo string) ClientOption
- func WithSystemCertPool() ClientOption
- func WithTokenTTL(tokenTTL time.Duration) ClientOption
Constants ¶
const ( DefaultAudience = "https://iam.api.cloud.yandex.net/iam/v1/tokens" DefaultEndpoint = "iam.api.cloud.yandex.net:443" DefaultTokenTTL = time.Hour )
Default client parameters.
Variables ¶
var ( ErrServiceFileInvalid = errors.New("service account file is not valid") ErrKeyCannotBeParsed = errors.New("private key can not be parsed") )
Functions ¶
func NewClient ¶
func NewClient(opts ...ClientOption) (_ credentials.Credentials, err error)
NewClient creates IAM (jwt) authorized client from provided ClientOptions list.
To create successfully at least one of endpoint options must be provided.
Types ¶
type ClientOption ¶
type ClientOption func(*client) error
func WithAudience ¶
func WithAudience(audience string) ClientOption
WithAudience set provided audience.
func WithCertPool ¶
func WithCertPool(certPool *x509.CertPool) ClientOption
WithCertPool set provided certPool.
func WithCertPoolFile ¶
func WithCertPoolFile(caFile string) ClientOption
WithCertPoolFile try set root certPool from provided cert file path.
func WithDefaultEndpoint ¶
func WithDefaultEndpoint() ClientOption
WithDefaultEndpoint set endpoint with default value.
func WithEndpoint ¶
func WithEndpoint(endpoint string) ClientOption
WithEndpoint set provided endpoint.
func WithFallbackCredentials ¶ added in v0.7.0
func WithFallbackCredentials(fallback credentials.Credentials) ClientOption
WithFallbackCredentials makes fallback credentials if primary credentials are failed
func WithInsecureSkipVerify ¶
func WithInsecureSkipVerify(insecure bool) ClientOption
WithInsecureSkipVerify set insecureSkipVerify to true which force client accepts any TLS certificate presented by the iam server and any host name in that certificate.
If insecureSkipVerify is set, then certPool field is not used.
This should be used only for testing purposes.
func WithPrivateKey ¶
func WithPrivateKey(key *rsa.PrivateKey) ClientOption
WithPrivateKey set provided private key.
func WithPrivateKeyFile ¶
func WithPrivateKeyFile(path string) ClientOption
WithPrivateKeyFile try set key from provided private key file path
func WithServiceFile ¶
func WithServiceFile(path string) ClientOption
WithServiceFile try set key, keyID, issuer from provided service account file path.
Do not mix this option with WithKeyID, WithIssuer and key options (WithPrivateKey, WithPrivateKeyFile, etc).
func WithServiceKey ¶ added in v0.10.0
func WithServiceKey(key string) ClientOption
WithServiceKey try set key, keyID, issuer from provided service account data key.
Do not mix this option with WithKeyID, WithIssuer and key options (WithPrivateKey, WithPrivateKeyFile, etc).
func WithSourceInfo ¶
func WithSourceInfo(sourceInfo string) ClientOption
WithSourceInfo set sourceInfo
func WithSystemCertPool ¶
func WithSystemCertPool() ClientOption
WithSystemCertPool try set certPool with system root certificates.
func WithTokenTTL ¶
func WithTokenTTL(tokenTTL time.Duration) ClientOption
WithTokenTTL set provided tokenTTL duration.