Fix dependencies
This commit is contained in:
		
							
								
								
									
										38
									
								
								vendor/golang.org/x/oauth2/google/appengine.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								vendor/golang.org/x/oauth2/google/appengine.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,38 @@ | ||||
| // Copyright 2014 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"time" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| ) | ||||
|  | ||||
| // Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible. | ||||
| var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error) | ||||
|  | ||||
| // Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible. | ||||
| var appengineAppIDFunc func(c context.Context) string | ||||
|  | ||||
| // AppEngineTokenSource returns a token source that fetches tokens from either | ||||
| // the current application's service account or from the metadata server, | ||||
| // depending on the App Engine environment. See below for environment-specific | ||||
| // details. If you are implementing a 3-legged OAuth 2.0 flow on App Engine that | ||||
| // involves user accounts, see oauth2.Config instead. | ||||
| // | ||||
| // First generation App Engine runtimes (<= Go 1.9): | ||||
| // AppEngineTokenSource returns a token source that fetches tokens issued to the | ||||
| // current App Engine application's service account. The provided context must have | ||||
| // come from appengine.NewContext. | ||||
| // | ||||
| // Second generation App Engine runtimes (>= Go 1.11) and App Engine flexible: | ||||
| // AppEngineTokenSource is DEPRECATED on second generation runtimes and on the | ||||
| // flexible environment. It delegates to ComputeTokenSource, and the provided | ||||
| // context and scopes are not used. Please use DefaultTokenSource (or ComputeTokenSource, | ||||
| // which DefaultTokenSource will use in this case) instead. | ||||
| func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource { | ||||
| 	return appEngineTokenSource(ctx, scope...) | ||||
| } | ||||
							
								
								
									
										77
									
								
								vendor/golang.org/x/oauth2/google/appengine_gen1.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								vendor/golang.org/x/oauth2/google/appengine_gen1.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,77 @@ | ||||
| // Copyright 2018 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| // +build appengine | ||||
|  | ||||
| // This file applies to App Engine first generation runtimes (<= Go 1.9). | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"sort" | ||||
| 	"strings" | ||||
| 	"sync" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| 	"google.golang.org/appengine" | ||||
| ) | ||||
|  | ||||
| func init() { | ||||
| 	appengineTokenFunc = appengine.AccessToken | ||||
| 	appengineAppIDFunc = appengine.AppID | ||||
| } | ||||
|  | ||||
| // See comment on AppEngineTokenSource in appengine.go. | ||||
| func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource { | ||||
| 	scopes := append([]string{}, scope...) | ||||
| 	sort.Strings(scopes) | ||||
| 	return &gaeTokenSource{ | ||||
| 		ctx:    ctx, | ||||
| 		scopes: scopes, | ||||
| 		key:    strings.Join(scopes, " "), | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // aeTokens helps the fetched tokens to be reused until their expiration. | ||||
| var ( | ||||
| 	aeTokensMu sync.Mutex | ||||
| 	aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes | ||||
| ) | ||||
|  | ||||
| type tokenLock struct { | ||||
| 	mu sync.Mutex // guards t; held while fetching or updating t | ||||
| 	t  *oauth2.Token | ||||
| } | ||||
|  | ||||
| type gaeTokenSource struct { | ||||
| 	ctx    context.Context | ||||
| 	scopes []string | ||||
| 	key    string // to aeTokens map; space-separated scopes | ||||
| } | ||||
|  | ||||
| func (ts *gaeTokenSource) Token() (*oauth2.Token, error) { | ||||
| 	aeTokensMu.Lock() | ||||
| 	tok, ok := aeTokens[ts.key] | ||||
| 	if !ok { | ||||
| 		tok = &tokenLock{} | ||||
| 		aeTokens[ts.key] = tok | ||||
| 	} | ||||
| 	aeTokensMu.Unlock() | ||||
|  | ||||
| 	tok.mu.Lock() | ||||
| 	defer tok.mu.Unlock() | ||||
| 	if tok.t.Valid() { | ||||
| 		return tok.t, nil | ||||
| 	} | ||||
| 	access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	tok.t = &oauth2.Token{ | ||||
| 		AccessToken: access, | ||||
| 		Expiry:      exp, | ||||
| 	} | ||||
| 	return tok.t, nil | ||||
| } | ||||
							
								
								
									
										27
									
								
								vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,27 @@ | ||||
| // Copyright 2018 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| // +build !appengine | ||||
|  | ||||
| // This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"log" | ||||
| 	"sync" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| ) | ||||
|  | ||||
| var logOnce sync.Once // only spam about deprecation once | ||||
|  | ||||
| // See comment on AppEngineTokenSource in appengine.go. | ||||
| func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource { | ||||
| 	logOnce.Do(func() { | ||||
| 		log.Print("google: AppEngineTokenSource is deprecated on App Engine standard second generation runtimes (>= Go 1.11) and App Engine flexible. Please use DefaultTokenSource or ComputeTokenSource.") | ||||
| 	}) | ||||
| 	return ComputeTokenSource("") | ||||
| } | ||||
							
								
								
									
										154
									
								
								vendor/golang.org/x/oauth2/google/default.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										154
									
								
								vendor/golang.org/x/oauth2/google/default.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,154 @@ | ||||
| // Copyright 2015 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"encoding/json" | ||||
| 	"fmt" | ||||
| 	"io/ioutil" | ||||
| 	"net/http" | ||||
| 	"os" | ||||
| 	"path/filepath" | ||||
| 	"runtime" | ||||
|  | ||||
| 	"cloud.google.com/go/compute/metadata" | ||||
| 	"golang.org/x/oauth2" | ||||
| ) | ||||
|  | ||||
| // Credentials holds Google credentials, including "Application Default Credentials". | ||||
| // For more details, see: | ||||
| // https://developers.google.com/accounts/docs/application-default-credentials | ||||
| type Credentials struct { | ||||
| 	ProjectID   string // may be empty | ||||
| 	TokenSource oauth2.TokenSource | ||||
|  | ||||
| 	// JSON contains the raw bytes from a JSON credentials file. | ||||
| 	// This field may be nil if authentication is provided by the | ||||
| 	// environment and not with a credentials file, e.g. when code is | ||||
| 	// running on Google Cloud Platform. | ||||
| 	JSON []byte | ||||
| } | ||||
|  | ||||
| // DefaultCredentials is the old name of Credentials. | ||||
| // | ||||
| // Deprecated: use Credentials instead. | ||||
| type DefaultCredentials = Credentials | ||||
|  | ||||
| // DefaultClient returns an HTTP Client that uses the | ||||
| // DefaultTokenSource to obtain authentication credentials. | ||||
| func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) { | ||||
| 	ts, err := DefaultTokenSource(ctx, scope...) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return oauth2.NewClient(ctx, ts), nil | ||||
| } | ||||
|  | ||||
| // DefaultTokenSource returns the token source for | ||||
| // "Application Default Credentials". | ||||
| // It is a shortcut for FindDefaultCredentials(ctx, scope).TokenSource. | ||||
| func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSource, error) { | ||||
| 	creds, err := FindDefaultCredentials(ctx, scope...) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return creds.TokenSource, nil | ||||
| } | ||||
|  | ||||
| // FindDefaultCredentials searches for "Application Default Credentials". | ||||
| // | ||||
| // It looks for credentials in the following places, | ||||
| // preferring the first location found: | ||||
| // | ||||
| //   1. A JSON file whose path is specified by the | ||||
| //      GOOGLE_APPLICATION_CREDENTIALS environment variable. | ||||
| //   2. A JSON file in a location known to the gcloud command-line tool. | ||||
| //      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. | ||||
| //      On other systems, $HOME/.config/gcloud/application_default_credentials.json. | ||||
| //   3. On Google App Engine standard first generation runtimes (<= Go 1.9) it uses | ||||
| //      the appengine.AccessToken function. | ||||
| //   4. On Google Compute Engine, Google App Engine standard second generation runtimes | ||||
| //      (>= Go 1.11), and Google App Engine flexible environment, it fetches | ||||
| //      credentials from the metadata server. | ||||
| func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) { | ||||
| 	// First, try the environment variable. | ||||
| 	const envVar = "GOOGLE_APPLICATION_CREDENTIALS" | ||||
| 	if filename := os.Getenv(envVar); filename != "" { | ||||
| 		creds, err := readCredentialsFile(ctx, filename, scopes) | ||||
| 		if err != nil { | ||||
| 			return nil, fmt.Errorf("google: error getting credentials using %v environment variable: %v", envVar, err) | ||||
| 		} | ||||
| 		return creds, nil | ||||
| 	} | ||||
|  | ||||
| 	// Second, try a well-known file. | ||||
| 	filename := wellKnownFile() | ||||
| 	if creds, err := readCredentialsFile(ctx, filename, scopes); err == nil { | ||||
| 		return creds, nil | ||||
| 	} else if !os.IsNotExist(err) { | ||||
| 		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err) | ||||
| 	} | ||||
|  | ||||
| 	// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9) | ||||
| 	// use those credentials. App Engine standard second generation runtimes (>= Go 1.11) | ||||
| 	// and App Engine flexible use ComputeTokenSource and the metadata server. | ||||
| 	if appengineTokenFunc != nil { | ||||
| 		return &DefaultCredentials{ | ||||
| 			ProjectID:   appengineAppIDFunc(ctx), | ||||
| 			TokenSource: AppEngineTokenSource(ctx, scopes...), | ||||
| 		}, nil | ||||
| 	} | ||||
|  | ||||
| 	// Fourth, if we're on Google Compute Engine, an App Engine standard second generation runtime, | ||||
| 	// or App Engine flexible, use the metadata server. | ||||
| 	if metadata.OnGCE() { | ||||
| 		id, _ := metadata.ProjectID() | ||||
| 		return &DefaultCredentials{ | ||||
| 			ProjectID:   id, | ||||
| 			TokenSource: ComputeTokenSource("", scopes...), | ||||
| 		}, nil | ||||
| 	} | ||||
|  | ||||
| 	// None are found; return helpful error. | ||||
| 	const url = "https://developers.google.com/accounts/docs/application-default-credentials" | ||||
| 	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url) | ||||
| } | ||||
|  | ||||
| // CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can | ||||
| // represent either a Google Developers Console client_credentials.json file (as in | ||||
| // ConfigFromJSON) or a Google Developers service account key file (as in | ||||
| // JWTConfigFromJSON). | ||||
| func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) { | ||||
| 	var f credentialsFile | ||||
| 	if err := json.Unmarshal(jsonData, &f); err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	ts, err := f.tokenSource(ctx, append([]string(nil), scopes...)) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return &DefaultCredentials{ | ||||
| 		ProjectID:   f.ProjectID, | ||||
| 		TokenSource: ts, | ||||
| 		JSON:        jsonData, | ||||
| 	}, nil | ||||
| } | ||||
|  | ||||
| func wellKnownFile() string { | ||||
| 	const f = "application_default_credentials.json" | ||||
| 	if runtime.GOOS == "windows" { | ||||
| 		return filepath.Join(os.Getenv("APPDATA"), "gcloud", f) | ||||
| 	} | ||||
| 	return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", f) | ||||
| } | ||||
|  | ||||
| func readCredentialsFile(ctx context.Context, filename string, scopes []string) (*DefaultCredentials, error) { | ||||
| 	b, err := ioutil.ReadFile(filename) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return CredentialsFromJSON(ctx, b, scopes...) | ||||
| } | ||||
							
								
								
									
										40
									
								
								vendor/golang.org/x/oauth2/google/doc.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								vendor/golang.org/x/oauth2/google/doc.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,40 @@ | ||||
| // Copyright 2018 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| // Package google provides support for making OAuth2 authorized and authenticated | ||||
| // HTTP requests to Google APIs. It supports the Web server flow, client-side | ||||
| // credentials, service accounts, Google Compute Engine service accounts, and Google | ||||
| // App Engine service accounts. | ||||
| // | ||||
| // A brief overview of the package follows. For more information, please read | ||||
| // https://developers.google.com/accounts/docs/OAuth2 | ||||
| // and | ||||
| // https://developers.google.com/accounts/docs/application-default-credentials. | ||||
| // | ||||
| // OAuth2 Configs | ||||
| // | ||||
| // Two functions in this package return golang.org/x/oauth2.Config values from Google credential | ||||
| // data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON, | ||||
| // the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or | ||||
| // create an http.Client. | ||||
| // | ||||
| // | ||||
| // Credentials | ||||
| // | ||||
| // The Credentials type represents Google credentials, including Application Default | ||||
| // Credentials. | ||||
| // | ||||
| // Use FindDefaultCredentials to obtain Application Default Credentials. | ||||
| // FindDefaultCredentials looks in some well-known places for a credentials file, and | ||||
| // will call AppEngineTokenSource or ComputeTokenSource as needed. | ||||
| // | ||||
| // DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials, | ||||
| // then use the credentials to construct an http.Client or an oauth2.TokenSource. | ||||
| // | ||||
| // Use CredentialsFromJSON to obtain credentials from either of the two JSON formats | ||||
| // described in OAuth2 Configs, above. The TokenSource in the returned value is the | ||||
| // same as the one obtained from the oauth2.Config returned from ConfigFromJSON or | ||||
| // JWTConfigFromJSON, but the Credentials may contain additional information | ||||
| // that is useful is some circumstances. | ||||
| package google // import "golang.org/x/oauth2/google" | ||||
							
								
								
									
										209
									
								
								vendor/golang.org/x/oauth2/google/google.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										209
									
								
								vendor/golang.org/x/oauth2/google/google.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,209 @@ | ||||
| // Copyright 2014 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"encoding/json" | ||||
| 	"errors" | ||||
| 	"fmt" | ||||
| 	"net/url" | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| 	"cloud.google.com/go/compute/metadata" | ||||
| 	"golang.org/x/oauth2" | ||||
| 	"golang.org/x/oauth2/jwt" | ||||
| ) | ||||
|  | ||||
| // Endpoint is Google's OAuth 2.0 endpoint. | ||||
| var Endpoint = oauth2.Endpoint{ | ||||
| 	AuthURL:   "https://accounts.google.com/o/oauth2/auth", | ||||
| 	TokenURL:  "https://oauth2.googleapis.com/token", | ||||
| 	AuthStyle: oauth2.AuthStyleInParams, | ||||
| } | ||||
|  | ||||
| // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow. | ||||
| const JWTTokenURL = "https://oauth2.googleapis.com/token" | ||||
|  | ||||
| // ConfigFromJSON uses a Google Developers Console client_credentials.json | ||||
| // file to construct a config. | ||||
| // client_credentials.json can be downloaded from | ||||
| // https://console.developers.google.com, under "Credentials". Download the Web | ||||
| // application credentials in the JSON format and provide the contents of the | ||||
| // file as jsonKey. | ||||
| func ConfigFromJSON(jsonKey []byte, scope ...string) (*oauth2.Config, error) { | ||||
| 	type cred struct { | ||||
| 		ClientID     string   `json:"client_id"` | ||||
| 		ClientSecret string   `json:"client_secret"` | ||||
| 		RedirectURIs []string `json:"redirect_uris"` | ||||
| 		AuthURI      string   `json:"auth_uri"` | ||||
| 		TokenURI     string   `json:"token_uri"` | ||||
| 	} | ||||
| 	var j struct { | ||||
| 		Web       *cred `json:"web"` | ||||
| 		Installed *cred `json:"installed"` | ||||
| 	} | ||||
| 	if err := json.Unmarshal(jsonKey, &j); err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	var c *cred | ||||
| 	switch { | ||||
| 	case j.Web != nil: | ||||
| 		c = j.Web | ||||
| 	case j.Installed != nil: | ||||
| 		c = j.Installed | ||||
| 	default: | ||||
| 		return nil, fmt.Errorf("oauth2/google: no credentials found") | ||||
| 	} | ||||
| 	if len(c.RedirectURIs) < 1 { | ||||
| 		return nil, errors.New("oauth2/google: missing redirect URL in the client_credentials.json") | ||||
| 	} | ||||
| 	return &oauth2.Config{ | ||||
| 		ClientID:     c.ClientID, | ||||
| 		ClientSecret: c.ClientSecret, | ||||
| 		RedirectURL:  c.RedirectURIs[0], | ||||
| 		Scopes:       scope, | ||||
| 		Endpoint: oauth2.Endpoint{ | ||||
| 			AuthURL:  c.AuthURI, | ||||
| 			TokenURL: c.TokenURI, | ||||
| 		}, | ||||
| 	}, nil | ||||
| } | ||||
|  | ||||
| // JWTConfigFromJSON uses a Google Developers service account JSON key file to read | ||||
| // the credentials that authorize and authenticate the requests. | ||||
| // Create a service account on "Credentials" for your project at | ||||
| // https://console.developers.google.com to download a JSON key file. | ||||
| func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) { | ||||
| 	var f credentialsFile | ||||
| 	if err := json.Unmarshal(jsonKey, &f); err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	if f.Type != serviceAccountKey { | ||||
| 		return nil, fmt.Errorf("google: read JWT from JSON credentials: 'type' field is %q (expected %q)", f.Type, serviceAccountKey) | ||||
| 	} | ||||
| 	scope = append([]string(nil), scope...) // copy | ||||
| 	return f.jwtConfig(scope), nil | ||||
| } | ||||
|  | ||||
| // JSON key file types. | ||||
| const ( | ||||
| 	serviceAccountKey  = "service_account" | ||||
| 	userCredentialsKey = "authorized_user" | ||||
| ) | ||||
|  | ||||
| // credentialsFile is the unmarshalled representation of a credentials file. | ||||
| type credentialsFile struct { | ||||
| 	Type string `json:"type"` // serviceAccountKey or userCredentialsKey | ||||
|  | ||||
| 	// Service Account fields | ||||
| 	ClientEmail  string `json:"client_email"` | ||||
| 	PrivateKeyID string `json:"private_key_id"` | ||||
| 	PrivateKey   string `json:"private_key"` | ||||
| 	TokenURL     string `json:"token_uri"` | ||||
| 	ProjectID    string `json:"project_id"` | ||||
|  | ||||
| 	// User Credential fields | ||||
| 	// (These typically come from gcloud auth.) | ||||
| 	ClientSecret string `json:"client_secret"` | ||||
| 	ClientID     string `json:"client_id"` | ||||
| 	RefreshToken string `json:"refresh_token"` | ||||
| } | ||||
|  | ||||
| func (f *credentialsFile) jwtConfig(scopes []string) *jwt.Config { | ||||
| 	cfg := &jwt.Config{ | ||||
| 		Email:        f.ClientEmail, | ||||
| 		PrivateKey:   []byte(f.PrivateKey), | ||||
| 		PrivateKeyID: f.PrivateKeyID, | ||||
| 		Scopes:       scopes, | ||||
| 		TokenURL:     f.TokenURL, | ||||
| 	} | ||||
| 	if cfg.TokenURL == "" { | ||||
| 		cfg.TokenURL = JWTTokenURL | ||||
| 	} | ||||
| 	return cfg | ||||
| } | ||||
|  | ||||
| func (f *credentialsFile) tokenSource(ctx context.Context, scopes []string) (oauth2.TokenSource, error) { | ||||
| 	switch f.Type { | ||||
| 	case serviceAccountKey: | ||||
| 		cfg := f.jwtConfig(scopes) | ||||
| 		return cfg.TokenSource(ctx), nil | ||||
| 	case userCredentialsKey: | ||||
| 		cfg := &oauth2.Config{ | ||||
| 			ClientID:     f.ClientID, | ||||
| 			ClientSecret: f.ClientSecret, | ||||
| 			Scopes:       scopes, | ||||
| 			Endpoint:     Endpoint, | ||||
| 		} | ||||
| 		tok := &oauth2.Token{RefreshToken: f.RefreshToken} | ||||
| 		return cfg.TokenSource(ctx, tok), nil | ||||
| 	case "": | ||||
| 		return nil, errors.New("missing 'type' field in credentials") | ||||
| 	default: | ||||
| 		return nil, fmt.Errorf("unknown credential type: %q", f.Type) | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // ComputeTokenSource returns a token source that fetches access tokens | ||||
| // from Google Compute Engine (GCE)'s metadata server. It's only valid to use | ||||
| // this token source if your program is running on a GCE instance. | ||||
| // If no account is specified, "default" is used. | ||||
| // If no scopes are specified, a set of default scopes are automatically granted. | ||||
| // Further information about retrieving access tokens from the GCE metadata | ||||
| // server can be found at https://cloud.google.com/compute/docs/authentication. | ||||
| func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource { | ||||
| 	return oauth2.ReuseTokenSource(nil, computeSource{account: account, scopes: scope}) | ||||
| } | ||||
|  | ||||
| type computeSource struct { | ||||
| 	account string | ||||
| 	scopes  []string | ||||
| } | ||||
|  | ||||
| func (cs computeSource) Token() (*oauth2.Token, error) { | ||||
| 	if !metadata.OnGCE() { | ||||
| 		return nil, errors.New("oauth2/google: can't get a token from the metadata service; not running on GCE") | ||||
| 	} | ||||
| 	acct := cs.account | ||||
| 	if acct == "" { | ||||
| 		acct = "default" | ||||
| 	} | ||||
| 	tokenURI := "instance/service-accounts/" + acct + "/token" | ||||
| 	if len(cs.scopes) > 0 { | ||||
| 		v := url.Values{} | ||||
| 		v.Set("scopes", strings.Join(cs.scopes, ",")) | ||||
| 		tokenURI = tokenURI + "?" + v.Encode() | ||||
| 	} | ||||
| 	tokenJSON, err := metadata.Get(tokenURI) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	var res struct { | ||||
| 		AccessToken  string `json:"access_token"` | ||||
| 		ExpiresInSec int    `json:"expires_in"` | ||||
| 		TokenType    string `json:"token_type"` | ||||
| 	} | ||||
| 	err = json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %v", err) | ||||
| 	} | ||||
| 	if res.ExpiresInSec == 0 || res.AccessToken == "" { | ||||
| 		return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata") | ||||
| 	} | ||||
| 	tok := &oauth2.Token{ | ||||
| 		AccessToken: res.AccessToken, | ||||
| 		TokenType:   res.TokenType, | ||||
| 		Expiry:      time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second), | ||||
| 	} | ||||
| 	// NOTE(cbro): add hidden metadata about where the token is from. | ||||
| 	// This is needed for detection by client libraries to know that credentials come from the metadata server. | ||||
| 	// This may be removed in a future version of this library. | ||||
| 	return tok.WithExtra(map[string]interface{}{ | ||||
| 		"oauth2.google.tokenSource":    "compute-metadata", | ||||
| 		"oauth2.google.serviceAccount": acct, | ||||
| 	}), nil | ||||
| } | ||||
							
								
								
									
										74
									
								
								vendor/golang.org/x/oauth2/google/jwt.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										74
									
								
								vendor/golang.org/x/oauth2/google/jwt.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,74 @@ | ||||
| // Copyright 2015 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"crypto/rsa" | ||||
| 	"fmt" | ||||
| 	"time" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| 	"golang.org/x/oauth2/internal" | ||||
| 	"golang.org/x/oauth2/jws" | ||||
| ) | ||||
|  | ||||
| // JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON | ||||
| // key file to read the credentials that authorize and authenticate the | ||||
| // requests, and returns a TokenSource that does not use any OAuth2 flow but | ||||
| // instead creates a JWT and sends that as the access token. | ||||
| // The audience is typically a URL that specifies the scope of the credentials. | ||||
| // | ||||
| // Note that this is not a standard OAuth flow, but rather an | ||||
| // optimization supported by a few Google services. | ||||
| // Unless you know otherwise, you should use JWTConfigFromJSON instead. | ||||
| func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) { | ||||
| 	cfg, err := JWTConfigFromJSON(jsonKey) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("google: could not parse JSON key: %v", err) | ||||
| 	} | ||||
| 	pk, err := internal.ParseKey(cfg.PrivateKey) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("google: could not parse key: %v", err) | ||||
| 	} | ||||
| 	ts := &jwtAccessTokenSource{ | ||||
| 		email:    cfg.Email, | ||||
| 		audience: audience, | ||||
| 		pk:       pk, | ||||
| 		pkID:     cfg.PrivateKeyID, | ||||
| 	} | ||||
| 	tok, err := ts.Token() | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	return oauth2.ReuseTokenSource(tok, ts), nil | ||||
| } | ||||
|  | ||||
| type jwtAccessTokenSource struct { | ||||
| 	email, audience string | ||||
| 	pk              *rsa.PrivateKey | ||||
| 	pkID            string | ||||
| } | ||||
|  | ||||
| func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) { | ||||
| 	iat := time.Now() | ||||
| 	exp := iat.Add(time.Hour) | ||||
| 	cs := &jws.ClaimSet{ | ||||
| 		Iss: ts.email, | ||||
| 		Sub: ts.email, | ||||
| 		Aud: ts.audience, | ||||
| 		Iat: iat.Unix(), | ||||
| 		Exp: exp.Unix(), | ||||
| 	} | ||||
| 	hdr := &jws.Header{ | ||||
| 		Algorithm: "RS256", | ||||
| 		Typ:       "JWT", | ||||
| 		KeyID:     string(ts.pkID), | ||||
| 	} | ||||
| 	msg, err := jws.Encode(hdr, cs, ts.pk) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("google: could not encode JWT: %v", err) | ||||
| 	} | ||||
| 	return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil | ||||
| } | ||||
							
								
								
									
										201
									
								
								vendor/golang.org/x/oauth2/google/sdk.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										201
									
								
								vendor/golang.org/x/oauth2/google/sdk.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,201 @@ | ||||
| // Copyright 2015 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package google | ||||
|  | ||||
| import ( | ||||
| 	"bufio" | ||||
| 	"context" | ||||
| 	"encoding/json" | ||||
| 	"errors" | ||||
| 	"fmt" | ||||
| 	"io" | ||||
| 	"net/http" | ||||
| 	"os" | ||||
| 	"os/user" | ||||
| 	"path/filepath" | ||||
| 	"runtime" | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| ) | ||||
|  | ||||
| type sdkCredentials struct { | ||||
| 	Data []struct { | ||||
| 		Credential struct { | ||||
| 			ClientID     string     `json:"client_id"` | ||||
| 			ClientSecret string     `json:"client_secret"` | ||||
| 			AccessToken  string     `json:"access_token"` | ||||
| 			RefreshToken string     `json:"refresh_token"` | ||||
| 			TokenExpiry  *time.Time `json:"token_expiry"` | ||||
| 		} `json:"credential"` | ||||
| 		Key struct { | ||||
| 			Account string `json:"account"` | ||||
| 			Scope   string `json:"scope"` | ||||
| 		} `json:"key"` | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // An SDKConfig provides access to tokens from an account already | ||||
| // authorized via the Google Cloud SDK. | ||||
| type SDKConfig struct { | ||||
| 	conf         oauth2.Config | ||||
| 	initialToken *oauth2.Token | ||||
| } | ||||
|  | ||||
| // NewSDKConfig creates an SDKConfig for the given Google Cloud SDK | ||||
| // account. If account is empty, the account currently active in | ||||
| // Google Cloud SDK properties is used. | ||||
| // Google Cloud SDK credentials must be created by running `gcloud auth` | ||||
| // before using this function. | ||||
| // The Google Cloud SDK is available at https://cloud.google.com/sdk/. | ||||
| func NewSDKConfig(account string) (*SDKConfig, error) { | ||||
| 	configPath, err := sdkConfigPath() | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("oauth2/google: error getting SDK config path: %v", err) | ||||
| 	} | ||||
| 	credentialsPath := filepath.Join(configPath, "credentials") | ||||
| 	f, err := os.Open(credentialsPath) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("oauth2/google: failed to load SDK credentials: %v", err) | ||||
| 	} | ||||
| 	defer f.Close() | ||||
|  | ||||
| 	var c sdkCredentials | ||||
| 	if err := json.NewDecoder(f).Decode(&c); err != nil { | ||||
| 		return nil, fmt.Errorf("oauth2/google: failed to decode SDK credentials from %q: %v", credentialsPath, err) | ||||
| 	} | ||||
| 	if len(c.Data) == 0 { | ||||
| 		return nil, fmt.Errorf("oauth2/google: no credentials found in %q, run `gcloud auth login` to create one", credentialsPath) | ||||
| 	} | ||||
| 	if account == "" { | ||||
| 		propertiesPath := filepath.Join(configPath, "properties") | ||||
| 		f, err := os.Open(propertiesPath) | ||||
| 		if err != nil { | ||||
| 			return nil, fmt.Errorf("oauth2/google: failed to load SDK properties: %v", err) | ||||
| 		} | ||||
| 		defer f.Close() | ||||
| 		ini, err := parseINI(f) | ||||
| 		if err != nil { | ||||
| 			return nil, fmt.Errorf("oauth2/google: failed to parse SDK properties %q: %v", propertiesPath, err) | ||||
| 		} | ||||
| 		core, ok := ini["core"] | ||||
| 		if !ok { | ||||
| 			return nil, fmt.Errorf("oauth2/google: failed to find [core] section in %v", ini) | ||||
| 		} | ||||
| 		active, ok := core["account"] | ||||
| 		if !ok { | ||||
| 			return nil, fmt.Errorf("oauth2/google: failed to find %q attribute in %v", "account", core) | ||||
| 		} | ||||
| 		account = active | ||||
| 	} | ||||
|  | ||||
| 	for _, d := range c.Data { | ||||
| 		if account == "" || d.Key.Account == account { | ||||
| 			if d.Credential.AccessToken == "" && d.Credential.RefreshToken == "" { | ||||
| 				return nil, fmt.Errorf("oauth2/google: no token available for account %q", account) | ||||
| 			} | ||||
| 			var expiry time.Time | ||||
| 			if d.Credential.TokenExpiry != nil { | ||||
| 				expiry = *d.Credential.TokenExpiry | ||||
| 			} | ||||
| 			return &SDKConfig{ | ||||
| 				conf: oauth2.Config{ | ||||
| 					ClientID:     d.Credential.ClientID, | ||||
| 					ClientSecret: d.Credential.ClientSecret, | ||||
| 					Scopes:       strings.Split(d.Key.Scope, " "), | ||||
| 					Endpoint:     Endpoint, | ||||
| 					RedirectURL:  "oob", | ||||
| 				}, | ||||
| 				initialToken: &oauth2.Token{ | ||||
| 					AccessToken:  d.Credential.AccessToken, | ||||
| 					RefreshToken: d.Credential.RefreshToken, | ||||
| 					Expiry:       expiry, | ||||
| 				}, | ||||
| 			}, nil | ||||
| 		} | ||||
| 	} | ||||
| 	return nil, fmt.Errorf("oauth2/google: no such credentials for account %q", account) | ||||
| } | ||||
|  | ||||
| // Client returns an HTTP client using Google Cloud SDK credentials to | ||||
| // authorize requests. The token will auto-refresh as necessary. The | ||||
| // underlying http.RoundTripper will be obtained using the provided | ||||
| // context. The returned client and its Transport should not be | ||||
| // modified. | ||||
| func (c *SDKConfig) Client(ctx context.Context) *http.Client { | ||||
| 	return &http.Client{ | ||||
| 		Transport: &oauth2.Transport{ | ||||
| 			Source: c.TokenSource(ctx), | ||||
| 		}, | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // TokenSource returns an oauth2.TokenSource that retrieve tokens from | ||||
| // Google Cloud SDK credentials using the provided context. | ||||
| // It will returns the current access token stored in the credentials, | ||||
| // and refresh it when it expires, but it won't update the credentials | ||||
| // with the new access token. | ||||
| func (c *SDKConfig) TokenSource(ctx context.Context) oauth2.TokenSource { | ||||
| 	return c.conf.TokenSource(ctx, c.initialToken) | ||||
| } | ||||
|  | ||||
| // Scopes are the OAuth 2.0 scopes the current account is authorized for. | ||||
| func (c *SDKConfig) Scopes() []string { | ||||
| 	return c.conf.Scopes | ||||
| } | ||||
|  | ||||
| func parseINI(ini io.Reader) (map[string]map[string]string, error) { | ||||
| 	result := map[string]map[string]string{ | ||||
| 		"": {}, // root section | ||||
| 	} | ||||
| 	scanner := bufio.NewScanner(ini) | ||||
| 	currentSection := "" | ||||
| 	for scanner.Scan() { | ||||
| 		line := strings.TrimSpace(scanner.Text()) | ||||
| 		if strings.HasPrefix(line, ";") { | ||||
| 			// comment. | ||||
| 			continue | ||||
| 		} | ||||
| 		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") { | ||||
| 			currentSection = strings.TrimSpace(line[1 : len(line)-1]) | ||||
| 			result[currentSection] = map[string]string{} | ||||
| 			continue | ||||
| 		} | ||||
| 		parts := strings.SplitN(line, "=", 2) | ||||
| 		if len(parts) == 2 && parts[0] != "" { | ||||
| 			result[currentSection][strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1]) | ||||
| 		} | ||||
| 	} | ||||
| 	if err := scanner.Err(); err != nil { | ||||
| 		return nil, fmt.Errorf("error scanning ini: %v", err) | ||||
| 	} | ||||
| 	return result, nil | ||||
| } | ||||
|  | ||||
| // sdkConfigPath tries to guess where the gcloud config is located. | ||||
| // It can be overridden during tests. | ||||
| var sdkConfigPath = func() (string, error) { | ||||
| 	if runtime.GOOS == "windows" { | ||||
| 		return filepath.Join(os.Getenv("APPDATA"), "gcloud"), nil | ||||
| 	} | ||||
| 	homeDir := guessUnixHomeDir() | ||||
| 	if homeDir == "" { | ||||
| 		return "", errors.New("unable to get current user home directory: os/user lookup failed; $HOME is empty") | ||||
| 	} | ||||
| 	return filepath.Join(homeDir, ".config", "gcloud"), nil | ||||
| } | ||||
|  | ||||
| func guessUnixHomeDir() string { | ||||
| 	// Prefer $HOME over user.Current due to glibc bug: golang.org/issue/13470 | ||||
| 	if v := os.Getenv("HOME"); v != "" { | ||||
| 		return v | ||||
| 	} | ||||
| 	// Else, fall back to user.Current: | ||||
| 	if u, err := user.Current(); err == nil { | ||||
| 		return u.HomeDir | ||||
| 	} | ||||
| 	return "" | ||||
| } | ||||
		Reference in New Issue
	
	Block a user