downscope: documentation tweaks

This commit is contained in:
Patrick Jones 2021-07-31 00:29:48 -07:00
parent e4ec8cdba1
commit 0bd54f5919
1 changed files with 5 additions and 4 deletions

View File

@ -11,9 +11,9 @@ For complete documentation, see https://cloud.google.com/iam/docs/downscoping-sh
To downscope permissions of a source credential, you need to define To downscope permissions of a source credential, you need to define
a Credential Access Boundary. Said Boundary specifies which resources a Credential Access Boundary. Said Boundary specifies which resources
the newly created credential can access, an upper bound on the permissions the newly created credential can access, an upper bound on the permissions
it has over those resources, and optionally attribute-base conditional it has over those resources, and optionally attribute-based conditional
access to the aforementioned resources. For more information on IAM access to the aforementioned resources. For more information on IAM
Credentials, see https://cloud.google.com/iam/docs/conditions-overview Conditions, see https://cloud.google.com/iam/docs/conditions-overview.
This functionality would typically be used to provide a third party with This functionality would typically be used to provide a third party with
limited access to and permissions on resources held by the owner of the root limited access to and permissions on resources held by the owner of the root
@ -30,7 +30,8 @@ token broker would use this package.
The broker will use the functionality in this package to generate a downscoped The broker will use the functionality in this package to generate a downscoped
token with the requested configuration, and then pass it back to the token token with the requested configuration, and then pass it back to the token
consumer. These downscoped access tokens can then be used to access Google consumer. These downscoped access tokens can then be used to access Google
Storage resources. Storage resources. For instance, you can create a NewClient from the
"cloud.google.com/go/storage" package and pass in option.WithTokenSource(yourTokenSource))
*/ */
package downscope package downscope
@ -115,7 +116,7 @@ type downscopingTokenSource struct {
config DownscopingConfig config DownscopingConfig
} }
// NewTokenSource returns an configured downscopingTokenSource. // NewTokenSource returns a configured downscopingTokenSource.
func NewTokenSource(ctx context.Context, conf DownscopingConfig) (oauth2.TokenSource, error) { func NewTokenSource(ctx context.Context, conf DownscopingConfig) (oauth2.TokenSource, error) {
if conf.RootSource == nil { if conf.RootSource == nil {
return nil, fmt.Errorf("downscope: rootSource cannot be nil") return nil, fmt.Errorf("downscope: rootSource cannot be nil")