downscope: further updates and nits

2021-06-22 09:25:17 -07:00 · 2021-06-22 09:25:17 -07:00 · 304d28ba9e
parent a362f28044
commit 304d28ba9e
3 changed files with 23 additions and 18 deletions
--- a/google/downscope/downscoping.go
+++ b/google/downscope/downscoping.go
@ -56,7 +56,7 @@ type AccessBoundaryRule struct {
 	// An Condition restricts the availability of permissions
 	// to specific Cloud Storage objects. Optional.
 	//
-	// Use this field if you want to make permissions available for specific objects,
+	// A Condition can be used  to make permissions available for specific objects,
 	// rather than all objects in a Cloud Storage bucket.
 	Condition *AvailabilityCondition `json:"availabilityCondition,omitempty"`
 }
@ -82,13 +82,18 @@ type DownscopingConfig struct {
 	Rules []AccessBoundaryRule
 }

-// A DownscopingTokenSource is used to retrieve a downscoped token with restricted
+// A downscopingTokenSource is used to retrieve a downscoped token with restricted
 // permissions compared to the root Token that is used to generate it.
-type DownscopingTokenSource struct {
-	// Ctx is the context used to query the API to retrieve a downscoped Token.
-	Ctx context.Context
-	// Config holds the information necessary to generate a downscoped Token.
-	Config DownscopingConfig
+type downscopingTokenSource struct {
+	// ctx is the context used to query the API to retrieve a downscoped Token.
+	ctx context.Context
+	// config holds the information necessary to generate a downscoped Token.
+	config DownscopingConfig
+}
+
+// NewTokenSource returns an empty downscopingTokenSource.
+func NewTokenSource(ctx context.Context, conf DownscopingConfig) downscopingTokenSource {
+	return downscopingTokenSource{ctx: ctx, config: conf}
 }

 // downscopedTokenWithEndpoint is a helper function used for unit testing
@ -176,11 +181,11 @@ func downscopedTokenWithEndpoint(ctx context.Context, config DownscopingConfig,
 	return newToken, nil
 }

-// Token() uses a DownscopingTokenSource to generate an oauth2 Token.
+// Token() uses a downscopingTokenSource to generate an oauth2 Token.
 // Do note that the returned TokenSource is an oauth2.StaticTokenSource. If you wish
 // to refresh this token automatically, then initialize a locally defined
 // TokenSource struct with the Token held by the StaticTokenSource and wrap
 // that TokenSource in an oauth2.ReuseTokenSource.
-func (dts DownscopingTokenSource) Token() (*oauth2.Token, error) {
-	return downscopedTokenWithEndpoint(dts.Ctx, dts.Config, identityBindingEndpoint)
+func (dts downscopingTokenSource) Token() (*oauth2.Token, error) {
+	return downscopedTokenWithEndpoint(dts.ctx, dts.config, identityBindingEndpoint)
 }
--- a/google/downscope/downscoping_test.go
+++ b/google/downscope/downscoping_test.go
@ -46,12 +46,8 @@ func Test_DownscopedTokenSource(t *testing.T) {
 	}
 	myTok := oauth2.Token{AccessToken: "Mellon"}
 	tmpSrc := oauth2.StaticTokenSource(&myTok)
-	out, err := downscopedTokenWithEndpoint(context.Background(), DownscopingConfig{tmpSrc, new}, ts.URL)
+	_, err := downscopedTokenWithEndpoint(context.Background(), DownscopingConfig{tmpSrc, new}, ts.URL)
 	if err != nil {
 		t.Fatalf("NewDownscopedTokenSource failed with error: %v", err)
 	}
-	_, err = out.Token()
-	if err != nil {
-		t.Fatalf("Token() call failed with error %v", err)
-	}
 }
--- a/google/downscope/example_test.go
+++ b/google/downscope/example_test.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package downscope_test

 import (
@ -9,9 +13,9 @@ import (

 func ExampleNewTokenSource() {
 	ctx := context.Background()
-	// Initializes an accessBoundary with one Rule
+	// Initializes an accessBoundary with one Rule.
 	accessBoundary := []downscope.AccessBoundaryRule{
-		downscope.AccessBoundaryRule{
+		{
 			AvailableResource:    "//storage.googleapis.com/projects/_/buckets/foo",
 			AvailablePermissions: []string{"inRole:roles/storage.objectViewer"},
 		},
@ -23,7 +27,7 @@ func ExampleNewTokenSource() {

 	// rootSource, err := google.DefaultTokenSource(ctx, "https://www.googleapis.com/auth/cloud-platform")

-	dts := downscope.DownscopingTokenSource{ctx, downscope.DownscopingConfig{RootSource: rootSource, Rules: accessBoundary}}
+	dts := downscope.NewTokenSource(ctx, downscope.DownscopingConfig{RootSource: rootSource, Rules: accessBoundary})
 	_ = dts
 	// You can now use the token held in myTokenSource to make
 	// Google Cloud Storage calls, as follows: