diff --git a/google/google.go b/google/google.go index c8d1237..edb7802 100644 --- a/google/google.go +++ b/google/google.go @@ -122,6 +122,7 @@ type credentialsFile struct { TokenURLExternal string `json:"token_url"` TokenInfoURL string `json:"token_info_url"` ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"` + Delegates []string `json:"delegates"` CredentialSource externalaccount.CredentialSource `json:"credential_source"` QuotaProjectID string `json:"quota_project_id"` WorkforcePoolUserProject string `json:"workforce_pool_user_project"` @@ -194,11 +195,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar return nil, err } imp := externalaccount.ImpersonateTokenSource{ - Ctx: ctx, - Url: f.ServiceAccountImpersonationURL, - Scopes: params.Scopes, - Ts: oauth2.ReuseTokenSource(nil, sourceToken), - // Delegates?? -> I don't know how to manage and how to use them here + Ctx: ctx, + Url: f.ServiceAccountImpersonationURL, + Scopes: params.Scopes, + Ts: oauth2.ReuseTokenSource(nil, sourceToken), + Delegates: f.Delegates, } return oauth2.ReuseTokenSource(nil, imp), nil case "": diff --git a/google/internal/externalaccount/impersonate.go b/google/internal/externalaccount/impersonate.go index cea9458..0d476d1 100644 --- a/google/internal/externalaccount/impersonate.go +++ b/google/internal/externalaccount/impersonate.go @@ -41,13 +41,16 @@ type ImpersonateTokenSource struct { Url string // scopes to include in the access token request Scopes []string + // Delegates for impersonation to include in the access token request + Delegates []string } // Token performs the exchange to get a temporary service account token to allow access to GCP. func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) { reqBody := generateAccessTokenReq{ - Lifetime: "3600s", - Scope: its.Scopes, + Lifetime: "3600s", + Scope: its.Scopes, + Delegates: its.Delegates, } b, err := json.Marshal(reqBody) if err != nil {