forked from Mirrors/oauth2
fix: Add delegates support
Get the delegates from the input JSON and use them in the refreshToken requests. Updates #515
This commit is contained in:
guillaume blaquiere
Guillaume Blaquiere
parent
224dd43caf
commit
8e4ea9fa54
|
|
@ -122,6 +122,7 @@ type credentialsFile struct {
|
||||||
TokenURLExternal string `json:"token_url"`
|
TokenURLExternal string `json:"token_url"`
|
||||||
TokenInfoURL string `json:"token_info_url"`
|
TokenInfoURL string `json:"token_info_url"`
|
||||||
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
|
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
|
||||||
|
Delegates []string `json:"delegates"`
|
||||||
CredentialSource externalaccount.CredentialSource `json:"credential_source"`
|
CredentialSource externalaccount.CredentialSource `json:"credential_source"`
|
||||||
QuotaProjectID string `json:"quota_project_id"`
|
QuotaProjectID string `json:"quota_project_id"`
|
||||||
WorkforcePoolUserProject string `json:"workforce_pool_user_project"`
|
WorkforcePoolUserProject string `json:"workforce_pool_user_project"`
|
||||||
|
|
@ -194,11 +195,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
imp := externalaccount.ImpersonateTokenSource{
|
imp := externalaccount.ImpersonateTokenSource{
|
||||||
Ctx: ctx,
|
Ctx: ctx,
|
||||||
Url: f.ServiceAccountImpersonationURL,
|
Url: f.ServiceAccountImpersonationURL,
|
||||||
Scopes: params.Scopes,
|
Scopes: params.Scopes,
|
||||||
Ts: oauth2.ReuseTokenSource(nil, sourceToken),
|
Ts: oauth2.ReuseTokenSource(nil, sourceToken),
|
||||||
// Delegates?? -> I don't know how to manage and how to use them here
|
Delegates: f.Delegates,
|
||||||
}
|
}
|
||||||
return oauth2.ReuseTokenSource(nil, imp), nil
|
return oauth2.ReuseTokenSource(nil, imp), nil
|
||||||
case "":
|
case "":
|
||||||
|
|
|
||||||
|
|
@ -41,13 +41,16 @@ type ImpersonateTokenSource struct {
|
||||||
Url string
|
Url string
|
||||||
// scopes to include in the access token request
|
// scopes to include in the access token request
|
||||||
Scopes []string
|
Scopes []string
|
||||||
|
// Delegates for impersonation to include in the access token request
|
||||||
|
Delegates []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token performs the exchange to get a temporary service account token to allow access to GCP.
|
// Token performs the exchange to get a temporary service account token to allow access to GCP.
|
||||||
func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) {
|
func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) {
|
||||||
reqBody := generateAccessTokenReq{
|
reqBody := generateAccessTokenReq{
|
||||||
Lifetime: "3600s",
|
Lifetime: "3600s",
|
||||||
Scope: its.Scopes,
|
Scope: its.Scopes,
|
||||||
|
Delegates: its.Delegates,
|
||||||
}
|
}
|
||||||
b, err := json.Marshal(reqBody)
|
b, err := json.Marshal(reqBody)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue