forked from Mirrors/oauth2
google: Remove TLSConfig injection logic in favor of HTTPClient injection via context
This commit is contained in:
Andy Zhao
parent
d171fca96d
commit
a1f84d645a
|
|
@ -6,7 +6,6 @@ package google
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
|
@ -66,9 +65,6 @@ type CredentialsParams struct {
|
||||||
|
|
||||||
// The OAuth2 TokenURL to use, which depends on whether mTLS is enabled. Optional.
|
// The OAuth2 TokenURL to use, which depends on whether mTLS is enabled. Optional.
|
||||||
TokenURL string
|
TokenURL string
|
||||||
|
|
||||||
// The TLSConfig used for constructing an mTLS-enabled HTTP client. Optional.
|
|
||||||
TLSConfig *tls.Config
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (params CredentialsParams) deepCopy() CredentialsParams {
|
func (params CredentialsParams) deepCopy() CredentialsParams {
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,9 @@ package google
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -19,7 +16,6 @@ import (
|
||||||
"cloud.google.com/go/compute/metadata"
|
"cloud.google.com/go/compute/metadata"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
"golang.org/x/oauth2/google/internal/externalaccount"
|
"golang.org/x/oauth2/google/internal/externalaccount"
|
||||||
"golang.org/x/oauth2/internal"
|
|
||||||
"golang.org/x/oauth2/jwt"
|
"golang.org/x/oauth2/jwt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -185,9 +181,6 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
|
||||||
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if params.TLSConfig != nil {
|
|
||||||
ctx = context.WithValue(ctx, internal.HTTPClient, customHTTPClient(params.TLSConfig))
|
|
||||||
}
|
|
||||||
tok := &oauth2.Token{RefreshToken: f.RefreshToken}
|
tok := &oauth2.Token{RefreshToken: f.RefreshToken}
|
||||||
return cfg.TokenSource(ctx, tok), nil
|
return cfg.TokenSource(ctx, tok), nil
|
||||||
case externalAccountKey:
|
case externalAccountKey:
|
||||||
|
|
@ -289,26 +282,3 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
|
||||||
"oauth2.google.serviceAccount": acct,
|
"oauth2.google.serviceAccount": acct,
|
||||||
}), nil
|
}), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// customHTTPClient constructs an HTTPClient using the provided tlsConfig, to support mTLS.
|
|
||||||
func customHTTPClient(tlsConfig *tls.Config) *http.Client {
|
|
||||||
trans := baseTransport()
|
|
||||||
trans.TLSClientConfig = tlsConfig
|
|
||||||
return &http.Client{Transport: trans}
|
|
||||||
}
|
|
||||||
|
|
||||||
func baseTransport() *http.Transport {
|
|
||||||
return &http.Transport{
|
|
||||||
Proxy: http.ProxyFromEnvironment,
|
|
||||||
DialContext: (&net.Dialer{
|
|
||||||
Timeout: 30 * time.Second,
|
|
||||||
KeepAlive: 30 * time.Second,
|
|
||||||
DualStack: true,
|
|
||||||
}).DialContext,
|
|
||||||
MaxIdleConns: 100,
|
|
||||||
MaxIdleConnsPerHost: 100,
|
|
||||||
IdleConnTimeout: 90 * time.Second,
|
|
||||||
TLSHandshakeTimeout: 10 * time.Second,
|
|
||||||
ExpectContinueTimeout: 1 * time.Second,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue