Commit Graph

138 Commits

Author SHA1 Message Date
Patrick Jones e4ec8cdba1 Removed some code that's not yet finished 2021-07-29 14:44:16 -07:00
Patrick Jones c9764790d5 downscope: update documentation 2021-07-29 13:38:18 -07:00
Patrick Jones 941cf10a8e downscope: move validation checks 2021-06-24 16:24:14 -07:00
Patrick Jones fec7137f21 downscope: fix some nits 2021-06-24 11:42:43 -07:00
Patrick Jones 1888dba9b1 downscope: change return type of NewTokenSource 2021-06-23 10:17:59 -07:00
Patrick Jones 1024258a24 downscope: refactor some code to remove an extraneous function and instead run that code inside of Token() 2021-06-22 13:14:47 -07:00
Patrick Jones 304d28ba9e downscope: further updates and nits 2021-06-22 09:25:17 -07:00
Patrick Jones a362f28044 downscope: fix grammar and punctuation. 2021-06-17 15:11:54 -07:00
Patrick Jones 1d9ea0c8e4 downscope: refactor main functionality into a method on a tokenSource, update examples accordingly, and test for maximum boundary rule violations 2021-06-17 14:58:26 -07:00
Patrick Jones cbbc506128 downscope: fixing nits and renaming 2021-06-17 11:06:20 -07:00
Patrick Jones b594a6032e downscope: minor tweaks 2021-06-16 12:14:24 -07:00
Patrick Jones 776a9ed8a3 downscope: move example files to a separate file & package 2021-06-14 13:51:56 -07:00
Patrick Jones c4c64d51bc downscope: add some context to returned error 2021-06-14 10:55:04 -07:00
Patrick Jones be467eec8b downscope: update comment formatting 2021-06-11 11:43:37 -07:00
Patrick Jones 69736ff94b downscope: make changes related to comments, including adding another example and touching up comment formatting. 2021-06-11 11:40:45 -07:00
Patrick Jones e035bf9673 go fmt 2021-06-10 14:55:56 -07:00
Patrick Jones add9801363 Add exmaple showing how NewTokenSource should be called. 2021-06-10 14:55:41 -07:00
Patrick Jones eb57311a00 Add some validity testing for AccessBoundaryRules and add documentation. 2021-06-10 14:11:50 -07:00
Patrick Jones 52684dc091 First set of comment changes. 2021-06-09 14:25:06 -07:00
Patrick Jones a8e26b9ca4 oauth2/google: implement support for token downscoping to allow for restricted permissions 2021-06-09 10:46:53 -07:00
Andy Zhao 81ed05c6b5 google: Add support for CredentialsParams, Client ID json, and JWT Subject
*Add support for Google Developers Console client_credentials.json as a TokenSource.
*Add support for JWT Subject (for domain-wide delegation when using service account as credentials source.)
*Add support for non-default AuthURL and TokenURL for authorized user credentials source.

To support this change, two new exported functions FindDefaultCredentialsWithParams and CredentialsFromJSONWithParams are introduced.

Change-Id: Ib467822e2c14e02f8ae68586665c439960cfbd5c
GitHub-Last-Rev: eb92ab4a21
GitHub-Pull-Request: golang/oauth2#490
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/311589
Reviewed-by: Shin Fan <shinfan@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Shin Fan <shinfan@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-04-27 18:04:40 +00:00
Joel Ferrier 2e8d934016 google: Use bytes.Buffer for go 1.9 compatability
Update test cases to use const test data file references.

Change-Id: Ic08b6de5a84db7b2ae2c649ee676c5a2c13f4227
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/306749
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-04-02 16:14:24 +00:00
Ryan Kohler 5366d9dc19 google: Make sure time is always in UTC
If times are stored in different time zones, then we occasionally get heisenbugs about expired tokens

Change-Id: I0c117977688d8d6c7b12b211092e5040a41a1f46
GitHub-Last-Rev: 3ff51b34f5
GitHub-Pull-Request: golang/oauth2#482
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/300929
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-03-11 16:31:35 +00:00
Russ Cox 9bb904979d all: go fmt ./...
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).

Not strictly necessary but will avoid spurious changes
as files are edited.

Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild

Change-Id: I22803ea9e936fbb08984a64155302f47e181de27
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/294420
Trust: Russ Cox <rsc@golang.org>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-02-20 00:06:19 +00:00
Ryan Kohler ba52d332ba google: unexport private structs and funcs
These structs and funcs cannot be used by the end consumer. Unexporting them helps cleans up our documentation

Change-Id: I2eadb69e87de912ac39f53e83cd9bdfe76a15e3e
GitHub-Last-Rev: 60b58eef75
GitHub-Pull-Request: golang/oauth2#479
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/293752
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-18 20:24:05 +00:00
Bassam Ojeil f145937023 google: update documentation for workload identity federation
Document using workload identity federation from non-Google Cloud platforms to access Google Cloud resources.
This covers federation from AWS, Azure and OIDC providers via Application Default Credentials.

Change-Id: I77ee7f6aac5a75d095304f07f3004ec3fb7b9613
GitHub-Last-Rev: 07c9dd0271
GitHub-Pull-Request: golang/oauth2#478
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/293751
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-18 20:13:42 +00:00
Patrick Jones 16ff1888fd google: manual testing fixes
I found some errors while manually testing service account impersonation on Azure.  This PR includes the fixes that I made.

Change-Id: Ia2b194be6c9a7c843e615f9789c8f8203bcbc151
GitHub-Last-Rev: 5690716363
GitHub-Pull-Request: golang/oauth2#475
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/291209
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-16 19:45:17 +00:00
Ryan Kohler 66670185b0 google: Changes required to get AWS working in manual testing
• Subject Token needs to be query escaped
• Null options need to be omitted (like they are in other languages)

Change-Id: I67d1ed3ba96a35283a8928f196bc7e912084d1ab
GitHub-Last-Rev: 1aae076a90
GitHub-Pull-Request: golang/oauth2#474
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/290513
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-10 19:26:28 +00:00
Ryan Kohler 010130855d google: support AWS 3rd party credentials
Change-Id: I655b38f7fb8023866bb284c7ce80ab9888682e73
GitHub-Last-Rev: 648f0b3d45
GitHub-Pull-Request: golang/oauth2#471
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/287752
Reviewed-by: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-02-01 16:38:06 +00:00
Patrick Jones f9ce19ea30 google: support service account impersonation
Adds support for service account impersonation when a URL for service account impersonation is provided.

Change-Id: I9f3bbd6926212cecb13938fc5dac358ba56855b8
GitHub-Last-Rev: 9c218789db
GitHub-Pull-Request: golang/oauth2#468
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/285012
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-01-26 19:43:26 +00:00
Ryan Kohler af13f521f1 google: Create AWS V4 Signing Utility
Change-Id: I59b4a13ed0433de7dfaa064a0f7dc1f3dd724518
GitHub-Last-Rev: 8cdc6a9ad0
GitHub-Pull-Request: golang/oauth2#467
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/284632
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-01-25 20:13:02 +00:00
Patrick Jones d3ed898aa8 google: support url-sourced 3rd party credentials
Implements functionality to allow for URL-sourced 3rd party credentials, expanding the functionality added in #462 .

Change-Id: Ib7615fb618486612960d60bee6b9a1ecf5de1404
GitHub-Last-Rev: 95713928e4
GitHub-Pull-Request: golang/oauth2#466
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283372
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-01-13 20:58:17 +00:00
Cody Oss 8b1d76fa04 google: restore 1.11 compatibility
NewRequestWithContext requires 1.13. As this is just a convenience
we should try to retatin the 1.11 compatibility by using NewRequest
then calling WithContext instead.

Change-Id: I6208a92061b208a119fdf04fd561a3e4d22bc547
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283535
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-13 16:05:01 +00:00
Patrick Jones 01de73cf58 google: base account credentials with file-sourcing
Implements the core functionality to allow 3rd party identities access to Google APIs.  Specifically, this PR implements the base account credential type and supports file-sourced credentials such as Kubernetes workloads.  Later updates will add support for URL-sourced credentials such as Microsoft Azure and support for AWS credentials.

Change-Id: I6e09a450f5221a1e06394b51374cff70ab3ab8a7
GitHub-Last-Rev: 3ab51622f8
GitHub-Pull-Request: golang/oauth2#462
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/276312
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-12 20:04:29 +00:00
Patrick Jones 0b49973bad google: add ExchangeToken() to run STS exchanges.
Adds the ExchangeToken() function and support structs, but depends on  https://github.com/golang/oauth2/pull/439

Change-Id: Id738a27b0c2ac083409156af1f60283b9140b159
GitHub-Last-Rev: 1aa066dc21
GitHub-Pull-Request: golang/oauth2#444
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/261918
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-12-03 00:10:11 +00:00
Patrick Jones 9fd604954f google: add utilities supporting upcoming oauth2 functionality
These are used to support some extended utilities to help with STS requests.

Change-Id: Iafc145b06ca42374cfc2ac6572762a50bcf560f2
GitHub-Last-Rev: 3085fe5703
GitHub-Pull-Request: golang/oauth2#439
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/259777
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-11-09 20:14:03 +00:00
Chris Broadfoot 0f29369cfe google: add some metadata to GCE tokens to identify the token's source
This is required for the direct path feature, which only works with this
token source. It's not currently possible to determine the token source
type from the return value of FindDefaultCredentials.

Another option is to add another field to the Credentials struct, which
we could still do later, but direct path is currently pretty experimental
and whitelisted/opt-in, so I don't want to add to the public API surface
unnecessarily.

This CL functionally blocks
https://code-review.googlesource.com/c/google-api-go-client/+/40950

Change-Id: Ifb5fe9c6e5c6b33eebb87b45d3c70eebfca691b3
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/175877
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-06-04 05:34:49 +00:00
Steven Buss 9f3314589c google: Support scopes for ComputeTokenSource
Scopes have been added as a query parameter to the metadata server.

Change-Id: Ife68db01beeca386e558edd424fa11da508b7287
GitHub-Last-Rev: 1cb4a6ec12
GitHub-Pull-Request: golang/oauth2#376
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/170106
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-04-02 18:19:05 +00:00
Jean de Klerk 529b322ea3 google: Use new endpoints for Google authentication
Fixes #310

Change-Id: I3b3a57b2758074535d07471b344334945be5bcbd
Reviewed-on: https://go-review.googlesource.com/c/136356
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-02-26 19:11:47 +00:00
Brad Fitzpatrick 5f6b76b7c9 google: remove legacy App Engine context stuff
Fixes golang/oauth2#276

Change-Id: I3f2bed7201f2e6bb58913f3fae2e64287b9a66d5
Reviewed-on: https://go-review.googlesource.com/c/161959
Reviewed-by: Ross Light <light@google.com>
Reviewed-by: Jean de Klerk <deklerk@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-02-11 22:52:00 +00:00
Brad Fitzpatrick 80673b4a4b oauth2: auto-detect auth style by default, add Endpoint.AuthStyle
Instead of maintaining a global map of which OAuth2 servers do which
auth style and/or requiring the user to tell us, just try both ways
and remember which way worked. But if users want to tell us in the
Endpoint, this CL also add Endpoint.AuthStyle.

Fixes golang/oauth2#111
Fixes golang/oauth2#365
Fixes golang/oauth2#362
Fixes golang/oauth2#357
Fixes golang/oauth2#353
Fixes golang/oauth2#345
Fixes golang/oauth2#326
Fixes golang/oauth2#352
Fixes golang/oauth2#268
Fixes https://go-review.googlesource.com/c/oauth2/+/58510
(... and surely many more ...)

Change-Id: I7b4d98ba1900ee2d3e11e629316b0bf867f7d237
Reviewed-on: https://go-review.googlesource.com/c/157820
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ross Light <light@google.com>
2019-02-11 18:49:51 +00:00
Brad Fitzpatrick b758792b5c google: remove a useless build tag restriction
I missed this in CL 146677.

Change-Id: Ie2735ba15d41e51fd5a99cba97514cd16399abaa
Reviewed-on: https://go-review.googlesource.com/c/147458
Reviewed-by: Ross Light <light@google.com>
2018-11-05 16:49:09 +00:00
Brad Fitzpatrick 232e455483 google: remove Go 1.8 support
Assume Go 1.9+, which is broader than Go's current Go 1.10+ support policy.

Change-Id: I9fe6954d21c2279cf4ea7da4d5bc7a9290a3bae2
Reviewed-on: https://go-review.googlesource.com/c/146677
Reviewed-by: Ross Light <light@google.com>
2018-11-02 17:01:40 +00:00
Antoine GIRARD e0f2c55a7f appengine: use stdlib context instead of x/net/context
PR #341 introduce some new import `x/net/context` in parallel of PR #339 replacing them with the standard context.
This quick PR rename those imports.

Change-Id: I94f7edbee851a733b8a307c2ea60923dd990bdb4
GitHub-Last-Rev: fbe7944356
GitHub-Pull-Request: golang/oauth2#342
Reviewed-on: https://go-review.googlesource.com/c/146837
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-02 00:39:13 +00:00
Antoine GIRARD c453e0c757 all: use stdlib context instead of x/net/context
This PR replaces use of `x/net/context` with the standard `context`

It has been nearly 6 months since
https://github.com/golang/oauth2/issues/246#issuecomment-387601277 so
I made this PR so it will be ready to merge when needed (and if
possible).

Fixes #246

Change-Id: Id2c316fcb27de0fb9163ceb4e8669b04cb39a987
GitHub-Last-Rev: 5b36321dcc
GitHub-Pull-Request: golang/oauth2#339
Reviewed-on: https://go-review.googlesource.com/c/145202
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 16:01:52 +00:00
Michael Traver 5a69e67f3f appengine: implement AppEngineTokenSource for 2nd gen runtimes
Go 1.11 on App Engine standard is a "second generation" runtime, and
second generation runtimes do not set the appengine build tag.
appengine_hook.go was behind the appengine build tag, meaning that
AppEngineTokenSource panicked on the go111 runtime, saying,
"AppEngineTokenSource can only be used on App Engine."

The second gen runtimes should use ComputeTokenSource, which is also
what flex does [1]. This commit does two things to remedy the situation:

1. Put the pre-existing implementation of AppEngineTokenSource behind
   the appengine build tag since it only works on first gen App Engine
   runtimes. This leaves first gen behavior unchanged.
2. Add a new implementation of AppEngineTokenSource and tag it
   !appengine. This implementation will therefore be used by second gen
   App Engine standard runtimes and App Engine flexible. It delegates
   to ComputeTokenSource.

The new AppEngineTokenSource implementation emits a log message
informing the user that AppEngineTokenSource is deprecated for second
gen runtimes and flex, instructing them to use DefaultTokenSource or
ComputeTokenSource instead. The documentation is updated to say the
same.

In this way users will not break when upgrading from Go 1.9 to Go 1.11
on App Engine but they will be nudged toward the world where App Engine
runtimes have less special behavior.

findDefaultCredentials still calls AppEngineTokenSource for first gen
runtimes and ComputeTokenSource for flex.

Fixes #334

Test: I deployed an app that uses AppEngineTokenSource to Go 1.9 and
      Go 1.11 on App Engine standard and to Go 1.11 on App Engine
      flexible and it worked in all cases. Also verified that the log
      message is present on go111 and flex.

[1] DefaultTokenSource did use ComputeTokenSource for flex but
AppEngineTokenSource did not. AppEngineTokenSource is supported on flex,
in the sense that it doesn't panic when used on flex in the way it does
when used outside App Engine. However, AppEngineTokenSource makes an API
call internally that isn't supported by default on flex, which emits a
log instructing the user to enable the compat runtime. The compat
runtimes are deprecated and deploys are blocked. This is a bad
experience. This commit has the side effect of fixing this.

Change-Id: Iab63547b410535db60dcf204782d5b6b599a4e0c
GitHub-Last-Rev: 5779afb167
GitHub-Pull-Request: golang/oauth2#341
Reviewed-on: https://go-review.googlesource.com/c/146177
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 15:54:53 +00:00
Jonathan Amsterdam 7af32f14d0 google: add CredentialsFromJSON
Support obtaining a DefaultCredentials value from JSON data.

Also, add an example, and write more package doc.

For Go 1.9 and higher, rename DefaultCredentials to
Credentials and make the former an alias for the latter.

Updates google/google-api-go-client#247.

Change-Id: I9f9e234ed79f8e08fa13914d9c6c60e0154a06e5
Reviewed-on: https://go-review.googlesource.com/99795
Reviewed-by: Ross Light <light@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-03-12 23:58:49 +00:00
Ross Light 174986b227 internal: move ParseINI into google
This was the only usage of the function.

Change-Id: I081e20789ea9e37fe96f764641078472153bf577
Reviewed-on: https://go-review.googlesource.com/85197
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2018-01-02 15:01:02 +00:00
Ross Light 9a379c6b3e google: add JSON field to DefaultCredentials
Change-Id: I9cde8eabf4a2cb87db74f7b805045e155fd4ef13
Reviewed-on: https://go-review.googlesource.com/51111
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-08-07 18:00:24 +00:00
Jaana Burcu Dogan 8cf58155e4 google: remove code duplication, note appenginevm case
Before AppEngine classic allowed "google.golang.org/appengine" imports,
we used to maintain two hook files to choose either from "appengine" or
"google.golang.org/appengine" namespaces. Now, both environments allow
importing from "google.golang.org/appengine". Therefore, there
is no need to set hooks in two separate files.

Also note that Flex prefers to use metadata server, so we still
need to be able to differentiate between these environments.

Change-Id: I7478ebdfa1b062d466aaf2aca938f93d42b4c58a
Reviewed-on: https://go-review.googlesource.com/37378
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-02 20:00:26 +00:00