google: refactor JWT parsing code internally

The ADC code and the JWT-parsing function operate on the same data format, but were using separate code paths, each of which was missing things from the other. While this presents no change in API surface, JWTConfigFromJSON now strictly checks the "type" field in the JSON file before building a config. Change-Id: I2f593a16bf4591059fbf9002bccea06e41e5e161 Reviewed-on: https://go-review.googlesource.com/32678 Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-11-03 15:50:36 -07:00
parent 36bc61733f
commit d5040cddfc
2 changed files with 67 additions and 56 deletions
--- a/google/default.go
+++ b/google/default.go
@@ -6,7 +6,6 @@ package google

 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -17,7 +16,6 @@ import (
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/jwt"
 )

 // DefaultClient returns an HTTP Client that uses the
@@ -112,44 +110,9 @@ func tokenSourceFromFile(ctx context.Context, filename string, scopes []string)
 	if err != nil {
 		return nil, err
 	}
-	var d struct {
-		// Common fields
-		Type     string
-		ClientID string `json:"client_id"`
-
-		// User Credential fields
-		ClientSecret string `json:"client_secret"`
-		RefreshToken string `json:"refresh_token"`
-
-		// Service Account fields
-		ClientEmail  string `json:"client_email"`
-		PrivateKeyID string `json:"private_key_id"`
-		PrivateKey   string `json:"private_key"`
-	}
-	if err := json.Unmarshal(b, &d); err != nil {
+	var f credentialsFile
+	if err := json.Unmarshal(b, &f); err != nil {
 		return nil, err
 	}
-	switch d.Type {
-	case "authorized_user":
-		cfg := &oauth2.Config{
-			ClientID:     d.ClientID,
-			ClientSecret: d.ClientSecret,
-			Scopes:       append([]string{}, scopes...), // copy
-			Endpoint:     Endpoint,
-		}
-		tok := &oauth2.Token{RefreshToken: d.RefreshToken}
-		return cfg.TokenSource(ctx, tok), nil
-	case "service_account":
-		cfg := &jwt.Config{
-			Email:      d.ClientEmail,
-			PrivateKey: []byte(d.PrivateKey),
-			Scopes:     append([]string{}, scopes...), // copy
-			TokenURL:   JWTTokenURL,
-		}
-		return cfg.TokenSource(ctx), nil
-	case "":
-		return nil, errors.New("missing 'type' field in credentials")
-	default:
-		return nil, fmt.Errorf("unknown credential type: %q", d.Type)
-	}
+	return f.tokenSource(ctx, scopes)
 }