krombel/oauth2-old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

google: support service account impersonation

Browse Source 
Adds support for service account impersonation when a URL for service account impersonation is provided.

Change-Id: I9f3bbd6926212cecb13938fc5dac358ba56855b8
GitHub-Last-Rev: 9c218789db45e9b80bb8bec5c69539dd386d9668
GitHub-Pull-Request: golang/oauth2#468
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/285012
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
This commit is contained in:
Patrick Jones
2021-01-26 19:21:15 +00:00
committed by Cody Oss
parent af13f521f1
commit f9ce19ea30
4 changed files with 198 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
google/internal/externalaccount/basecredentials.go
View File

@@ -35,7 +35,18 @@ func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource {
ctx: ctx,
conf: c,
}
return oauth2.ReuseTokenSource(nil, ts)
if c.ServiceAccountImpersonationURL == "" {
return oauth2.ReuseTokenSource(nil, ts)
}
scopes := c.Scopes
ts.conf.Scopes = []string{"https://www.googleapis.com/auth/cloud-platform"}
imp := impersonateTokenSource{
ctx: ctx,
url: c.ServiceAccountImpersonationURL,
scopes: scopes,
ts: oauth2.ReuseTokenSource(nil, ts),
}
return oauth2.ReuseTokenSource(nil, imp)
}
// Subject token file types.
@@ -130,6 +141,5 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
if stsResp.RefreshToken != "" {
accessToken.RefreshToken = stsResp.RefreshToken
}
return accessToken, nil
}