krombel/oauth2
1
0
Fork 0
forked from remote/oauth2
Code Pull Requests 1 Activity

more nits

Browse Source
This commit is contained in:
Patrick Jones
2021-08-05 10:27:23 -07:00
parent db8a13916c
commit b74b0944f5
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
google/downscope/downscoping.go
View File

@@ -15,7 +15,7 @@ it has over those resources, and optionally attribute-based conditional
access to the aforementioned resources. For more information on IAM access to the aforementioned resources. For more information on IAM
Conditions, see https://cloud.google.com/iam/docs/conditions-overview. Conditions, see https://cloud.google.com/iam/docs/conditions-overview.
This functionality would typically be used to provide a third party with This functionality can be used to provide a third party with
limited access to and permissions on resources held by the owner of the root limited access to and permissions on resources held by the owner of the root
credential or internally in conjunction with the principle of least privilege credential or internally in conjunction with the principle of least privilege
to ensure that internal services only hold the minimum necessary privileges to ensure that internal services only hold the minimum necessary privileges

4
google/downscope/tokenbroker_test.go
View File

@@ -18,7 +18,9 @@ func ExampleNewTokenSource() {
// This shows how to generate a downscoped token. This code would be run on the // This shows how to generate a downscoped token. This code would be run on the
// token broker, which holds the root token used to generate the downscoped token. // token broker, which holds the root token used to generate the downscoped token.
ctx := context.Background() ctx := context.Background()
// Initializes an accessBoundary with one Rule. // Initializes an accessBoundary with one Rule which restricts the downscoped
// token to only be able to access the bucket "foo" and only grants it the
// permission "storage.objectViewer".
accessBoundary := []downscope.AccessBoundaryRule{ accessBoundary := []downscope.AccessBoundaryRule{
{ {
AvailableResource: "//storage.googleapis.com/projects/_/buckets/foo", AvailableResource: "//storage.googleapis.com/projects/_/buckets/foo",

6
google/downscope/tokenconsumer_test.go
View File

@@ -11,7 +11,7 @@ type localTokenSource struct {
func (localTokenSource) Token() (*oauth2.Token, error) { func (localTokenSource) Token() (*oauth2.Token, error) {
var remoteToken oauth2.Token var remoteToken oauth2.Token
// retrieve remoteToken, an oauth2.Token, from token broker // Retrieve remoteToken, an oauth2.Token, from token broker
return &remoteToken, nil return &remoteToken, nil
} }
@@ -26,13 +26,13 @@ func Example() {
brokerURL: "yourURL.com/internal/broker", brokerURL: "yourURL.com/internal/broker",
} }
// Wrap the TokenSource in an oauth2.ReuseTokenSource to enable automatic refreshing // Wrap the TokenSource in an oauth2.ReuseTokenSource to enable automatic refreshing.
refreshableTS := oauth2.ReuseTokenSource(nil, thisTokenSource) refreshableTS := oauth2.ReuseTokenSource(nil, thisTokenSource)
// You can now use the token source to access Google Cloud Storage resources as follows. // You can now use the token source to access Google Cloud Storage resources as follows.
// storageClient, err := storage.NewClient(ctx, option.WithTokenSource(refreshableTS)) // storageClient, err := storage.NewClient(ctx, option.WithTokenSource(refreshableTS))
// bkt := storageClient.Bucket("foo"") // bkt := storageClient.Bucket("foo")
// obj := bkt.Object(objectName) // obj := bkt.Object(objectName)
// rc, err := obj.NewReader(ctx) // rc, err := obj.NewReader(ctx)
// defer rc.Close() // defer rc.Close()