aboutsummaryrefslogtreecommitdiff
path: root/vendor/google.golang.org/grpc/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/google.golang.org/grpc/credentials')
-rw-r--r--vendor/google.golang.org/grpc/credentials/credentials.go26
-rw-r--r--vendor/google.golang.org/grpc/credentials/oauth/oauth.go173
2 files changed, 13 insertions, 186 deletions
diff --git a/vendor/google.golang.org/grpc/credentials/credentials.go b/vendor/google.golang.org/grpc/credentials/credentials.go
index 2475fe832..1d2e864f8 100644
--- a/vendor/google.golang.org/grpc/credentials/credentials.go
+++ b/vendor/google.golang.org/grpc/credentials/credentials.go
@@ -34,10 +34,8 @@ import (
"golang.org/x/net/context"
)
-var (
- // alpnProtoStr are the specified application level protocols for gRPC.
- alpnProtoStr = []string{"h2"}
-)
+// alpnProtoStr are the specified application level protocols for gRPC.
+var alpnProtoStr = []string{"h2"}
// PerRPCCredentials defines the common interface for the credentials which need to
// attach security information to every RPC (e.g., oauth2).
@@ -74,11 +72,9 @@ type AuthInfo interface {
AuthType() string
}
-var (
- // ErrConnDispatched indicates that rawConn has been dispatched out of gRPC
- // and the caller should not close rawConn.
- ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")
-)
+// ErrConnDispatched indicates that rawConn has been dispatched out of gRPC
+// and the caller should not close rawConn.
+var ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")
// TransportCredentials defines the common interface for all the live gRPC wire
// protocols and supported transport security protocols (e.g., TLS, SSL).
@@ -91,10 +87,14 @@ type TransportCredentials interface {
// (io.EOF, context.DeadlineExceeded or err.Temporary() == true).
// If the returned error is a wrapper error, implementations should make sure that
// the error implements Temporary() to have the correct retry behaviors.
+ //
+ // If the returned net.Conn is closed, it MUST close the net.Conn provided.
ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
// ServerHandshake does the authentication handshake for servers. It returns
// the authenticated connection and the corresponding auth information about
// the connection.
+ //
+ // If the returned net.Conn is closed, it MUST close the net.Conn provided.
ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
// Info provides the ProtocolInfo of this TransportCredentials.
Info() ProtocolInfo
@@ -131,15 +131,15 @@ func (c tlsCreds) Info() ProtocolInfo {
}
}
-func (c *tlsCreds) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error) {
+func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error) {
// use local cfg to avoid clobbering ServerName if using multiple endpoints
cfg := cloneTLSConfig(c.config)
if cfg.ServerName == "" {
- colonPos := strings.LastIndex(addr, ":")
+ colonPos := strings.LastIndex(authority, ":")
if colonPos == -1 {
- colonPos = len(addr)
+ colonPos = len(authority)
}
- cfg.ServerName = addr[:colonPos]
+ cfg.ServerName = authority[:colonPos]
}
conn := tls.Client(rawConn, cfg)
errChannel := make(chan error, 1)
diff --git a/vendor/google.golang.org/grpc/credentials/oauth/oauth.go b/vendor/google.golang.org/grpc/credentials/oauth/oauth.go
deleted file mode 100644
index f6d597a14..000000000
--- a/vendor/google.golang.org/grpc/credentials/oauth/oauth.go
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package oauth implements gRPC credentials using OAuth.
-package oauth
-
-import (
- "fmt"
- "io/ioutil"
- "sync"
-
- "golang.org/x/net/context"
- "golang.org/x/oauth2"
- "golang.org/x/oauth2/google"
- "golang.org/x/oauth2/jwt"
- "google.golang.org/grpc/credentials"
-)
-
-// TokenSource supplies PerRPCCredentials from an oauth2.TokenSource.
-type TokenSource struct {
- oauth2.TokenSource
-}
-
-// GetRequestMetadata gets the request metadata as a map from a TokenSource.
-func (ts TokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
- token, err := ts.Token()
- if err != nil {
- return nil, err
- }
- return map[string]string{
- "authorization": token.Type() + " " + token.AccessToken,
- }, nil
-}
-
-// RequireTransportSecurity indicates whether the credentials requires transport security.
-func (ts TokenSource) RequireTransportSecurity() bool {
- return true
-}
-
-type jwtAccess struct {
- jsonKey []byte
-}
-
-// NewJWTAccessFromFile creates PerRPCCredentials from the given keyFile.
-func NewJWTAccessFromFile(keyFile string) (credentials.PerRPCCredentials, error) {
- jsonKey, err := ioutil.ReadFile(keyFile)
- if err != nil {
- return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
- }
- return NewJWTAccessFromKey(jsonKey)
-}
-
-// NewJWTAccessFromKey creates PerRPCCredentials from the given jsonKey.
-func NewJWTAccessFromKey(jsonKey []byte) (credentials.PerRPCCredentials, error) {
- return jwtAccess{jsonKey}, nil
-}
-
-func (j jwtAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
- ts, err := google.JWTAccessTokenSourceFromJSON(j.jsonKey, uri[0])
- if err != nil {
- return nil, err
- }
- token, err := ts.Token()
- if err != nil {
- return nil, err
- }
- return map[string]string{
- "authorization": token.Type() + " " + token.AccessToken,
- }, nil
-}
-
-func (j jwtAccess) RequireTransportSecurity() bool {
- return true
-}
-
-// oauthAccess supplies PerRPCCredentials from a given token.
-type oauthAccess struct {
- token oauth2.Token
-}
-
-// NewOauthAccess constructs the PerRPCCredentials using a given token.
-func NewOauthAccess(token *oauth2.Token) credentials.PerRPCCredentials {
- return oauthAccess{token: *token}
-}
-
-func (oa oauthAccess) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
- return map[string]string{
- "authorization": oa.token.Type() + " " + oa.token.AccessToken,
- }, nil
-}
-
-func (oa oauthAccess) RequireTransportSecurity() bool {
- return true
-}
-
-// NewComputeEngine constructs the PerRPCCredentials that fetches access tokens from
-// Google Compute Engine (GCE)'s metadata server. It is only valid to use this
-// if your program is running on a GCE instance.
-// TODO(dsymonds): Deprecate and remove this.
-func NewComputeEngine() credentials.PerRPCCredentials {
- return TokenSource{google.ComputeTokenSource("")}
-}
-
-// serviceAccount represents PerRPCCredentials via JWT signing key.
-type serviceAccount struct {
- mu sync.Mutex
- config *jwt.Config
- t *oauth2.Token
-}
-
-func (s *serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
- s.mu.Lock()
- defer s.mu.Unlock()
- if !s.t.Valid() {
- var err error
- s.t, err = s.config.TokenSource(ctx).Token()
- if err != nil {
- return nil, err
- }
- }
- return map[string]string{
- "authorization": s.t.Type() + " " + s.t.AccessToken,
- }, nil
-}
-
-func (s *serviceAccount) RequireTransportSecurity() bool {
- return true
-}
-
-// NewServiceAccountFromKey constructs the PerRPCCredentials using the JSON key slice
-// from a Google Developers service account.
-func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (credentials.PerRPCCredentials, error) {
- config, err := google.JWTConfigFromJSON(jsonKey, scope...)
- if err != nil {
- return nil, err
- }
- return &serviceAccount{config: config}, nil
-}
-
-// NewServiceAccountFromFile constructs the PerRPCCredentials using the JSON key file
-// of a Google Developers service account.
-func NewServiceAccountFromFile(keyFile string, scope ...string) (credentials.PerRPCCredentials, error) {
- jsonKey, err := ioutil.ReadFile(keyFile)
- if err != nil {
- return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
- }
- return NewServiceAccountFromKey(jsonKey, scope...)
-}
-
-// NewApplicationDefault returns "Application Default Credentials". For more
-// detail, see https://developers.google.com/accounts/docs/application-default-credentials.
-func NewApplicationDefault(ctx context.Context, scope ...string) (credentials.PerRPCCredentials, error) {
- t, err := google.DefaultTokenSource(ctx, scope...)
- if err != nil {
- return nil, err
- }
- return TokenSource{t}, nil
-}
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-26 16:29:16 +0000