mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-10-18 23:45:08 +00:00
150 lines
6.5 KiB
Go
150 lines
6.5 KiB
Go
// Copyright 2023 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package credsfile
|
|
|
|
import (
|
|
"encoding/json"
|
|
)
|
|
|
|
// Config3LO is the internals of a client creds file.
|
|
type Config3LO struct {
|
|
ClientID string `json:"client_id"`
|
|
ClientSecret string `json:"client_secret"`
|
|
RedirectURIs []string `json:"redirect_uris"`
|
|
AuthURI string `json:"auth_uri"`
|
|
TokenURI string `json:"token_uri"`
|
|
}
|
|
|
|
// ClientCredentialsFile representation.
|
|
type ClientCredentialsFile struct {
|
|
Web *Config3LO `json:"web"`
|
|
Installed *Config3LO `json:"installed"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// ServiceAccountFile representation.
|
|
type ServiceAccountFile struct {
|
|
Type string `json:"type"`
|
|
ProjectID string `json:"project_id"`
|
|
PrivateKeyID string `json:"private_key_id"`
|
|
PrivateKey string `json:"private_key"`
|
|
ClientEmail string `json:"client_email"`
|
|
ClientID string `json:"client_id"`
|
|
AuthURL string `json:"auth_uri"`
|
|
TokenURL string `json:"token_uri"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// UserCredentialsFile representation.
|
|
type UserCredentialsFile struct {
|
|
Type string `json:"type"`
|
|
ClientID string `json:"client_id"`
|
|
ClientSecret string `json:"client_secret"`
|
|
QuotaProjectID string `json:"quota_project_id"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// ExternalAccountFile representation.
|
|
type ExternalAccountFile struct {
|
|
Type string `json:"type"`
|
|
ClientID string `json:"client_id"`
|
|
ClientSecret string `json:"client_secret"`
|
|
Audience string `json:"audience"`
|
|
SubjectTokenType string `json:"subject_token_type"`
|
|
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
|
|
TokenURL string `json:"token_url"`
|
|
CredentialSource *CredentialSource `json:"credential_source,omitempty"`
|
|
TokenInfoURL string `json:"token_info_url"`
|
|
ServiceAccountImpersonation *ServiceAccountImpersonationInfo `json:"service_account_impersonation,omitempty"`
|
|
QuotaProjectID string `json:"quota_project_id"`
|
|
WorkforcePoolUserProject string `json:"workforce_pool_user_project"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// ExternalAccountAuthorizedUserFile representation.
|
|
type ExternalAccountAuthorizedUserFile struct {
|
|
Type string `json:"type"`
|
|
Audience string `json:"audience"`
|
|
ClientID string `json:"client_id"`
|
|
ClientSecret string `json:"client_secret"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
TokenURL string `json:"token_url"`
|
|
TokenInfoURL string `json:"token_info_url"`
|
|
RevokeURL string `json:"revoke_url"`
|
|
QuotaProjectID string `json:"quota_project_id"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
|
|
//
|
|
// One field amongst File, URL, and Executable should be filled, depending on the kind of credential in question.
|
|
// The EnvironmentID should start with AWS if being used for an AWS credential.
|
|
type CredentialSource struct {
|
|
File string `json:"file"`
|
|
URL string `json:"url"`
|
|
Headers map[string]string `json:"headers"`
|
|
Executable *ExecutableConfig `json:"executable,omitempty"`
|
|
EnvironmentID string `json:"environment_id"`
|
|
RegionURL string `json:"region_url"`
|
|
RegionalCredVerificationURL string `json:"regional_cred_verification_url"`
|
|
CredVerificationURL string `json:"cred_verification_url"`
|
|
IMDSv2SessionTokenURL string `json:"imdsv2_session_token_url"`
|
|
Format *Format `json:"format,omitempty"`
|
|
}
|
|
|
|
// Format describes the format of a [CredentialSource].
|
|
type Format struct {
|
|
// Type is either "text" or "json". When not provided "text" type is assumed.
|
|
Type string `json:"type"`
|
|
// SubjectTokenFieldName is only required for JSON format. This would be "access_token" for azure.
|
|
SubjectTokenFieldName string `json:"subject_token_field_name"`
|
|
}
|
|
|
|
// ExecutableConfig represents the command to run for an executable
|
|
// [CredentialSource].
|
|
type ExecutableConfig struct {
|
|
Command string `json:"command"`
|
|
TimeoutMillis int `json:"timeout_millis"`
|
|
OutputFile string `json:"output_file"`
|
|
}
|
|
|
|
// ServiceAccountImpersonationInfo has impersonation configuration.
|
|
type ServiceAccountImpersonationInfo struct {
|
|
TokenLifetimeSeconds int `json:"token_lifetime_seconds"`
|
|
}
|
|
|
|
// ImpersonatedServiceAccountFile representation.
|
|
type ImpersonatedServiceAccountFile struct {
|
|
Type string `json:"type"`
|
|
ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
|
|
Delegates []string `json:"delegates"`
|
|
CredSource json.RawMessage `json:"source_credentials"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|
|
|
|
// GDCHServiceAccountFile represents the Google Distributed Cloud Hosted (GDCH) service identity file.
|
|
type GDCHServiceAccountFile struct {
|
|
Type string `json:"type"`
|
|
FormatVersion string `json:"format_version"`
|
|
Project string `json:"project"`
|
|
Name string `json:"name"`
|
|
CertPath string `json:"ca_cert_path"`
|
|
PrivateKeyID string `json:"private_key_id"`
|
|
PrivateKey string `json:"private_key"`
|
|
TokenURL string `json:"token_uri"`
|
|
UniverseDomain string `json:"universe_domain"`
|
|
}
|