4ba7085068
Bumps the go-deps group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.27.1` | `1.27.3` | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.42.0` | `1.43.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.6.0` | `1.7.0` | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage](https://github.com/Azure/azure-sdk-for-go) | `1.5.0` | `1.6.0` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.54.10` | `1.54.18` | | [github.com/gophercloud/gophercloud](https://github.com/gophercloud/gophercloud) | `1.12.0` | `1.13.0` | | [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) | `0.1.425` | `0.1.429` | | [github.com/osbuild/images](https://github.com/osbuild/images) | `0.69.0` | `0.70.0` | Updates `cloud.google.com/go/compute` from 1.27.1 to 1.27.3 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.27.1...compute/v1.27.3) Updates `cloud.google.com/go/storage` from 1.42.0 to 1.43.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.42.0...spanner/v1.43.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.5.0...sdk/azcore/v1.6.0) Updates `github.com/aws/aws-sdk-go` from 1.54.10 to 1.54.18 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.10...v1.54.18) Updates `github.com/gophercloud/gophercloud` from 1.12.0 to 1.13.0 - [Release notes](https://github.com/gophercloud/gophercloud/releases) - [Changelog](https://github.com/gophercloud/gophercloud/blob/v1.13.0/CHANGELOG.md) - [Commits](https://github.com/gophercloud/gophercloud/compare/v1.12.0...v1.13.0) Updates `github.com/openshift-online/ocm-sdk-go` from 0.1.425 to 0.1.429 - [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases) - [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md) - [Commits](https://github.com/openshift-online/ocm-sdk-go/compare/v0.1.425...v0.1.429) Updates `github.com/osbuild/images` from 0.69.0 to 0.70.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.69.0...v0.70.0) Updates `golang.org/x/sys` from 0.21.0 to 0.22.0 - [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0) Updates `google.golang.org/api` from 0.186.0 to 0.188.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.186.0...v0.188.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/compute dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/gophercloud/gophercloud dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/openshift-online/ocm-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <support@github.com>
243 lines
8.4 KiB
Go
243 lines
8.4 KiB
Go
// Copyright 2017 Google LLC.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Package internal supports the options and transport packages.
|
|
package internal
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"errors"
|
|
"net/http"
|
|
"os"
|
|
"strconv"
|
|
"time"
|
|
|
|
"cloud.google.com/go/auth"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
"google.golang.org/api/internal/impersonate"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
const (
|
|
newAuthLibEnvVar = "GOOGLE_API_GO_EXPERIMENTAL_ENABLE_NEW_AUTH_LIB"
|
|
newAuthLibDisabledEnVar = "GOOGLE_API_GO_EXPERIMENTAL_DISABLE_NEW_AUTH_LIB"
|
|
universeDomainEnvVar = "GOOGLE_CLOUD_UNIVERSE_DOMAIN"
|
|
defaultUniverseDomain = "googleapis.com"
|
|
)
|
|
|
|
// DialSettings holds information needed to establish a connection with a
|
|
// Google API service.
|
|
type DialSettings struct {
|
|
Endpoint string
|
|
DefaultEndpoint string
|
|
DefaultEndpointTemplate string
|
|
DefaultMTLSEndpoint string
|
|
Scopes []string
|
|
DefaultScopes []string
|
|
EnableJwtWithScope bool
|
|
TokenSource oauth2.TokenSource
|
|
Credentials *google.Credentials
|
|
CredentialsFile string // if set, Token Source is ignored.
|
|
CredentialsJSON []byte
|
|
InternalCredentials *google.Credentials
|
|
UserAgent string
|
|
APIKey string
|
|
Audiences []string
|
|
DefaultAudience string
|
|
HTTPClient *http.Client
|
|
GRPCDialOpts []grpc.DialOption
|
|
GRPCConn *grpc.ClientConn
|
|
GRPCConnPool ConnPool
|
|
GRPCConnPoolSize int
|
|
NoAuth bool
|
|
TelemetryDisabled bool
|
|
ClientCertSource func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
|
|
CustomClaims map[string]interface{}
|
|
SkipValidation bool
|
|
ImpersonationConfig *impersonate.Config
|
|
EnableDirectPath bool
|
|
EnableDirectPathXds bool
|
|
AllowNonDefaultServiceAccount bool
|
|
DefaultUniverseDomain string
|
|
UniverseDomain string
|
|
// Google API system parameters. For more information please read:
|
|
// https://cloud.google.com/apis/docs/system-parameters
|
|
QuotaProject string
|
|
RequestReason string
|
|
|
|
// New Auth library Options
|
|
AuthCredentials *auth.Credentials
|
|
EnableNewAuthLibrary bool
|
|
}
|
|
|
|
// GetScopes returns the user-provided scopes, if set, or else falls back to the
|
|
// default scopes.
|
|
func (ds *DialSettings) GetScopes() []string {
|
|
if len(ds.Scopes) > 0 {
|
|
return ds.Scopes
|
|
}
|
|
return ds.DefaultScopes
|
|
}
|
|
|
|
// GetAudience returns the user-provided audience, if set, or else falls back to the default audience.
|
|
func (ds *DialSettings) GetAudience() string {
|
|
if ds.HasCustomAudience() {
|
|
return ds.Audiences[0]
|
|
}
|
|
return ds.DefaultAudience
|
|
}
|
|
|
|
// HasCustomAudience returns true if a custom audience is provided by users.
|
|
func (ds *DialSettings) HasCustomAudience() bool {
|
|
return len(ds.Audiences) > 0
|
|
}
|
|
|
|
// IsNewAuthLibraryEnabled returns true if the new auth library should be used.
|
|
func (ds *DialSettings) IsNewAuthLibraryEnabled() bool {
|
|
// Disabled env is for future rollouts to make sure there is a way to easily
|
|
// disable this behaviour once we switch in on by default.
|
|
if b, err := strconv.ParseBool(os.Getenv(newAuthLibDisabledEnVar)); err == nil && b {
|
|
return false
|
|
}
|
|
if ds.EnableNewAuthLibrary {
|
|
return true
|
|
}
|
|
if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnvVar)); err == nil {
|
|
return b
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Validate reports an error if ds is invalid.
|
|
func (ds *DialSettings) Validate() error {
|
|
if ds.SkipValidation {
|
|
return nil
|
|
}
|
|
hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil
|
|
if ds.NoAuth && hasCreds {
|
|
return errors.New("options.WithoutAuthentication is incompatible with any option that provides credentials")
|
|
}
|
|
// Credentials should not appear with other options.
|
|
// We currently allow TokenSource and CredentialsFile to coexist.
|
|
// TODO(jba): make TokenSource & CredentialsFile an error (breaking change).
|
|
nCreds := 0
|
|
if ds.Credentials != nil {
|
|
nCreds++
|
|
}
|
|
if len(ds.CredentialsJSON) > 0 {
|
|
nCreds++
|
|
}
|
|
if ds.CredentialsFile != "" {
|
|
nCreds++
|
|
}
|
|
if ds.APIKey != "" {
|
|
nCreds++
|
|
}
|
|
if ds.TokenSource != nil {
|
|
nCreds++
|
|
}
|
|
if len(ds.Scopes) > 0 && len(ds.Audiences) > 0 {
|
|
return errors.New("WithScopes is incompatible with WithAudience")
|
|
}
|
|
// Accept only one form of credentials, except we allow TokenSource and CredentialsFile for backwards compatibility.
|
|
if nCreds > 1 && !(nCreds == 2 && ds.TokenSource != nil && ds.CredentialsFile != "") {
|
|
return errors.New("multiple credential options provided")
|
|
}
|
|
if ds.GRPCConn != nil && ds.GRPCConnPool != nil {
|
|
return errors.New("WithGRPCConn is incompatible with WithConnPool")
|
|
}
|
|
if ds.HTTPClient != nil && ds.GRPCConnPool != nil {
|
|
return errors.New("WithHTTPClient is incompatible with WithConnPool")
|
|
}
|
|
if ds.HTTPClient != nil && ds.GRPCConn != nil {
|
|
return errors.New("WithHTTPClient is incompatible with WithGRPCConn")
|
|
}
|
|
if ds.HTTPClient != nil && ds.GRPCDialOpts != nil {
|
|
return errors.New("WithHTTPClient is incompatible with gRPC dial options")
|
|
}
|
|
if ds.HTTPClient != nil && ds.QuotaProject != "" {
|
|
return errors.New("WithHTTPClient is incompatible with QuotaProject")
|
|
}
|
|
if ds.HTTPClient != nil && ds.RequestReason != "" {
|
|
return errors.New("WithHTTPClient is incompatible with RequestReason")
|
|
}
|
|
if ds.HTTPClient != nil && ds.ClientCertSource != nil {
|
|
return errors.New("WithHTTPClient is incompatible with WithClientCertSource")
|
|
}
|
|
if ds.ClientCertSource != nil && (ds.GRPCConn != nil || ds.GRPCConnPool != nil || ds.GRPCConnPoolSize != 0 || ds.GRPCDialOpts != nil) {
|
|
return errors.New("WithClientCertSource is currently only supported for HTTP. gRPC settings are incompatible")
|
|
}
|
|
if ds.ImpersonationConfig != nil && len(ds.ImpersonationConfig.Scopes) == 0 && len(ds.Scopes) == 0 {
|
|
return errors.New("WithImpersonatedCredentials requires scopes being provided")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// GetDefaultUniverseDomain returns the Google default universe domain
|
|
// ("googleapis.com").
|
|
func (ds *DialSettings) GetDefaultUniverseDomain() string {
|
|
return defaultUniverseDomain
|
|
}
|
|
|
|
// GetUniverseDomain returns the default service domain for a given Cloud
|
|
// universe, with the following precedence:
|
|
//
|
|
// 1. A non-empty option.WithUniverseDomain.
|
|
// 2. A non-empty environment variable GOOGLE_CLOUD_UNIVERSE_DOMAIN.
|
|
// 3. The default value "googleapis.com".
|
|
func (ds *DialSettings) GetUniverseDomain() string {
|
|
if ds.UniverseDomain != "" {
|
|
return ds.UniverseDomain
|
|
}
|
|
if envUD := os.Getenv(universeDomainEnvVar); envUD != "" {
|
|
return envUD
|
|
}
|
|
return defaultUniverseDomain
|
|
}
|
|
|
|
// IsUniverseDomainGDU returns true if the universe domain is the default Google
|
|
// universe ("googleapis.com").
|
|
func (ds *DialSettings) IsUniverseDomainGDU() bool {
|
|
return ds.GetUniverseDomain() == defaultUniverseDomain
|
|
}
|
|
|
|
// GetUniverseDomain returns the default service domain for a given Cloud
|
|
// universe, from google.Credentials, for comparison with the value returned by
|
|
// (*DialSettings).GetUniverseDomain. This wrapper function should be removed
|
|
// to close https://github.com/googleapis/google-api-go-client/issues/2399.
|
|
func GetUniverseDomain(creds *google.Credentials) (string, error) {
|
|
timer := time.NewTimer(time.Second)
|
|
defer timer.Stop()
|
|
errors := make(chan error)
|
|
results := make(chan string)
|
|
|
|
go func() {
|
|
result, err := creds.GetUniverseDomain()
|
|
if err != nil {
|
|
errors <- err
|
|
return
|
|
}
|
|
results <- result
|
|
}()
|
|
|
|
select {
|
|
case <-errors:
|
|
// An error that is returned before the timer expires is likely to be
|
|
// connection refused. Temporarily (2024-03-21) return the GDU domain.
|
|
return defaultUniverseDomain, nil
|
|
case res := <-results:
|
|
return res, nil
|
|
case <-timer.C: // Timer is expired.
|
|
// If err or res was not returned, it means that creds.GetUniverseDomain()
|
|
// did not complete in 1s. Assume that MDS is likely never responding to
|
|
// the endpoint and will timeout. This is the source of issues such as
|
|
// https://github.com/googleapis/google-cloud-go/issues/9350.
|
|
// Temporarily (2024-02-02) return the GDU domain. Restore the original
|
|
// calls to creds.GetUniverseDomain() in grpc/dial.go and http/dial.go
|
|
// and remove this method to close
|
|
// https://github.com/googleapis/google-api-go-client/issues/2399.
|
|
return defaultUniverseDomain, nil
|
|
}
|
|
}
|