opensource/grpc-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check transport security when using oauth2-based credentials

Browse Source
This commit is contained in:
iamqizhao
2015-08-28 13:19:36 -07:00
parent 3b3b9b52cc
commit 87c361b5a5
4 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
credentials/credentials.go
View File

@ -65,6 +65,8 @@ type Credentials interface {
// TODO(zhaoq): Define the set of the qualified keys instead of leaving
// it as an arbitrary string.
GetRequestMetadata(ctx context.Context) (map[string]string, error)
// RequireTransport indicates whether the credentails requires transport security.
RequireTransportSecurity() bool
}
// ProtocolInfo provides information regarding the gRPC wire protocol version,
@ -141,6 +143,10 @@ func (c *tlsCreds) GetRequestMetadata(ctx context.Context) (map[string]string, e
return nil, nil
}
func (c *tlsCreds) RequireTransportSecurity() bool {
return true
}
type timeoutError struct{}
func (timeoutError) Error() string { return "credentials: Dial timed out" }

16
credentials/oauth/oauth.go
View File

@ -61,6 +61,10 @@ func (ts TokenSource) GetRequestMetadata(ctx context.Context) (map[string]string
}, nil
}
func (ts TokenSource) RequireTransportSecurity() bool {
return true
}
type jwtAccess struct {
ts oauth2.TokenSource
}
@ -91,6 +95,10 @@ func (j jwtAccess) GetRequestMetadata(ctx context.Context) (map[string]string, e
}, nil
}
func (ts jwtAccess) RequireTransportSecurity() bool {
return true
}
// oauthAccess supplies credentials from a given token.
type oauthAccess struct {
token oauth2.Token
@ -107,6 +115,10 @@ func (oa oauthAccess) GetRequestMetadata(ctx context.Context) (map[string]string
}, nil
}
func (oa jwtAccess) RequireTransportSecurity() bool {
return true
}
// NewComputeEngine constructs the credentials that fetches access tokens from
// Google Compute Engine (GCE)'s metadata server. It is only valid to use this
// if your program is running on a GCE instance.
@ -130,6 +142,10 @@ func (s serviceAccount) GetRequestMetadata(ctx context.Context) (map[string]stri
}, nil
}
func (s serviceAccount) RequireTransportSecurity() bool {
return true
}
// NewServiceAccountFromKey constructs the credentials using the JSON key slice
// from a Google Developers service account.
func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (credentials.Credentials, error) {