opensource/grpc-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove OAuth support from credentials

Browse Source 
Fixes #219.
This commit is contained in:
Tamir Duberstein
2015-06-08 20:09:48 -04:00
parent d286668e51
commit aeca1aff71
3 changed files with 5 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
credentials/credentials.go
View File

@ -47,9 +47,6 @@ import (
"time" "time"
"golang.org/x/net/context" "golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"golang.org/x/oauth2/jwt"
) )
var ( var (
@ -199,72 +196,3 @@ func NewServerTLSFromFile(certFile, keyFile string) (TransportAuthenticator, err
} }
return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil
} }
// TokenSource supplies credentials from an oauth2.TokenSource.
type TokenSource struct {
oauth2.TokenSource
}
// GetRequestMetadata gets the request metadata as a map from a TokenSource.
func (ts TokenSource) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
token, err := ts.Token()
if err != nil {
return nil, err
}
return map[string]string{
"authorization": token.TokenType + " " + token.AccessToken,
}, nil
}
// NewComputeEngine constructs the credentials that fetches access tokens from
// Google Compute Engine (GCE)'s metadata server. It is only valid to use this
// if your program is running on a GCE instance.
// TODO(dsymonds): Deprecate and remove this.
func NewComputeEngine() Credentials {
return TokenSource{google.ComputeTokenSource("")}
}
// serviceAccount represents credentials via JWT signing key.
type serviceAccount struct {
config *jwt.Config
}
func (s serviceAccount) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
token, err := s.config.TokenSource(ctx).Token()
if err != nil {
return nil, err
}
return map[string]string{
"authorization": token.TokenType + " " + token.AccessToken,
}, nil
}
// NewServiceAccountFromKey constructs the credentials using the JSON key slice
// from a Google Developers service account.
func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (Credentials, error) {
config, err := google.JWTConfigFromJSON(jsonKey, scope...)
if err != nil {
return nil, err
}
return serviceAccount{config: config}, nil
}
// NewServiceAccountFromFile constructs the credentials using the JSON key file
// of a Google Developers service account.
func NewServiceAccountFromFile(keyFile string, scope ...string) (Credentials, error) {
jsonKey, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
}
return NewServiceAccountFromKey(jsonKey, scope...)
}
// NewApplicationDefault returns "Application Default Credentials". For more
// detail, see https://developers.google.com/accounts/docs/application-default-credentials.
func NewApplicationDefault(ctx context.Context, scope ...string) (Credentials, error) {
t, err := google.DefaultTokenSource(ctx, scope...)
if err != nil {
return nil, err
}
return TokenSource{t}, nil
}

4
grpc-auth-support.md
View File

@ -26,13 +26,13 @@ server.Serve(lis)
## Google Compute Engine (GCE) ## Google Compute Engine (GCE)
```Go ```Go
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(credentials.NewComputeEngine()))) conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(oauth.NewComputeEngine())))
``` ```
## JWT ## JWT
```Go ```Go
jwtCreds, err := credentials.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope) jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
if err != nil { if err != nil {
log.Fatalf("Failed to create JWT credentials: %v", err) log.Fatalf("Failed to create JWT credentials: %v", err)
} }

5
interop/client/client.go
View File

@ -46,6 +46,7 @@ import (
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/codes" "google.golang.org/grpc/codes"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/credentials/oauth"
"google.golang.org/grpc/grpclog" "google.golang.org/grpc/grpclog"
testpb "google.golang.org/grpc/interop/grpc_testing" testpb "google.golang.org/grpc/interop/grpc_testing"
"google.golang.org/grpc/metadata" "google.golang.org/grpc/metadata"
@ -373,9 +374,9 @@ func main() {
} }
opts = append(opts, grpc.WithTransportCredentials(creds)) opts = append(opts, grpc.WithTransportCredentials(creds))
if *testCase == "compute_engine_creds" { if *testCase == "compute_engine_creds" {
opts = append(opts, grpc.WithPerRPCCredentials(credentials.NewComputeEngine())) opts = append(opts, grpc.WithPerRPCCredentials(oauth.NewComputeEngine()))
} else if *testCase == "service_account_creds" { } else if *testCase == "service_account_creds" {
jwtCreds, err := credentials.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope) jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
if err != nil { if err != nil {
grpclog.Fatalf("Failed to create JWT credentials: %v", err) grpclog.Fatalf("Failed to create JWT credentials: %v", err)
} }