mirror of
https://github.com/restic/restic.git
synced 2025-12-22 23:26:26 +00:00
Update vendored library google.golang.org/api
This commit is contained in:
Alexander Neumann
78
vendor/google.golang.org/api/internal/creds.go
generated
vendored
78
vendor/google.golang.org/api/internal/creds.go
generated
vendored
@@ -15,90 +15,28 @@
|
||||
package internal
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"time"
|
||||
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/google"
|
||||
)
|
||||
|
||||
// Creds returns credential information obtained from DialSettings, or if none, then
|
||||
// it returns default credential information.
|
||||
func Creds(ctx context.Context, ds *DialSettings) (*google.DefaultCredentials, error) {
|
||||
if ds.Credentials != nil {
|
||||
return ds.Credentials, nil
|
||||
}
|
||||
if ds.CredentialsFile != "" {
|
||||
return credFileTokenSource(ctx, ds.CredentialsFile, ds.Scopes...)
|
||||
data, err := ioutil.ReadFile(ds.CredentialsFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot read credentials file: %v", err)
|
||||
}
|
||||
return google.CredentialsFromJSON(ctx, data, ds.Scopes...)
|
||||
}
|
||||
if ds.TokenSource != nil {
|
||||
return &google.DefaultCredentials{TokenSource: ds.TokenSource}, nil
|
||||
}
|
||||
return google.FindDefaultCredentials(ctx, ds.Scopes...)
|
||||
}
|
||||
|
||||
// credFileTokenSource reads a refresh token file or a service account and returns
|
||||
// a TokenSource constructed from the config.
|
||||
func credFileTokenSource(ctx context.Context, filename string, scope ...string) (*google.DefaultCredentials, error) {
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot read credentials file: %v", err)
|
||||
}
|
||||
// See if it is a refresh token credentials file first.
|
||||
ts, ok, err := refreshTokenTokenSource(ctx, data, scope...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ok {
|
||||
return &google.DefaultCredentials{
|
||||
TokenSource: ts,
|
||||
JSON: data,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// If not, it should be a service account.
|
||||
cfg, err := google.JWTConfigFromJSON(data, scope...)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("google.JWTConfigFromJSON: %v", err)
|
||||
}
|
||||
// jwt.Config does not expose the project ID, so re-unmarshal to get it.
|
||||
var pid struct {
|
||||
ProjectID string `json:"project_id"`
|
||||
}
|
||||
if err := json.Unmarshal(data, &pid); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &google.DefaultCredentials{
|
||||
ProjectID: pid.ProjectID,
|
||||
TokenSource: cfg.TokenSource(ctx),
|
||||
JSON: data,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func refreshTokenTokenSource(ctx context.Context, data []byte, scope ...string) (oauth2.TokenSource, bool, error) {
|
||||
var c cred
|
||||
if err := json.Unmarshal(data, &c); err != nil {
|
||||
return nil, false, fmt.Errorf("cannot unmarshal credentials file: %v", err)
|
||||
}
|
||||
if c.ClientID == "" || c.ClientSecret == "" || c.RefreshToken == "" || c.Type != "authorized_user" {
|
||||
return nil, false, nil
|
||||
}
|
||||
cfg := &oauth2.Config{
|
||||
ClientID: c.ClientID,
|
||||
ClientSecret: c.ClientSecret,
|
||||
Endpoint: google.Endpoint,
|
||||
RedirectURL: "urn:ietf:wg:oauth:2.0:oob",
|
||||
Scopes: scope,
|
||||
}
|
||||
return cfg.TokenSource(ctx, &oauth2.Token{
|
||||
RefreshToken: c.RefreshToken,
|
||||
Expiry: time.Now(),
|
||||
}), true, nil
|
||||
}
|
||||
|
||||
type cred struct {
|
||||
ClientID string `json:"client_id"`
|
||||
ClientSecret string `json:"client_secret"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
Type string `json:"type"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user