Documentation
¶
Overview ¶
Package authentication provides a interface for IAM (Identity and Access Management) token operations in sdk services.
Core Interfaces:
The Authenticator interface defines the main contract for token operations:
type Authenticator interface {
CreateIAMToken(ctx context.Context) (IamToken, error)
CreateIAMTokenForServiceAccount(ctx context.Context, serviceAccountID string) (IamToken, error)
}
Usage Examples:
Creating an authenticator with endpoint:
auth, err := authentication.NewAuthenticatorFromEndpoint(credentials, endpoint)
if err != nil {
// handle error
}
// Generate token
token, err := auth.CreateIAMToken(ctx)
Creating an authenticator directly:
auth := authentication.NewAuthenticator(credentials, iamTokenClient) token, err := auth.CreateIAMToken(ctx)
Error Handling: The package uses AuthError type for detailed error reporting:
type AuthError struct {
Op string // Operation where error occurred
Err error // Underlying error
}
Credential Types: The authenticator supports two main types of credentials:
- ExchangeableCredentials: Credentials that can be exchanged for IAM tokens
- NonExchangeableCredentials: Credentials that directly provide IAM tokens
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface {
CreateIAMToken(ctx context.Context) (IamToken, error)
CreateIAMTokenForServiceAccount(ctx context.Context, serviceAccountID string) (IamToken, error)
}
Authenticator provides methods for generating IAM tokens for an authenticated entity or service account.
type AuthenticatorImpl ¶
type AuthenticatorImpl struct {
// contains filtered or unexported fields
}
AuthenticatorImpl provides functionality for generating and managing IAM tokens using supplied credentials and IAM client.
func NewAuthenticator ¶
func NewAuthenticator(logger *zap.Logger, creds credentials.Credentials, iamTokenClient iamsdk.IamTokenClient) *AuthenticatorImpl
NewAuthenticator creates and returns a new instance of AuthenticatorImpl using the provided credentials and IamTokenClient.
func NewAuthenticatorFromEndpoint ¶
func NewAuthenticatorFromEndpoint(logger *zap.Logger, creds credentials.Credentials, endpoint *endpoints.Endpoint) (*AuthenticatorImpl, error)
NewAuthenticatorFromEndpoint creates a new AuthenticatorImpl using provided credentials and endpoint configuration. Returns the constructed AuthenticatorImpl instance or an error if the connector initialization fails. The IAM token client gets the requestid interceptor so token-creation failures carry x-request-id / x-server-trace-id all the way up to error reporting, and the grpcdebug interceptor so the call is logged when the supplied logger is at Debug level (i.e. when --debug is on).
func (*AuthenticatorImpl) CreateIAMToken ¶
func (a *AuthenticatorImpl) CreateIAMToken(ctx context.Context) (IamToken, error)
CreateIAMToken generates an IAM token using the provided credentials in the `AuthenticatorImpl` instance.
func (*AuthenticatorImpl) CreateIAMTokenForServiceAccount ¶
func (a *AuthenticatorImpl) CreateIAMTokenForServiceAccount(ctx context.Context, serviceAccountID string) (IamToken, error)
CreateIAMTokenForServiceAccount generates a new IAM token for the provided service account ID using the IAM token client.
type IamToken ¶
IamToken represents an interface for accessing an IAM token and its expiry information. GetIamToken retrieves the IAM token string. GetExpiresAt returns the expiration time of the IAM token.
type IamTokenImpl ¶
IamTokenImpl is an implementation of the IamToken interface, representing an IAM token with its value and expiration time.
func (*IamTokenImpl) GetExpiresAt ¶
func (token *IamTokenImpl) GetExpiresAt() time.Time
GetExpiresAt returns the expiration time of the IAM token as a time.Time value.
func (*IamTokenImpl) GetIamToken ¶
func (token *IamTokenImpl) GetIamToken() string
GetIamToken returns the IAM token stored in the IamTokenImpl instance.