commit | e2970972c24a1258079d97e3dc556e368c8b9eda | [log] [tgz] |
---|---|---|
author | Andy Zhao <andyzhao@google.com> | Fri Feb 14 14:44:26 2020 -0800 |
committer | Chris Broadfoot <cbro@google.com> | Mon Feb 24 21:11:22 2020 +0000 |
tree | c98c6fdc6ec800192e5746d2c702c76dd47c6d96 | |
parent | f1e270a6d2a7f3a5cee678d1358d1b8dd755063e [diff] |
transport/http: add Application Default Credentials support for DCA/mTLS The overall ADC logic for mTLS is as follows: 1. If both endpoint override and client certificate are specified, use them as is. 2. If user does not specify client certificate, we will attempt to use default client certificate. 3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if client certificate is available and defaultEndpoint otherwise. Implications of the above logic: 1. If the user specifies a non-mTLS endpoint override but client certificate is available, we will pass along the cert anyway and let the server decide what to do. 2. If the user specifies an mTLS endpoint override but client certificate is not available, we will not fail-fast, but let backend throw error when connecting. We would like to avoid introducing client-side logic that parses whether the endpoint override is an mTLS url, since the url pattern may change at anytime. Change-Id: Ic0492ae2a8d96a775add1bfbebfa228b3193a560 Reviewed-on: https://code-review.googlesource.com/c/google-api-go-client/+/52010 Reviewed-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Chris Broadfoot <cbro@google.com>
$ go get google.golang.org/api/tasks/v1 $ go get google.golang.org/api/moderator/v1 $ go get google.golang.org/api/urlshortener/v1 ... etc ...
and using:
package main import ( "net/http" "google.golang.org/api/urlshortener/v1" ) func main() { svc, err := urlshortener.New(http.DefaultClient) // ... }
These are auto-generated Go libraries from the Google Discovery Service's JSON description files of the available “new style” Google APIs.
Due to the auto-generated nature of this collection of libraries, complete APIs or specific versions can appear or go away without notice. As a result, you should always locally vendor any API(s) that your code relies upon.
These client libraries are officially supported by Google. However, the libraries are considered complete and are in maintenance mode. This means that we will address critical bugs and security issues but will not add any new features.
If you're working with Google Cloud Platform APIs such as Datastore or Pub/Sub, consider using the Cloud Client Libraries for Go instead. These are the new and idiomatic Go libraries targeted specifically at Google Cloud Platform Services.
The generator itself and the code it produces are beta. Some APIs are alpha/beta, and indicated as such in the import path (e.g., “google.golang.org/api/someapi/v1alpha”).
Application Default Credentials provide a simplified way to obtain credentials for authenticating with Google APIs.
The Application Default Credentials authenticate as the application itself, which make them great for working with Google Cloud APIs like Storage or Datastore. They are the recommended form of authentication when building applications that run on Google Compute Engine or Google App Engine.
Default credentials are provided by the golang.org/x/oauth2/google
package. To use them, add the following import:
import "golang.org/x/oauth2/google"
Some credentials types require you to specify scopes, and service entry points may not inject them. If you encounter this situation you may need to specify scopes as follows:
import ( "context" "golang.org/x/oauth2/google" "google.golang.org/api/compute/v1" ) func main() { // Use oauth2.NoContext if there isn't a good context to pass in. ctx := context.Background() client, err := google.DefaultClient(ctx, compute.ComputeScope) if err != nil { //... } computeService, err := compute.New(client) if err != nil { //... } }
If you need a oauth2.TokenSource
, use the DefaultTokenSource
function:
ts, err := google.DefaultTokenSource(ctx, scope1, scope2, ...) if err != nil { //... } client := oauth2.NewClient(ctx, ts)
See also: golang.org/x/oauth2/google package documentation.