(c Config, l cloudsql.Logger)
| 348 | } |
| 349 | |
| 350 | func credentialsOpt(c Config, l cloudsql.Logger) (cloudsqlconn.Option, error) { |
| 351 | // If service account impersonation is configured, set up an impersonated |
| 352 | // credentials token source. |
| 353 | if c.ImpersonationChain != "" { |
| 354 | var iopts []option.ClientOption |
| 355 | if c.UniverseDomain != "" { |
| 356 | iopts = append(iopts, option.WithUniverseDomain(c.UniverseDomain)) |
| 357 | } |
| 358 | switch { |
| 359 | case c.Token != "": |
| 360 | l.Infof("Impersonating service account with OAuth2 token") |
| 361 | iopts = append(iopts, option.WithTokenSource( |
| 362 | oauth2.StaticTokenSource(&oauth2.Token{AccessToken: c.Token}), |
| 363 | )) |
| 364 | case c.CredentialsFile != "": |
| 365 | l.Infof("Impersonating service account with the credentials file at %q", c.CredentialsFile) |
| 366 | iopts = append(iopts, option.WithAuthCredentialsFile(option.ServiceAccount, c.CredentialsFile)) |
| 367 | case c.CredentialsJSON != "": |
| 368 | l.Infof("Impersonating service account with JSON credentials environment variable") |
| 369 | iopts = append(iopts, option.WithAuthCredentialsJSON(option.ServiceAccount, []byte(c.CredentialsJSON))) |
| 370 | case c.GcloudAuth: |
| 371 | l.Infof("Impersonating service account with gcloud user credentials") |
| 372 | ts, err := gcloud.TokenSource() |
| 373 | if err != nil { |
| 374 | return nil, err |
| 375 | } |
| 376 | iopts = append(iopts, option.WithTokenSource(ts)) |
| 377 | default: |
| 378 | l.Infof("Impersonating service account with Application Default Credentials") |
| 379 | } |
| 380 | target, delegates := parseImpersonationChain(c.ImpersonationChain) |
| 381 | ts, err := impersonate.CredentialsTokenSource( |
| 382 | context.Background(), |
| 383 | impersonate.CredentialsConfig{ |
| 384 | TargetPrincipal: target, |
| 385 | Delegates: delegates, |
| 386 | Scopes: []string{sqladmin.SqlserviceAdminScope}, |
| 387 | }, |
| 388 | iopts..., |
| 389 | ) |
| 390 | if err != nil { |
| 391 | return nil, err |
| 392 | } |
| 393 | |
| 394 | if c.iamAuthNEnabled() { |
| 395 | iamLoginTS, err := impersonate.CredentialsTokenSource( |
| 396 | context.Background(), |
| 397 | impersonate.CredentialsConfig{ |
| 398 | TargetPrincipal: target, |
| 399 | Delegates: delegates, |
| 400 | Scopes: []string{iamLoginScope}, |
| 401 | }, |
| 402 | iopts..., |
| 403 | ) |
| 404 | if err != nil { |
| 405 | return nil, err |
| 406 | } |
| 407 | return cloudsqlconn.WithIAMAuthNTokenSources(ts, iamLoginTS), nil |
no test coverage detected