MCPcopy Index your code
hub / github.com/GoogleCloudPlatform/cloud-sql-proxy / credentialsOpt

Function credentialsOpt

internal/proxy/proxy.go:350–443  ·  view source on GitHub ↗
(c Config, l cloudsql.Logger)

Source from the content-addressed store, hash-verified

348}
349
350func credentialsOpt(c Config, l cloudsql.Logger) (cloudsqlconn.Option, error) {
351 // If service account impersonation is configured, set up an impersonated
352 // credentials token source.
353 if c.ImpersonationChain != "" {
354 var iopts []option.ClientOption
355 if c.UniverseDomain != "" {
356 iopts = append(iopts, option.WithUniverseDomain(c.UniverseDomain))
357 }
358 switch {
359 case c.Token != "":
360 l.Infof("Impersonating service account with OAuth2 token")
361 iopts = append(iopts, option.WithTokenSource(
362 oauth2.StaticTokenSource(&oauth2.Token{AccessToken: c.Token}),
363 ))
364 case c.CredentialsFile != "":
365 l.Infof("Impersonating service account with the credentials file at %q", c.CredentialsFile)
366 iopts = append(iopts, option.WithAuthCredentialsFile(option.ServiceAccount, c.CredentialsFile))
367 case c.CredentialsJSON != "":
368 l.Infof("Impersonating service account with JSON credentials environment variable")
369 iopts = append(iopts, option.WithAuthCredentialsJSON(option.ServiceAccount, []byte(c.CredentialsJSON)))
370 case c.GcloudAuth:
371 l.Infof("Impersonating service account with gcloud user credentials")
372 ts, err := gcloud.TokenSource()
373 if err != nil {
374 return nil, err
375 }
376 iopts = append(iopts, option.WithTokenSource(ts))
377 default:
378 l.Infof("Impersonating service account with Application Default Credentials")
379 }
380 target, delegates := parseImpersonationChain(c.ImpersonationChain)
381 ts, err := impersonate.CredentialsTokenSource(
382 context.Background(),
383 impersonate.CredentialsConfig{
384 TargetPrincipal: target,
385 Delegates: delegates,
386 Scopes: []string{sqladmin.SqlserviceAdminScope},
387 },
388 iopts...,
389 )
390 if err != nil {
391 return nil, err
392 }
393
394 if c.iamAuthNEnabled() {
395 iamLoginTS, err := impersonate.CredentialsTokenSource(
396 context.Background(),
397 impersonate.CredentialsConfig{
398 TargetPrincipal: target,
399 Delegates: delegates,
400 Scopes: []string{iamLoginScope},
401 },
402 iopts...,
403 )
404 if err != nil {
405 return nil, err
406 }
407 return cloudsqlconn.WithIAMAuthNTokenSources(ts, iamLoginTS), nil

Callers 1

DialerOptionsMethod · 0.85

Calls 4

TokenSourceFunction · 0.92
parseImpersonationChainFunction · 0.85
iamAuthNEnabledMethod · 0.80
InfofMethod · 0.65

Tested by

no test coverage detected