/* * Written in 2019 by Opsmate, Inc. * * To the extent possible under law, the author(s) have dedicated all * copyright and related and neighboring rights to this software to the * public domain worldwide. This software is distributed without any * warranty. * * You should have received a copy of the CC0 Public * Domain Dedication along with this software. If not, see * . */ package googlecloud import ( "golang.org/x/oauth2" "google.golang.org/api/iamcredentials/v1" "time" ) type IamCredentialsTokenSource struct { Service *iamcredentials.Service AccountEmail string Scopes []string } func (source *IamCredentialsTokenSource) Token() (*oauth2.Token, error) { service := iamcredentials.NewProjectsServiceAccountsService(source.Service) // see https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken // requires iam.serviceAccounts.getAccessToken permission response, err := service.GenerateAccessToken("projects/-/serviceAccounts/"+source.AccountEmail, &iamcredentials.GenerateAccessTokenRequest{Scope: source.Scopes}).Do() if err != nil { return nil, err } expiry, err := time.Parse(time.RFC3339, response.ExpireTime) if err != nil { return nil, err } return &oauth2.Token{ AccessToken: response.AccessToken, Expiry: expiry, }, nil }