package internal

import "cloud.google.com/go/auth/internal"

Index

Constants 

const (
	// TokenTypeBearer is the auth header prefix for bearer tokens.
	TokenTypeBearer = "Bearer"

	// QuotaProjectEnvVar is the environment variable for setting the quota
	// project.
	QuotaProjectEnvVar = "GOOGLE_CLOUD_QUOTA_PROJECT"
	// UniverseDomainEnvVar is the environment variable for setting the default
	// service domain for a given Cloud universe.
	UniverseDomainEnvVar = "GOOGLE_CLOUD_UNIVERSE_DOMAIN"

	// DefaultUniverseDomain is the default value for universe domain.
	// Universe domain is the default service domain for a given Cloud universe.
	DefaultUniverseDomain = "googleapis.com"

	// TrustBoundaryNoOp is a constant indicating no trust boundary is enforced.
	TrustBoundaryNoOp = "0x0"

	// TrustBoundaryDataKey is the key used to store trust boundary data in a token's metadata.
	TrustBoundaryDataKey = "google.auth.trust_boundary_data"
)
const Version = "0.20.0"

Version is the current tagged release of the library.

Functions

func DefaultClient 

func DefaultClient() *http.Client

DefaultClient returns an http.Client with some defaults set. If the current http.DefaultTransport is a [clonableTransport], as is the case for an *http.Transport, the clone will be used. Otherwise the http.DefaultTransport is used directly.

func DoRequest 

func DoRequest(client *http.Client, req *http.Request) (*http.Response, []byte, error)

DoRequest executes the provided req with the client. It reads the response body, closes it, and returns it.

func FormatIAMServiceAccountResource 

func FormatIAMServiceAccountResource(name string) string

FormatIAMServiceAccountResource sets a service account name in an IAM resource name.

func GetProjectID 

func GetProjectID(b []byte, override string) string

GetProjectID retrieves project with precedence being: override, environment variable, creds json file.

func GetQuotaProject 

func GetQuotaProject(b []byte, override string) string

GetQuotaProject retrieves quota project with precedence being: override, environment variable, creds json file.

func ParseKey 

func ParseKey(key []byte) (crypto.Signer, error)

ParseKey converts the binary contents of a private key file to an crypto.Signer. It detects whether the private key is in a PEM container or not. If so, it extracts the the private key from PEM container before conversion. It only supports PEM containers with no passphrase.

func ReadAll 

func ReadAll(r io.Reader) ([]byte, error)

ReadAll consumes the whole reader and safely reads the content of its body with some overflow protection.

Types

type ComputeUniverseDomainProvider 

type ComputeUniverseDomainProvider struct {
	MetadataClient *metadata.Client
	// contains filtered or unexported fields
}

ComputeUniverseDomainProvider fetches the credentials universe domain from the google cloud metadata service.

func (*ComputeUniverseDomainProvider) GetProperty 

func (c *ComputeUniverseDomainProvider) GetProperty(ctx context.Context) (string, error)

GetProperty fetches the credentials universe domain from the google cloud metadata service.

type StaticProperty 

type StaticProperty string

StaticProperty always returns that value of the underlying string.

func StaticCredentialsProperty 

func StaticCredentialsProperty(s string) StaticProperty

StaticCredentialsProperty is a helper for creating static credentials properties.

func (StaticProperty) GetProperty 

func (p StaticProperty) GetProperty(context.Context) (string, error)

GetProperty loads the properly value provided the given context.

type TrustBoundaryData 

type TrustBoundaryData struct {
	// Locations is the list of locations that the token is allowed to be used in.
	Locations []string
	// EncodedLocations represents the locations in an encoded format.
	EncodedLocations string
}

TrustBoundaryData represents the trust boundary data associated with a token. It contains information about the regions or environments where the token is valid.

func NewNoOpTrustBoundaryData 

func NewNoOpTrustBoundaryData() *TrustBoundaryData

NewNoOpTrustBoundaryData returns a new TrustBoundaryData with no restrictions.

func NewTrustBoundaryData 

func NewTrustBoundaryData(locations []string, encodedLocations string) *TrustBoundaryData

NewTrustBoundaryData returns a new TrustBoundaryData with the specified locations and encoded locations.

func (TrustBoundaryData) TrustBoundaryHeader 

func (t TrustBoundaryData) TrustBoundaryHeader() (value string, present bool)

TrustBoundaryHeader returns the value for the x-allowed-locations header and a bool indicating if the header should be set. The return values are structured to handle three distinct states required by the backend: 1. Header not set: (value="", present=false) -> data is empty. 2. Header set to an empty string: (value="", present=true) -> data is a no-op. 3. Header set to a value: (value="...", present=true) -> data has locations.

Source Files

internal.go version.go

Directories

PathSynopsis
internal/compute
internal/credsfilePackage credsfile is meant to hide implementation details from the pubic surface of the detect package.
internal/jwt
internal/retry
internal/testutil
internal/testutil/testdnsPackage testdns is a light DNS client used for testings to avoid pulling in dependencies.
internal/testutil/testgcsPackage testgcs is a light GCS client used for testings to avoid pulling in dependencies.
internal/transportPackage transport provided internal helpers for the two transport packages (grpctransport and httptransport).
internal/transport/cert
internal/transport/cert/cmdtest_signer.go is a net/rpc server that listens on stdin/stdout, exposing mock methods for testing enterprise certificate proxy flow.
internal/transport/headers
internal/trustboundary
Version
v0.20.0 (latest)
Published
Apr 6, 2026
Platform
js/wasm
Imports
13 packages
Last checked
3 minutes ago

Tools for package owners.