1 package credentials
2 3 import (
4 "context"
5 "time"
6 )
7 8 // CredentialsToken represents a token with an associated expiration time for authentication purposes.
9 type CredentialsToken struct {
10 Token string
11 ExpiresAt time.Time
12 }
13 14 // CredentialsIdentity represents the identity type used for credential-based operations or authentication scenarios.
15 type CredentialsIdentity int
16 17 const (
18 // CredentialsIdentityUnknown represents an unknown credentials identity.
19 CredentialsIdentityUnknown CredentialsIdentity = iota
20 // CredentialsIdentityYandexPassportOauthToken represents a Yandex Passport OAuth Token identity.
21 CredentialsIdentityYandexPassportOauthToken
22 // CredentialsIdentityJWT represents a JWT identity.
23 CredentialsIdentityJWT
24 )
25 26 // CredentialsTokenRequest represents a request containing credentials-related identity and token.
27 type CredentialsTokenRequest struct {
28 Identity CredentialsIdentity
29 Token string
30 }
31 32 // Credentials is an abstraction of API authorization credentials.
33 // See https://cloud.yandex.ru/docs/iam/concepts/authorization/ for details.
34 // Note that functions that return Credentials may return different Credentials implementation
35 // in next SDK version, and this is not considered breaking change.
36 type Credentials interface {
37 // YandexCloudAPICredentials is a marker method. All compatible Credentials implementations have it
38 YandexCloudAPICredentials()
39 }
40 41 // ExchangeableCredentials can be exchanged for IAM Token in IAM Token Service, that can be used
42 // to authorize API calls.
43 // See https://cloud.yandex.ru/docs/iam/concepts/authorization/iam-token for details.
44 type ExchangeableCredentials interface {
45 Credentials
46 // IAMTokenRequest returns request for fresh IAM token or error.
47 IAMTokenRequest() (*CredentialsTokenRequest, error)
48 }
49 50 // NonExchangeableCredentials allows to get IAM Token without calling IAM Token Service.
51 type NonExchangeableCredentials interface {
52 Credentials
53 // IAMToken returns IAM Token.
54 IAMToken(ctx context.Context) (*CredentialsToken, error)
55 }
56 57 // exchangeableCredentialsFunc is a type representing a function that returns a CredentialsTokenRequest or an error.
58 type exchangeableCredentialsFunc func() (iamTokenReq *CredentialsTokenRequest, err error)
59 60 var _ ExchangeableCredentials = (exchangeableCredentialsFunc)(nil)
61 62 // YandexCloudAPICredentials retrieves API credentials for Yandex Cloud by invoking the exchangeableCredentialsFunc.
63 func (exchangeableCredentialsFunc) YandexCloudAPICredentials() {}
64 65 // IAMTokenRequest obtains a new IAM token request using the exchangeable credentials function.
66 func (f exchangeableCredentialsFunc) IAMTokenRequest() (iamTokenReq *CredentialsTokenRequest, err error) {
67 return f()
68 }
69