1 package credentials
2 3 import (
4 "fmt"
5 6 "github.com/golang/protobuf/proto"
7 "github.com/pkg/errors"
8 9 "github.com/yandex-cloud/go-sdk/v2/pkg/iamkey"
10 )
11 12 // UserAccountKey returns credentials for the given IAM Key. The key is used to sign JWT tokens.
13 // JWT tokens are exchanged for IAM Tokens used to authorize API calls.
14 //
15 // WARN: user account keys are not supported, and won't be supported for most users.
16 func UserAccountKey(key *iamkey.Key) (ExchangeableCredentials, error) {
17 userAccountID := key.GetUserAccountId()
18 if userAccountID == "" {
19 return nil, fmt.Errorf("key should de issued for user account, but subject is %#v", key.Subject)
20 }
21 22 // User account key usage is same as service account key.
23 key = proto.Clone(key).(*iamkey.Key)
24 key.Subject = &iamkey.Key_ServiceAccountId{ServiceAccountId: userAccountID}
25 26 return ServiceAccountKey(key)
27 }
28 29 func UserAccountKeyFile(keyFilePath string) (Credentials, error) {
30 key, err := iamkey.ReadFromJSONFile(keyFilePath)
31 if err != nil {
32 return nil, errors.WithMessagef(err, "Failed to load service account key from %s", keyFilePath)
33 }
34 35 return UserAccountKey(key)
36 }
37