mirror of https://github.com/docker/docs.git
115 lines
3.0 KiB
Go
115 lines
3.0 KiB
Go
// Copyright 2011 The goauth2 Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// This program makes a read only call to the Google Cloud Storage API,
|
|
// authenticated with OAuth2. A list of example APIs can be found at
|
|
// https://code.google.com/oauthplayground/
|
|
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"flag"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"code.google.com/p/goauth2/oauth/jwt"
|
|
)
|
|
|
|
const scope = "https://www.googleapis.com/auth/devstorage.read_only"
|
|
|
|
var (
|
|
secretsFile = flag.String("s", "", "JSON encoded secrets for the service account")
|
|
pemFile = flag.String("k", "", "private pem key file for the service account")
|
|
)
|
|
|
|
const usageMsg = `
|
|
You must specify -k and -s.
|
|
|
|
To obtain client secrets and pem, see the "OAuth 2 Credentials" section under
|
|
the "API Access" tab on this page: https://code.google.com/apis/console/
|
|
|
|
Google Cloud Storage must also be turned on in the API console.
|
|
`
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
|
|
if *secretsFile == "" || *pemFile == "" {
|
|
flag.Usage()
|
|
fmt.Println(usageMsg)
|
|
return
|
|
}
|
|
|
|
// Read the secret file bytes into the config.
|
|
secretBytes, err := ioutil.ReadFile(*secretsFile)
|
|
if err != nil {
|
|
log.Fatal("error reading secerets file:", err)
|
|
}
|
|
var config struct {
|
|
Web struct {
|
|
ClientEmail string `json:"client_email"`
|
|
ClientID string `json:"client_id"`
|
|
TokenURI string `json:"token_uri"`
|
|
}
|
|
}
|
|
err = json.Unmarshal(secretBytes, &config)
|
|
if err != nil {
|
|
log.Fatal("error unmarshalling secerets:", err)
|
|
}
|
|
|
|
// Get the project ID from the client ID.
|
|
projectID := strings.SplitN(config.Web.ClientID, "-", 2)[0]
|
|
|
|
// Read the pem file bytes for the private key.
|
|
keyBytes, err := ioutil.ReadFile(*pemFile)
|
|
if err != nil {
|
|
log.Fatal("error reading private key file:", err)
|
|
}
|
|
|
|
// Craft the ClaimSet and JWT token.
|
|
t := jwt.NewToken(config.Web.ClientEmail, scope, keyBytes)
|
|
t.ClaimSet.Aud = config.Web.TokenURI
|
|
|
|
// We need to provide a client.
|
|
c := &http.Client{}
|
|
|
|
// Get the access token.
|
|
o, err := t.Assert(c)
|
|
if err != nil {
|
|
log.Fatal("assertion error:", err)
|
|
}
|
|
|
|
// Refresh token will be missing, but this access_token will be good
|
|
// for one hour.
|
|
fmt.Printf("access_token = %v\n", o.AccessToken)
|
|
fmt.Printf("refresh_token = %v\n", o.RefreshToken)
|
|
fmt.Printf("expires %v\n", o.Expiry)
|
|
|
|
// Form the request to list Google Cloud Storage buckets.
|
|
req, err := http.NewRequest("GET", "https://storage.googleapis.com/", nil)
|
|
if err != nil {
|
|
log.Fatal("http.NewRequest:", err)
|
|
}
|
|
req.Header.Set("Authorization", "OAuth "+o.AccessToken)
|
|
req.Header.Set("x-goog-api-version", "2")
|
|
req.Header.Set("x-goog-project-id", projectID)
|
|
|
|
// Make the request.
|
|
r, err := c.Do(req)
|
|
if err != nil {
|
|
log.Fatal("API request error:", err)
|
|
}
|
|
defer r.Body.Close()
|
|
|
|
// Write the response to standard output.
|
|
res, err := ioutil.ReadAll(r.Body)
|
|
if err != nil {
|
|
log.Fatal("error reading API request results:", err)
|
|
}
|
|
fmt.Printf("\nRESULT:\n%s\n", res)
|
|
}
|