refactor(auth): move things around and rename (#9621)

- rename package internaldetect to creds - move downscope, idtoken, and impersonate under credentials
googleapis · Mar 20, 2024 · 26c7ce1 · 26c7ce1
1 parent 2db8671
commit 26c7ce1
Show file tree

Hide file tree

Showing 43 changed files with 121 additions and 121 deletions.
diff --git a/auth/credentials/detect.go b/auth/credentials/detect.go
@@ -25,7 +25,7 @@ import (
 
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
  "cloud.google.com/go/compute/metadata"
 )
 
@@ -76,13 +76,13 @@ func DetectDefault(opts *DetectOptions) (*auth.Credentials, error) {
  if opts.CredentialsJSON != nil {
  return readCredentialsFileJSON(opts.CredentialsJSON, opts)
  }
- if filename := internaldetect.GetFileNameFromEnv(opts.CredentialsFile); filename != "" {
+ if filename := credsfile.GetFileNameFromEnv(opts.CredentialsFile); filename != "" {
  if creds, err := readCredentialsFile(filename, opts); err == nil {
  return creds, err
  }
  }
 
- fileName := internaldetect.GetWellKnownFileName()
+ fileName := credsfile.GetWellKnownFileName()
  if b, err := os.ReadFile(fileName); err == nil {
  return readCredentialsFileJSON(b, opts)
  }
@@ -207,8 +207,8 @@ func readCredentialsFileJSON(b []byte, opts *DetectOptions) (*auth.Credentials,
 }
 
 func clientCredConfigFromJSON(b []byte, opts *DetectOptions) *auth.Options3LO {
- var creds internaldetect.ClientCredentialsFile
- var c *internaldetect.Config3LO
+ var creds credsfile.ClientCredentialsFile
+ var c *credsfile.Config3LO
  if err := json.Unmarshal(b, &creds); err != nil {
  return nil
  }

diff --git a/auth/credentials/detect_test.go b/auth/credentials/detect_test.go
@@ -29,7 +29,7 @@ import (
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/credentials/internal/gdch"
  "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
  "cloud.google.com/go/auth/internal/jwt"
 )
 
@@ -46,7 +46,7 @@ func TestDefaultCredentials_GdchServiceAccountKey(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseGDCHServiceAccount(b)
+ f, err := credsfile.ParseGDCHServiceAccount(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -155,7 +155,7 @@ func TestDefaultCredentials_ImpersonatedServiceAccountKey(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseImpersonatedServiceAccount(b)
+ f, err := credsfile.ParseImpersonatedServiceAccount(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -306,7 +306,7 @@ func TestDefaultCredentials_ServiceAccountKey(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseServiceAccount(b)
+ f, err := credsfile.ParseServiceAccount(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -456,7 +456,7 @@ func TestDefaultCredentials_ClientCredentials(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseClientCredentials(b)
+ f, err := credsfile.ParseClientCredentials(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -523,7 +523,7 @@ func TestDefaultCredentials_ExternalAccountKey(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseExternalAccount(b)
+ f, err := credsfile.ParseExternalAccount(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -612,7 +612,7 @@ func TestDefaultCredentials_ExternalAccountAuthorizedUserKey(t *testing.T) {
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseExternalAccountAuthorizedUser(b)
+ f, err := credsfile.ParseExternalAccountAuthorizedUser(b)
  if err != nil {
  t.Fatal(err)
  }

diff --git a/auth/downscope/doc.go → auth/credentials/downscope/doc.go b/auth/downscope/doc.go → auth/credentials/downscope/doc.go
diff --git a/auth/downscope/downscope.go → auth/credentials/downscope/downscope.go b/auth/downscope/downscope.go → auth/credentials/downscope/downscope.go
diff --git a/auth/downscope/downscope_test.go → auth/credentials/downscope/downscope_test.go b/auth/downscope/downscope_test.go → auth/credentials/downscope/downscope_test.go
diff --git a/auth/downscope/example_test.go → auth/credentials/downscope/example_test.go b/auth/downscope/example_test.go → auth/credentials/downscope/example_test.go
@@ -19,7 +19,7 @@ import (
  "fmt"
 
  "cloud.google.com/go/auth/credentials"
- "cloud.google.com/go/auth/downscope"
+ "cloud.google.com/go/auth/credentials/downscope"
 )
 
 func ExampleNewCredentials() {

diff --git a/auth/downscope/integration_test.go → ...credentials/downscope/integration_test.go b/auth/downscope/integration_test.go → ...credentials/downscope/integration_test.go
@@ -24,7 +24,7 @@ import (
 
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/credentials"
- "cloud.google.com/go/auth/downscope"
+ "cloud.google.com/go/auth/credentials/downscope"
  "cloud.google.com/go/auth/internal/testutil"
  "cloud.google.com/go/auth/internal/testutil/testgcs"
 )

diff --git a/auth/credentials/filetypes.go b/auth/credentials/filetypes.go
@@ -24,20 +24,20 @@ import (
  "cloud.google.com/go/auth/credentials/internal/gdch"
  "cloud.google.com/go/auth/credentials/internal/impersonate"
  internalauth "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
 )
 
 func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
- fileType, err := internaldetect.ParseFileType(b)
+ fileType, err := credsfile.ParseFileType(b)
  if err != nil {
  return nil, err
  }
 
  var projectID, quotaProjectID, universeDomain string
  var tp auth.TokenProvider
  switch fileType {
- case internaldetect.ServiceAccountKey:
- f, err := internaldetect.ParseServiceAccount(b)
+ case credsfile.ServiceAccountKey:
+ f, err := credsfile.ParseServiceAccount(b)
  if err != nil {
  return nil, err
  }
@@ -47,8 +47,8 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  }
  projectID = f.ProjectID
  universeDomain = f.UniverseDomain
- case internaldetect.UserCredentialsKey:
- f, err := internaldetect.ParseUserCredentials(b)
+ case credsfile.UserCredentialsKey:
+ f, err := credsfile.ParseUserCredentials(b)
  if err != nil {
  return nil, err
  }
@@ -57,8 +57,8 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  return nil, err
  }
  quotaProjectID = f.QuotaProjectID
- case internaldetect.ExternalAccountKey:
- f, err := internaldetect.ParseExternalAccount(b)
+ case credsfile.ExternalAccountKey:
+ f, err := credsfile.ParseExternalAccount(b)
  if err != nil {
  return nil, err
  }
@@ -68,8 +68,8 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  }
  quotaProjectID = f.QuotaProjectID
  universeDomain = f.UniverseDomain
- case internaldetect.ExternalAccountAuthorizedUserKey:
- f, err := internaldetect.ParseExternalAccountAuthorizedUser(b)
+ case credsfile.ExternalAccountAuthorizedUserKey:
+ f, err := credsfile.ParseExternalAccountAuthorizedUser(b)
  if err != nil {
  return nil, err
  }
@@ -78,8 +78,8 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  return nil, err
  }
  quotaProjectID = f.QuotaProjectID
- case internaldetect.ImpersonatedServiceAccountKey:
- f, err := internaldetect.ParseImpersonatedServiceAccount(b)
+ case credsfile.ImpersonatedServiceAccountKey:
+ f, err := credsfile.ParseImpersonatedServiceAccount(b)
  if err != nil {
  return nil, err
  }
@@ -88,8 +88,8 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  return nil, err
  }
  universeDomain = f.UniverseDomain
- case internaldetect.GDCHServiceAccountKey:
- f, err := internaldetect.ParseGDCHServiceAccount(b)
+ case credsfile.GDCHServiceAccountKey:
+ f, err := credsfile.ParseGDCHServiceAccount(b)
  if err != nil {
  return nil, err
  }
@@ -115,7 +115,7 @@ func fileCredentials(b []byte, opts *DetectOptions) (*auth.Credentials, error) {
  }), nil
 }
 
-func handleServiceAccount(f *internaldetect.ServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleServiceAccount(f *credsfile.ServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
  if opts.UseSelfSignedJWT {
  return configureSelfSignedJWT(f, opts)
  }
@@ -133,7 +133,7 @@ func handleServiceAccount(f *internaldetect.ServiceAccountFile, opts *DetectOpti
  return auth.New2LOTokenProvider(opts2LO)
 }
 
-func handleUserCredential(f *internaldetect.UserCredentialsFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleUserCredential(f *credsfile.UserCredentialsFile, opts *DetectOptions) (auth.TokenProvider, error) {
  opts3LO := &auth.Options3LO{
  ClientID: f.ClientID,
  ClientSecret: f.ClientSecret,
@@ -147,7 +147,7 @@ func handleUserCredential(f *internaldetect.UserCredentialsFile, opts *DetectOpt
  return auth.New3LOTokenProvider(opts3LO)
 }
 
-func handleExternalAccount(f *internaldetect.ExternalAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleExternalAccount(f *credsfile.ExternalAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
  externalOpts := &externalaccount.Options{
  Audience: f.Audience,
  SubjectTokenType: f.SubjectTokenType,
@@ -166,7 +166,7 @@ func handleExternalAccount(f *internaldetect.ExternalAccountFile, opts *DetectOp
  return externalaccount.NewTokenProvider(externalOpts)
 }
 
-func handleExternalAccountAuthorizedUser(f *internaldetect.ExternalAccountAuthorizedUserFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleExternalAccountAuthorizedUser(f *credsfile.ExternalAccountAuthorizedUserFile, opts *DetectOptions) (auth.TokenProvider, error) {
  externalOpts := &externalaccountuser.Options{
  Audience: f.Audience,
  RefreshToken: f.RefreshToken,
@@ -180,7 +180,7 @@ func handleExternalAccountAuthorizedUser(f *internaldetect.ExternalAccountAuthor
  return externalaccountuser.NewTokenProvider(externalOpts)
 }
 
-func handleImpersonatedServiceAccount(f *internaldetect.ImpersonatedServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleImpersonatedServiceAccount(f *credsfile.ImpersonatedServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
  if f.ServiceAccountImpersonationURL == "" || f.CredSource == nil {
  return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials")
  }
@@ -198,7 +198,7 @@ func handleImpersonatedServiceAccount(f *internaldetect.ImpersonatedServiceAccou
  })
 }
 
-func handleGDCHServiceAccount(f *internaldetect.GDCHServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
+func handleGDCHServiceAccount(f *credsfile.GDCHServiceAccountFile, opts *DetectOptions) (auth.TokenProvider, error) {
  return gdch.NewTokenProvider(f, &gdch.Options{
  STSAudience: opts.STSAudience,
  Client: opts.client(),

diff --git a/auth/idtoken/cache.go → auth/credentials/idtoken/cache.go b/auth/idtoken/cache.go → auth/credentials/idtoken/cache.go
diff --git a/auth/idtoken/cache_test.go → auth/credentials/idtoken/cache_test.go b/auth/idtoken/cache_test.go → auth/credentials/idtoken/cache_test.go
diff --git a/auth/idtoken/compute.go → auth/credentials/idtoken/compute.go b/auth/idtoken/compute.go → auth/credentials/idtoken/compute.go
diff --git a/auth/idtoken/compute_test.go → auth/credentials/idtoken/compute_test.go b/auth/idtoken/compute_test.go → auth/credentials/idtoken/compute_test.go
diff --git a/auth/idtoken/examples_test.go → auth/credentials/idtoken/examples_test.go b/auth/idtoken/examples_test.go → auth/credentials/idtoken/examples_test.go
@@ -18,8 +18,8 @@ import (
  "context"
  "net/http"
 
+ "cloud.google.com/go/auth/credentials/idtoken"
  "cloud.google.com/go/auth/httptransport"
- "cloud.google.com/go/auth/idtoken"
 )
 
 func ExampleNewCredentials_setAuthorizationHeader() {

diff --git a/auth/idtoken/file.go → auth/credentials/idtoken/file.go b/auth/idtoken/file.go → auth/credentials/idtoken/file.go
@@ -22,9 +22,9 @@ import (
 
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/credentials"
- "cloud.google.com/go/auth/impersonate"
+ "cloud.google.com/go/auth/credentials/impersonate"
  "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
 )
 
 const (
@@ -40,13 +40,13 @@ var (
 )
 
 func credsFromBytes(b []byte, opts *Options) (*auth.Credentials, error) {
- t, err := internaldetect.ParseFileType(b)
+ t, err := credsfile.ParseFileType(b)
  if err != nil {
  return nil, err
  }
  switch t {
- case internaldetect.ServiceAccountKey:
- f, err := internaldetect.ParseServiceAccount(b)
+ case credsfile.ServiceAccountKey:
+ f, err := credsfile.ParseServiceAccount(b)
  if err != nil {
  return nil, err
  }
@@ -82,7 +82,7 @@ func credsFromBytes(b []byte, opts *Options) (*auth.Credentials, error) {
  ProjectIDProvider: internal.StaticCredentialsProperty(f.ProjectID),
  UniverseDomainProvider: internal.StaticCredentialsProperty(f.UniverseDomain),
  }), nil
- case internaldetect.ImpersonatedServiceAccountKey, internaldetect.ExternalAccountKey:
+ case credsfile.ImpersonatedServiceAccountKey, credsfile.ExternalAccountKey:
  type url struct {
  ServiceAccountImpersonationURL string `json:"service_account_impersonation_url"`
  }

diff --git a/auth/idtoken/idtoken.go → auth/credentials/idtoken/idtoken.go b/auth/idtoken/idtoken.go → auth/credentials/idtoken/idtoken.go
@@ -22,7 +22,7 @@ import (
 
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
  "cloud.google.com/go/compute/metadata"
 )
 
@@ -111,7 +111,7 @@ func (o *Options) jsonBytes() []byte {
  if o != nil {
  fnOverride = o.CredentialsFile
  }
- filename := internaldetect.GetFileNameFromEnv(fnOverride)
+ filename := credsfile.GetFileNameFromEnv(fnOverride)
  if filename != "" {
  b, _ := os.ReadFile(filename)
  return b

diff --git a/auth/idtoken/idtoken_test.go → auth/credentials/idtoken/idtoken_test.go b/auth/idtoken/idtoken_test.go → auth/credentials/idtoken/idtoken_test.go
@@ -24,16 +24,16 @@ import (
  "testing"
 
  "cloud.google.com/go/auth/internal"
- "cloud.google.com/go/auth/internal/internaldetect"
+ "cloud.google.com/go/auth/internal/credsfile"
 )
 
 func TestNewCredentials_ServiceAccount(t *testing.T) {
  wantTok, _ := createRS256JWT(t)
- b, err := os.ReadFile("../internal/testdata/sa.json")
+ b, err := os.ReadFile("../../internal/testdata/sa.json")
  if err != nil {
  t.Fatal(err)
  }
- f, err := internaldetect.ParseServiceAccount(b)
+ f, err := credsfile.ParseServiceAccount(b)
  if err != nil {
  t.Fatal(err)
  }
@@ -87,7 +87,7 @@ func TestNewCredentials_ImpersonatedServiceAccount(t *testing.T) {
  }
  creds, err := NewCredentials(&Options{
  Audience: "aud",
- CredentialsFile: "../internal/testdata/imp.json",
+ CredentialsFile: "../../internal/testdata/imp.json",
  CustomClaims: map[string]interface{}{
  "foo": "bar",
  },

diff --git a/auth/idtoken/integration_test.go → auth/credentials/idtoken/integration_test.go b/auth/idtoken/integration_test.go → auth/credentials/idtoken/integration_test.go
@@ -22,8 +22,8 @@ import (
  "strings"
  "testing"
 
+ "cloud.google.com/go/auth/credentials/idtoken"
  "cloud.google.com/go/auth/httptransport"
- "cloud.google.com/go/auth/idtoken"
  "cloud.google.com/go/auth/internal/testutil"
 )
 

diff --git a/auth/idtoken/validate.go → auth/credentials/idtoken/validate.go b/auth/idtoken/validate.go → auth/credentials/idtoken/validate.go
diff --git a/auth/idtoken/validate_test.go → auth/credentials/idtoken/validate_test.go b/auth/idtoken/validate_test.go → auth/credentials/idtoken/validate_test.go
diff --git a/auth/impersonate/doc.go → auth/credentials/impersonate/doc.go b/auth/impersonate/doc.go → auth/credentials/impersonate/doc.go
diff --git a/auth/impersonate/example_test.go → auth/credentials/impersonate/example_test.go b/auth/impersonate/example_test.go → auth/credentials/impersonate/example_test.go
@@ -17,8 +17,8 @@ package impersonate_test
 import (
  "log"
 
+ "cloud.google.com/go/auth/credentials/impersonate"
  "cloud.google.com/go/auth/httptransport"
- "cloud.google.com/go/auth/impersonate"
 )
 
 func ExampleNewCredentials_serviceAccount() {

diff --git a/auth/impersonate/idtoken.go → auth/credentials/impersonate/idtoken.go b/auth/impersonate/idtoken.go → auth/credentials/impersonate/idtoken.go
diff --git a/auth/impersonate/idtoken_test.go → auth/credentials/impersonate/idtoken_test.go b/auth/impersonate/idtoken_test.go → auth/credentials/impersonate/idtoken_test.go
diff --git a/auth/impersonate/impersonate.go → auth/credentials/impersonate/impersonate.go b/auth/impersonate/impersonate.go → auth/credentials/impersonate/impersonate.go
diff --git a/auth/impersonate/impersonate_test.go → ...edentials/impersonate/impersonate_test.go b/auth/impersonate/impersonate_test.go → ...edentials/impersonate/impersonate_test.go
diff --git a/auth/impersonate/integration_test.go → ...edentials/impersonate/integration_test.go b/auth/impersonate/integration_test.go → ...edentials/impersonate/integration_test.go
@@ -26,8 +26,8 @@ import (
 
  "cloud.google.com/go/auth"
  "cloud.google.com/go/auth/credentials"
- "cloud.google.com/go/auth/idtoken"
- "cloud.google.com/go/auth/impersonate"
+ "cloud.google.com/go/auth/credentials/idtoken"
+ "cloud.google.com/go/auth/credentials/impersonate"
  "cloud.google.com/go/auth/internal/testutil"
  "cloud.google.com/go/auth/internal/testutil/testgcs"
 )

diff --git a/auth/impersonate/user.go → auth/credentials/impersonate/user.go b/auth/impersonate/user.go → auth/credentials/impersonate/user.go
diff --git a/auth/impersonate/user_test.go → auth/credentials/impersonate/user_test.go b/auth/impersonate/user_test.go → auth/credentials/impersonate/user_test.go