-
Notifications
You must be signed in to change notification settings - Fork 4
/
serviceprincipal.go
52 lines (42 loc) · 1.47 KB
/
serviceprincipal.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package tokencache
import (
"fmt"
"log"
"golang.org/x/oauth2"
)
const sourceTypeServicePrincipal = sourceType("service-principal")
// NewServicePrincipalTokenSource will create a token source that caches service principal tokens. The tokens will be
// cached under `service-principals` in the cache file.
func NewServicePrincipalTokenSource(
cacheFile string,
clientID string,
oauthTokenSource oauth2.TokenSource,
) oauth2.TokenSource {
return &cachingTokenSource{
cacheFile: cacheFile,
sourceIdentifier: clientID,
sourceType: sourceTypeServicePrincipal,
oauthTokenSource: oauthTokenSource,
}
}
func (source *cachingTokenSource) servicePrincipalToken(cachedTokens *cache) (*oauth2.Token, error) {
// Check if there is the cache has an entry for the service principal
var hitEntry *cacheEntry
if entry, ok := cachedTokens.ServicePrincipals[source.sourceIdentifier]; ok {
hitEntry = &entry
}
// Check the token for validity, try to refresh it and otherwise get a new token
token, err := source.getValidToken(hitEntry)
if err != nil {
return nil, fmt.Errorf("failed to get new token: %w", err)
}
// Cache the new token
cachedTokens.ServicePrincipals[source.sourceIdentifier] = *cacheEntryFromToken(token)
// Write the cache back to the file
if err = cachedTokens.write(source.cacheFile); err != nil {
log.Printf("failed to write credentials to cache: %s\n", err)
}
return token, nil
}