NewCredentials returns a new PerRPCCredentials implementation, configured using opts, which performs token exchange using STS.
(opts Options)
| 117 | // NewCredentials returns a new PerRPCCredentials implementation, configured |
| 118 | // using opts, which performs token exchange using STS. |
| 119 | func NewCredentials(opts Options) (credentials.PerRPCCredentials, error) { |
| 120 | if err := validateOptions(opts); err != nil { |
| 121 | return nil, err |
| 122 | } |
| 123 | |
| 124 | // Load the system roots to validate the certificate presented by the STS |
| 125 | // endpoint during the TLS handshake. |
| 126 | roots, err := loadSystemCertPool() |
| 127 | if err != nil { |
| 128 | return nil, err |
| 129 | } |
| 130 | |
| 131 | return &callCreds{ |
| 132 | opts: opts, |
| 133 | client: makeHTTPDoer(roots), |
| 134 | }, nil |
| 135 | } |
| 136 | |
| 137 | // callCreds provides the implementation of call credentials based on an STS |
| 138 | // token exchange. |