GetRequestMetadata returns the cached accessToken, if available and valid, or fetches a new one by performing an STS token exchange.
(ctx context.Context, _ ...string)
| 150 | // GetRequestMetadata returns the cached accessToken, if available and valid, or |
| 151 | // fetches a new one by performing an STS token exchange. |
| 152 | func (c *callCreds) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error) { |
| 153 | ri, _ := credentials.RequestInfoFromContext(ctx) |
| 154 | if err := credentials.CheckSecurityLevel(ri.AuthInfo, credentials.PrivacyAndIntegrity); err != nil { |
| 155 | return nil, fmt.Errorf("unable to transfer STS PerRPCCredentials: %v", err) |
| 156 | } |
| 157 | |
| 158 | // Holding the lock for the whole duration of the STS request and response |
| 159 | // processing ensures that concurrent RPCs don't end up in multiple |
| 160 | // requests being made. |
| 161 | c.mu.Lock() |
| 162 | defer c.mu.Unlock() |
| 163 | |
| 164 | if md := c.cachedMetadata(); md != nil { |
| 165 | return md, nil |
| 166 | } |
| 167 | req, err := constructRequest(ctx, c.opts) |
| 168 | if err != nil { |
| 169 | return nil, err |
| 170 | } |
| 171 | respBody, err := sendRequest(c.client, req) |
| 172 | if err != nil { |
| 173 | return nil, err |
| 174 | } |
| 175 | ti, err := tokenInfoFromResponse(respBody) |
| 176 | if err != nil { |
| 177 | return nil, err |
| 178 | } |
| 179 | c.tokenMetadata = map[string]string{"Authorization": fmt.Sprintf("%s %s", ti.tokenType, ti.token)} |
| 180 | c.tokenExpiry = ti.expiryTime |
| 181 | return c.tokenMetadata, nil |
| 182 | } |
| 183 | |
| 184 | // RequireTransportSecurity indicates whether the credentials requires |
| 185 | // transport security. |
nothing calls this directly
no test coverage detected