mirror of
https://github.com/googleapis/genai-toolbox.git
synced 2026-02-18 19:05:19 -05:00
a0ac5334d1
This only checks within `SourceConfig`, `ToolConfig`, and `AuthSourceConfig`. Error when an unknown field is provided: `2025-01-27T22:43:46.988401-08:00 ERROR "unable to parse tool file at \"tools.yaml\": unable to parse as \"cloud-sql-postgres\": [2:1] unknown field \"extra\"\n 1 | database: test_database\n> 2 | extra: here\n ^\n 3 | instance: toolbox-cloudsql\n 4 | kind: cloud-sql-postgres\n 5 | password: postgres\n 6 | "` Error when a required field is not provided: `2025-01-27T17:49:47.584846-08:00 ERROR "unable to parse tool file at \"tools.yaml\": validation failed: Key: 'Config.Region' Error:Field validation for 'Region' failed on the 'required' tag"` --------- Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com>
83 lines
2.1 KiB
Go
83 lines
2.1 KiB
Go
// Copyright 2024 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/googleapis/genai-toolbox/internal/auth"
|
|
"google.golang.org/api/idtoken"
|
|
)
|
|
|
|
const AuthSourceKind string = "google"
|
|
|
|
// validate interface
|
|
var _ auth.AuthSourceConfig = Config{}
|
|
|
|
// Auth source configuration
|
|
type Config struct {
|
|
Name string `yaml:"name" validate:"required"`
|
|
Kind string `yaml:"kind" validate:"required"`
|
|
ClientID string `yaml:"clientId" validate:"required"`
|
|
}
|
|
|
|
// Returns the auth source kind
|
|
func (cfg Config) AuthSourceConfigKind() string {
|
|
return AuthSourceKind
|
|
}
|
|
|
|
// Initialize a Google auth source
|
|
func (cfg Config) Initialize() (auth.AuthSource, error) {
|
|
a := &AuthSource{
|
|
Name: cfg.Name,
|
|
Kind: AuthSourceKind,
|
|
ClientID: cfg.ClientID,
|
|
}
|
|
return a, nil
|
|
}
|
|
|
|
var _ auth.AuthSource = AuthSource{}
|
|
|
|
// struct used to store auth source info
|
|
type AuthSource struct {
|
|
Name string `yaml:"name"`
|
|
Kind string `yaml:"kind"`
|
|
ClientID string `yaml:"clientId"`
|
|
}
|
|
|
|
// Returns the auth source kind
|
|
func (a AuthSource) AuthSourceKind() string {
|
|
return AuthSourceKind
|
|
}
|
|
|
|
// Returns the name of the auth source
|
|
func (a AuthSource) GetName() string {
|
|
return a.Name
|
|
}
|
|
|
|
// Verifies Google ID token and return claims
|
|
func (a AuthSource) GetClaimsFromHeader(h http.Header) (map[string]any, error) {
|
|
if token := h.Get(a.Name + "_token"); token != "" {
|
|
payload, err := idtoken.Validate(context.Background(), token, a.ClientID)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Google ID token verification failure: %w", err)
|
|
}
|
|
return payload.Claims, nil
|
|
}
|
|
return nil, nil
|
|
}
|