Update dependencies

vendor/google.golang.org/api/internal/creds.go

@@ -0,0 +1,102 @@
+// Copyright 2017 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+
+	"golang.org/x/oauth2"
+
+	"golang.org/x/oauth2/google"
+)
+
+// Creds returns credential information obtained from DialSettings, or if none, then
+// it returns default credential information.
+func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) {
+	if ds.Credentials != nil {
+		return ds.Credentials, nil
+	}
+	if ds.CredentialsJSON != nil {
+		return credentialsFromJSON(ctx, ds.CredentialsJSON, ds.Endpoint, ds.Scopes, ds.Audiences)
+	}
+	if ds.CredentialsFile != "" {
+		data, err := ioutil.ReadFile(ds.CredentialsFile)
+		if err != nil {
+			return nil, fmt.Errorf("cannot read credentials file: %v", err)
+		}
+		return credentialsFromJSON(ctx, data, ds.Endpoint, ds.Scopes, ds.Audiences)
+	}
+	if ds.TokenSource != nil {
+		return &google.Credentials{TokenSource: ds.TokenSource}, nil
+	}
+	cred, err := google.FindDefaultCredentials(ctx, ds.Scopes...)
+	if err != nil {
+		return nil, err
+	}
+	if len(cred.JSON) > 0 {
+		return credentialsFromJSON(ctx, cred.JSON, ds.Endpoint, ds.Scopes, ds.Audiences)
+	}
+	// For GAE and GCE, the JSON is empty so return the default credentials directly.
+	return cred, nil
+}
+
+// JSON key file type.
+const (
+	serviceAccountKey = "service_account"
+)
+
+// credentialsFromJSON returns a google.Credentials based on the input.
+//
+// - If the JSON is a service account and no scopes provided, returns self-signed JWT auth flow
+// - Otherwise, returns OAuth 2.0 flow.
+func credentialsFromJSON(ctx context.Context, data []byte, endpoint string, scopes []string, audiences []string) (*google.Credentials, error) {
+	cred, err := google.CredentialsFromJSON(ctx, data, scopes...)
+	if err != nil {
+		return nil, err
+	}
+	if len(data) > 0 && len(scopes) == 0 {
+		var f struct {
+			Type string `json:"type"`
+			// The rest JSON fields are omitted because they are not used.
+		}
+		if err := json.Unmarshal(cred.JSON, &f); err != nil {
+			return nil, err
+		}
+		if f.Type == serviceAccountKey {
+			ts, err := selfSignedJWTTokenSource(data, endpoint, audiences)
+			if err != nil {
+				return nil, err
+			}
+			cred.TokenSource = ts
+		}
+	}
+	return cred, err
+}
+
+func selfSignedJWTTokenSource(data []byte, endpoint string, audiences []string) (oauth2.TokenSource, error) {
+	// Use the API endpoint as the default audience
+	audience := endpoint
+	if len(audiences) > 0 {
+		// TODO(shinfan): Update golang oauth to support multiple audiences.
+		if len(audiences) > 1 {
+			return nil, fmt.Errorf("multiple audiences support is not implemented")
+		}
+		audience = audiences[0]
+	}
+	return google.JWTAccessTokenSourceFromJSON(data, audience)
+}