update ctx; duration

Author: salrashid123

google/delegate.go

@@ -7,7 +7,6 @@ package google
 import (
         "context"
         "fmt"
-        "strconv"
         "sync"
         "time"
 
@@ -17,47 +16,49 @@ import (
 
 // DelegateTokenSource allows a TokenSource issued to a user or
 // service account to impersonate another.  The target service account
-// must grant the orginating credential principal the
+// must grant the orginating  principal the
 // "Service Account Token Creator" IAM role:
 // https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role
 //
 //  rootSource (TokenSource): The root TokenSource
-//     used as to acquire the delegated identity TokenSource.
-//     rootSource *must* include scopes that includes
+//     used as to acquire the target identity TokenSource.
+//     rootSource *must* include scopes that contains
 //     "https://www.googleapis.com/auth/iam"
+//     or
+//     "https://www.googleapis.com/auth/cloud-platform"
 //  principal (string): The service account to impersonate.
 //  new_scopes ([]string): Scopes to request during the
 //     authorization grant.
 //  delegates ([]string): The chained list of delegates required
 //     to grant the final access_token.
-//  lifetime (int): Number of seconds the delegated credential should
+//  lifetime (time.Duration): Number of seconds the delegated credential should
 //     be valid for (upto 3600).
 //
 // Usage:
 //   principal := "[email protected]"
-//   lifetime := 30
+//   lifetime := 30 * time.Second
 //   delegates := []string{}
 //   newScopes := []string{storage.ScopeReadOnly}
 //   rootTokenSource, err := google.DefaultTokenSource(ctx,
 //           "https://www.googleapis.com/auth/iam")
 //   delegatetokenSource, err := google.DelegateTokenSource(ctx,
 //       rootTokenSource,
-//           principal, lifetime, delegates, newScopes)
+//       principal, lifetime, delegates, newScopes)
 //   storeageClient, _ = storage.NewClient(ctx,
 //       option.WithTokenSource(delegatetokenSource))
-
+//
 // Note that this is not a standard OAuth flow, but rather uses Google Cloud
 // IAMCredentials API to exchange one oauth token for an impersonated account
 // see: https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken
 func DelegateTokenSource(ctx context.Context, rootSource oauth2.TokenSource,
-        principal string, lifetime int, delegates []string,
+        principal string, lifetime time.Duration, delegates []string,
         newScopes []string) (oauth2.TokenSource, error) {
 
         return &delegateTokenSource{
                 ctx:        ctx,
                 rootSource: rootSource,
                 principal:  principal,
-                lifetime:   strconv.Itoa(lifetime) + "s",
+                lifetime:   lifetime,
                 delegates:  delegates,
                 newScopes:  newScopes,
         }, nil
@@ -67,7 +68,7 @@ type delegateTokenSource struct {
         ctx        context.Context
         rootSource oauth2.TokenSource
         principal  string
-        lifetime   string
+        lifetime   time.Duration
         delegates  []string
         newScopes  []string
 }
@@ -86,26 +87,26 @@ func (ts *delegateTokenSource) Token() (*oauth2.Token, error) {
                 return tok, nil
         }
 
-        client := oauth2.NewClient(context.Background(), ts.rootSource)
+        client := oauth2.NewClient(ts.ctx, ts.rootSource)
 
         service, err := iamcredentials.New(client)
         if err != nil {
-                return nil, fmt.Errorf("Error creating IAMCredentials: %v", err)
+                return nil, fmt.Errorf("google: Error creating IAMCredentials: %v", err)
         }
         name := "projects/-/serviceAccounts/" + ts.principal
         tokenRequest := &iamcredentials.GenerateAccessTokenRequest{
-                Lifetime:  ts.lifetime,
+                Lifetime:  ts.lifetime.String(),
                 Delegates: ts.delegates,
                 Scope:     ts.newScopes,
         }
         at, err := service.Projects.ServiceAccounts.GenerateAccessToken(name, tokenRequest).Do()
         if err != nil {
-                return nil, fmt.Errorf("Error calling GenerateAccessToken: %v", err)
+                return nil, fmt.Errorf("google: Error calling iamcredentials.GenerateAccessToken: %v", err)
         }
 
         expireAt, err := time.Parse(time.RFC3339, at.ExpireTime)
         if err != nil {
-                return nil, fmt.Errorf("Error parsing ExpireTime: %v", err)
+                return nil, fmt.Errorf("google: Error parsing ExpireTime from iamcredentials: %v", err)
         }
 
         tok = &oauth2.Token{