8 files changed, 805 insertions, 0 deletions

diff --git a/vendor/golang.org/x/oauth2/google/appengine.go b/vendor/golang.org/x/oauth2/google/appengine.go
new file mode 100644
index 0000000..feb1157
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/appengine.go
@@ -0,0 +1,38 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package google
+
+import (
+        "context"
+        "time"
+
+        "golang.org/x/oauth2"
+)
+
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
+var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error)
+
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
+var appengineAppIDFunc func(c context.Context) string
+
+// AppEngineTokenSource returns a token source that fetches tokens from either
+// the current application's service account or from the metadata server,
+// depending on the App Engine environment. See below for environment-specific
+// details. If you are implementing a 3-legged OAuth 2.0 flow on App Engine that
+// involves user accounts, see oauth2.Config instead.
+//
+// First generation App Engine runtimes (<= Go 1.9):
+// AppEngineTokenSource returns a token source that fetches tokens issued to the
+// current App Engine application's service account. The provided context must have
+// come from appengine.NewContext.
+//
+// Second generation App Engine runtimes (>= Go 1.11) and App Engine flexible:
+// AppEngineTokenSource is DEPRECATED on second generation runtimes and on the
+// flexible environment. It delegates to ComputeTokenSource, and the provided
+// context and scopes are not used. Please use DefaultTokenSource (or ComputeTokenSource,
+// which DefaultTokenSource will use in this case) instead.
+func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
+        return appEngineTokenSource(ctx, scope...)
+}
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen1.go b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
new file mode 100644
index 0000000..83dacac
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
@@ -0,0 +1,77 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build appengine
+
+// This file applies to App Engine first generation runtimes (<= Go 1.9).
+
+package google
+
+import (
+        "context"
+        "sort"
+        "strings"
+        "sync"
+
+        "golang.org/x/oauth2"
+        "google.golang.org/appengine"
+)
+
+func init() {
+        appengineTokenFunc = appengine.AccessToken
+        appengineAppIDFunc = appengine.AppID
+}
+
+// See comment on AppEngineTokenSource in appengine.go.
+func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
+        scopes := append([]string{}, scope...)
+        sort.Strings(scopes)
+        return &gaeTokenSource{
+                ctx:    ctx,
+                scopes: scopes,
+                key:    strings.Join(scopes, " "),
+        }
+}
+
+// aeTokens helps the fetched tokens to be reused until their expiration.
+var (
+        aeTokensMu sync.Mutex
+        aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes
+)
+
+type tokenLock struct {
+        mu sync.Mutex // guards t; held while fetching or updating t
+        t  *oauth2.Token
+}
+
+type gaeTokenSource struct {
+        ctx    context.Context
+        scopes []string
+        key    string // to aeTokens map; space-separated scopes
+}
+
+func (ts *gaeTokenSource) Token() (*oauth2.Token, error) {
+        aeTokensMu.Lock()
+        tok, ok := aeTokens[ts.key]
+        if !ok {
+                tok = &tokenLock{}
+                aeTokens[ts.key] = tok
+        }
+        aeTokensMu.Unlock()
+
+        tok.mu.Lock()
+        defer tok.mu.Unlock()
+        if tok.t.Valid() {
+                return tok.t, nil
+        }
+        access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
+        if err != nil {
+                return nil, err
+        }
+        tok.t = &oauth2.Token{
+                AccessToken: access,
+                Expiry:      exp,
+        }
+        return tok.t, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
new file mode 100644
index 0000000..04c2c22
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine
+
+// This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible.
+
+package google
+
+import (
+        "context"
+        "log"
+        "sync"
+
+        "golang.org/x/oauth2"
+)
+
+var logOnce sync.Once // only spam about deprecation once
+
+// See comment on AppEngineTokenSource in appengine.go.
+func appEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
+        logOnce.Do(func() {
+                log.Print("google: AppEngineTokenSource is deprecated on App Engine standard second generation runtimes (>= Go 1.11) and App Engine flexible. Please use DefaultTokenSource or ComputeTokenSource.")
+        })
+        return ComputeTokenSource("")
+}
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
new file mode 100644
index 0000000..5087d84
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -0,0 +1,155 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package google
+
+import (
+        "context"
+        "encoding/json"
+        "fmt"
+        "io/ioutil"
+        "net/http"
+        "os"
+        "path/filepath"
+        "runtime"
+
+        "cloud.google.com/go/compute/metadata"
+        "golang.org/x/oauth2"
+)
+
+// Credentials holds Google credentials, including "Application Default Credentials".
+// For more details, see:
+// https://developers.google.com/accounts/docs/application-default-credentials
+type Credentials struct {
+        ProjectID   string // may be empty
+        TokenSource oauth2.TokenSource
+
+        // JSON contains the raw bytes from a JSON credentials file.
+        // This field may be nil if authentication is provided by the
+        // environment and not with a credentials file, e.g. when code is
+        // running on Google Cloud Platform.
+        JSON []byte
+}
+
+// DefaultCredentials is the old name of Credentials.
+//
+// Deprecated: use Credentials instead.
+type DefaultCredentials = Credentials
+
+// DefaultClient returns an HTTP Client that uses the
+// DefaultTokenSource to obtain authentication credentials.
+func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) {
+        ts, err := DefaultTokenSource(ctx, scope...)
+        if err != nil {
+                return nil, err
+        }
+        return oauth2.NewClient(ctx, ts), nil
+}
+
+// DefaultTokenSource returns the token source for
+// "Application Default Credentials".
+// It is a shortcut for FindDefaultCredentials(ctx, scope).TokenSource.
+func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSource, error) {
+        creds, err := FindDefaultCredentials(ctx, scope...)
+        if err != nil {
+                return nil, err
+        }
+        return creds.TokenSource, nil
+}
+
+// FindDefaultCredentials searches for "Application Default Credentials".
+//
+// It looks for credentials in the following places,
+// preferring the first location found:
+//
+//   1. A JSON file whose path is specified by the
+//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
+//   2. A JSON file in a location known to the gcloud command-line tool.
+//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
+//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//   3. On Google App Engine standard first generation runtimes (<= Go 1.9) it uses
+//      the appengine.AccessToken function.
+//   4. On Google Compute Engine, Google App Engine standard second generation runtimes
+//      (>= Go 1.11), and Google App Engine flexible environment, it fetches
+//      credentials from the metadata server.
+//      (In this final case any provided scopes are ignored.)
+func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) {
+        // First, try the environment variable.
+        const envVar = "GOOGLE_APPLICATION_CREDENTIALS"
+        if filename := os.Getenv(envVar); filename != "" {
+                creds, err := readCredentialsFile(ctx, filename, scopes)
+                if err != nil {
+                        return nil, fmt.Errorf("google: error getting credentials using %v environment variable: %v", envVar, err)
+                }
+                return creds, nil
+        }
+
+        // Second, try a well-known file.
+        filename := wellKnownFile()
+        if creds, err := readCredentialsFile(ctx, filename, scopes); err == nil {
+                return creds, nil
+        } else if !os.IsNotExist(err) {
+                return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
+        }
+
+        // Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)
+        // use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
+        // and App Engine flexible use ComputeTokenSource and the metadata server.
+        if appengineTokenFunc != nil {
+                return &DefaultCredentials{
+                        ProjectID:   appengineAppIDFunc(ctx),
+                        TokenSource: AppEngineTokenSource(ctx, scopes...),
+                }, nil
+        }
+
+        // Fourth, if we're on Google Compute Engine, an App Engine standard second generation runtime,
+        // or App Engine flexible, use the metadata server.
+        if metadata.OnGCE() {
+                id, _ := metadata.ProjectID()
+                return &DefaultCredentials{
+                        ProjectID:   id,
+                        TokenSource: ComputeTokenSource(""),
+                }, nil
+        }
+
+        // None are found; return helpful error.
+        const url = "https://developers.google.com/accounts/docs/application-default-credentials"
+        return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url)
+}
+
+// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
+// represent either a Google Developers Console client_credentials.json file (as in
+// ConfigFromJSON) or a Google Developers service account key file (as in
+// JWTConfigFromJSON).
+func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) {
+        var f credentialsFile
+        if err := json.Unmarshal(jsonData, &f); err != nil {
+                return nil, err
+        }
+        ts, err := f.tokenSource(ctx, append([]string(nil), scopes...))
+        if err != nil {
+                return nil, err
+        }
+        return &DefaultCredentials{
+                ProjectID:   f.ProjectID,
+                TokenSource: ts,
+                JSON:        jsonData,
+        }, nil
+}
+
+func wellKnownFile() string {
+        const f = "application_default_credentials.json"
+        if runtime.GOOS == "windows" {
+                return filepath.Join(os.Getenv("APPDATA"), "gcloud", f)
+        }
+        return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", f)
+}
+
+func readCredentialsFile(ctx context.Context, filename string, scopes []string) (*DefaultCredentials, error) {
+        b, err := ioutil.ReadFile(filename)
+        if err != nil {
+                return nil, err
+        }
+        return CredentialsFromJSON(ctx, b, scopes...)
+}
diff --git a/vendor/golang.org/x/oauth2/google/doc.go b/vendor/golang.org/x/oauth2/google/doc.go
new file mode 100644
index 0000000..73be629
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/doc.go
@@ -0,0 +1,40 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package google provides support for making OAuth2 authorized and authenticated
+// HTTP requests to Google APIs. It supports the Web server flow, client-side
+// credentials, service accounts, Google Compute Engine service accounts, and Google
+// App Engine service accounts.
+//
+// A brief overview of the package follows. For more information, please read
+// https://developers.google.com/accounts/docs/OAuth2
+// and
+// https://developers.google.com/accounts/docs/application-default-credentials.
+//
+// OAuth2 Configs
+//
+// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
+// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
+// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
+// create an http.Client.
+//
+//
+// Credentials
+//
+// The Credentials type represents Google credentials, including Application Default
+// Credentials.
+//
+// Use FindDefaultCredentials to obtain Application Default Credentials.
+// FindDefaultCredentials looks in some well-known places for a credentials file, and
+// will call AppEngineTokenSource or ComputeTokenSource as needed.
+//
+// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
+// then use the credentials to construct an http.Client or an oauth2.TokenSource.
+//
+// Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
+// described in OAuth2 Configs, above. The TokenSource in the returned value is the
+// same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
+// JWTConfigFromJSON, but the Credentials may contain additional information
+// that is useful is some circumstances.
+package google // import "golang.org/x/oauth2/google"
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
new file mode 100644
index 0000000..4b0b547
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -0,0 +1,193 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package google
+
+import (
+        "context"
+        "encoding/json"
+        "errors"
+        "fmt"
+        "strings"
+        "time"
+
+        "cloud.google.com/go/compute/metadata"
+        "golang.org/x/oauth2"
+        "golang.org/x/oauth2/jwt"
+)
+
+// Endpoint is Google's OAuth 2.0 endpoint.
+var Endpoint = oauth2.Endpoint{
+        AuthURL:   "https://accounts.google.com/o/oauth2/auth",
+        TokenURL:  "https://accounts.google.com/o/oauth2/token",
+        AuthStyle: oauth2.AuthStyleInParams,
+}
+
+// JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
+const JWTTokenURL = "https://accounts.google.com/o/oauth2/token"
+
+// ConfigFromJSON uses a Google Developers Console client_credentials.json
+// file to construct a config.
+// client_credentials.json can be downloaded from
+// https://console.developers.google.com, under "Credentials". Download the Web
+// application credentials in the JSON format and provide the contents of the
+// file as jsonKey.
+func ConfigFromJSON(jsonKey []byte, scope ...string) (*oauth2.Config, error) {
+        type cred struct {
+                ClientID     string   `json:"client_id"`
+                ClientSecret string   `json:"client_secret"`
+                RedirectURIs []string `json:"redirect_uris"`
+                AuthURI      string   `json:"auth_uri"`
+                TokenURI     string   `json:"token_uri"`
+        }
+        var j struct {
+                Web       *cred `json:"web"`
+                Installed *cred `json:"installed"`
+        }
+        if err := json.Unmarshal(jsonKey, &j); err != nil {
+                return nil, err
+        }
+        var c *cred
+        switch {
+        case j.Web != nil:
+                c = j.Web
+        case j.Installed != nil:
+                c = j.Installed
+        default:
+                return nil, fmt.Errorf("oauth2/google: no credentials found")
+        }
+        if len(c.RedirectURIs) < 1 {
+                return nil, errors.New("oauth2/google: missing redirect URL in the client_credentials.json")
+        }
+        return &oauth2.Config{
+                ClientID:     c.ClientID,
+                ClientSecret: c.ClientSecret,
+                RedirectURL:  c.RedirectURIs[0],
+                Scopes:       scope,
+                Endpoint: oauth2.Endpoint{
+                        AuthURL:  c.AuthURI,
+                        TokenURL: c.TokenURI,
+                },
+        }, nil
+}
+
+// JWTConfigFromJSON uses a Google Developers service account JSON key file to read
+// the credentials that authorize and authenticate the requests.
+// Create a service account on "Credentials" for your project at
+// https://console.developers.google.com to download a JSON key file.
+func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) {
+        var f credentialsFile
+        if err := json.Unmarshal(jsonKey, &f); err != nil {
+                return nil, err
+        }
+        if f.Type != serviceAccountKey {
+                return nil, fmt.Errorf("google: read JWT from JSON credentials: 'type' field is %q (expected %q)", f.Type, serviceAccountKey)
+        }
+        scope = append([]string(nil), scope...) // copy
+        return f.jwtConfig(scope), nil
+}
+
+// JSON key file types.
+const (
+        serviceAccountKey  = "service_account"
+        userCredentialsKey = "authorized_user"
+)
+
+// credentialsFile is the unmarshalled representation of a credentials file.
+type credentialsFile struct {
+        Type string `json:"type"` // serviceAccountKey or userCredentialsKey
+
+        // Service Account fields
+        ClientEmail  string `json:"client_email"`
+        PrivateKeyID string `json:"private_key_id"`
+        PrivateKey   string `json:"private_key"`
+        TokenURL     string `json:"token_uri"`
+        ProjectID    string `json:"project_id"`
+
+        // User Credential fields
+        // (These typically come from gcloud auth.)
+        ClientSecret string `json:"client_secret"`
+        ClientID     string `json:"client_id"`
+        RefreshToken string `json:"refresh_token"`
+}
+
+func (f *credentialsFile) jwtConfig(scopes []string) *jwt.Config {
+        cfg := &jwt.Config{
+                Email:        f.ClientEmail,
+                PrivateKey:   []byte(f.PrivateKey),
+                PrivateKeyID: f.PrivateKeyID,
+                Scopes:       scopes,
+                TokenURL:     f.TokenURL,
+        }
+        if cfg.TokenURL == "" {
+                cfg.TokenURL = JWTTokenURL
+        }
+        return cfg
+}
+
+func (f *credentialsFile) tokenSource(ctx context.Context, scopes []string) (oauth2.TokenSource, error) {
+        switch f.Type {
+        case serviceAccountKey:
+                cfg := f.jwtConfig(scopes)
+                return cfg.TokenSource(ctx), nil
+        case userCredentialsKey:
+                cfg := &oauth2.Config{
+                        ClientID:     f.ClientID,
+                        ClientSecret: f.ClientSecret,
+                        Scopes:       scopes,
+                        Endpoint:     Endpoint,
+                }
+                tok := &oauth2.Token{RefreshToken: f.RefreshToken}
+                return cfg.TokenSource(ctx, tok), nil
+        case "":
+                return nil, errors.New("missing 'type' field in credentials")
+        default:
+                return nil, fmt.Errorf("unknown credential type: %q", f.Type)
+        }
+}
+
+// ComputeTokenSource returns a token source that fetches access tokens
+// from Google Compute Engine (GCE)'s metadata server. It's only valid to use
+// this token source if your program is running on a GCE instance.
+// If no account is specified, "default" is used.
+// Further information about retrieving access tokens from the GCE metadata
+// server can be found at https://cloud.google.com/compute/docs/authentication.
+func ComputeTokenSource(account string) oauth2.TokenSource {
+        return oauth2.ReuseTokenSource(nil, computeSource{account: account})
+}
+
+type computeSource struct {
+        account string
+}
+
+func (cs computeSource) Token() (*oauth2.Token, error) {
+        if !metadata.OnGCE() {
+                return nil, errors.New("oauth2/google: can't get a token from the metadata service; not running on GCE")
+        }
+        acct := cs.account
+        if acct == "" {
+                acct = "default"
+        }
+        tokenJSON, err := metadata.Get("instance/service-accounts/" + acct + "/token")
+        if err != nil {
+                return nil, err
+        }
+        var res struct {
+                AccessToken  string `json:"access_token"`
+                ExpiresInSec int    `json:"expires_in"`
+                TokenType    string `json:"token_type"`
+        }
+        err = json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res)
+        if err != nil {
+                return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %v", err)
+        }
+        if res.ExpiresInSec == 0 || res.AccessToken == "" {
+                return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata")
+        }
+        return &oauth2.Token{
+                AccessToken: res.AccessToken,
+                TokenType:   res.TokenType,
+                Expiry:      time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second),
+        }, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/jwt.go b/vendor/golang.org/x/oauth2/google/jwt.go
new file mode 100644
index 0000000..b0fdb3a
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/jwt.go
@@ -0,0 +1,74 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package google
+
+import (
+        "crypto/rsa"
+        "fmt"
+        "time"
+
+        "golang.org/x/oauth2"
+        "golang.org/x/oauth2/internal"
+        "golang.org/x/oauth2/jws"
+)
+
+// JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON
+// key file to read the credentials that authorize and authenticate the
+// requests, and returns a TokenSource that does not use any OAuth2 flow but
+// instead creates a JWT and sends that as the access token.
+// The audience is typically a URL that specifies the scope of the credentials.
+//
+// Note that this is not a standard OAuth flow, but rather an
+// optimization supported by a few Google services.
+// Unless you know otherwise, you should use JWTConfigFromJSON instead.
+func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) {
+        cfg, err := JWTConfigFromJSON(jsonKey)
+        if err != nil {
+                return nil, fmt.Errorf("google: could not parse JSON key: %v", err)
+        }
+        pk, err := internal.ParseKey(cfg.PrivateKey)
+        if err != nil {
+                return nil, fmt.Errorf("google: could not parse key: %v", err)
+        }
+        ts := &jwtAccessTokenSource{
+                email:    cfg.Email,
+                audience: audience,
+                pk:       pk,
+                pkID:     cfg.PrivateKeyID,
+        }
+        tok, err := ts.Token()
+        if err != nil {
+                return nil, err
+        }
+        return oauth2.ReuseTokenSource(tok, ts), nil
+}
+
+type jwtAccessTokenSource struct {
+        email, audience string
+        pk              *rsa.PrivateKey
+        pkID            string
+}
+
+func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {
+        iat := time.Now()
+        exp := iat.Add(time.Hour)
+        cs := &jws.ClaimSet{
+                Iss: ts.email,
+                Sub: ts.email,
+                Aud: ts.audience,
+                Iat: iat.Unix(),
+                Exp: exp.Unix(),
+        }
+        hdr := &jws.Header{
+                Algorithm: "RS256",
+                Typ:       "JWT",
+                KeyID:     string(ts.pkID),
+        }
+        msg, err := jws.Encode(hdr, cs, ts.pk)
+        if err != nil {
+                return nil, fmt.Errorf("google: could not encode JWT: %v", err)
+        }
+        return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/sdk.go b/vendor/golang.org/x/oauth2/google/sdk.go
new file mode 100644
index 0000000..456224b
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/sdk.go
@@ -0,0 +1,201 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package google
+
+import (
+        "bufio"
+        "context"
+        "encoding/json"
+        "errors"
+        "fmt"
+        "io"
+        "net/http"
+        "os"
+        "os/user"
+        "path/filepath"
+        "runtime"
+        "strings"
+        "time"
+
+        "golang.org/x/oauth2"
+)
+
+type sdkCredentials struct {
+        Data []struct {
+                Credential struct {
+                        ClientID     string     `json:"client_id"`
+                        ClientSecret string     `json:"client_secret"`
+                        AccessToken  string     `json:"access_token"`
+                        RefreshToken string     `json:"refresh_token"`
+                        TokenExpiry  *time.Time `json:"token_expiry"`
+                } `json:"credential"`
+                Key struct {
+                        Account string `json:"account"`
+                        Scope   string `json:"scope"`
+                } `json:"key"`
+        }
+}
+
+// An SDKConfig provides access to tokens from an account already
+// authorized via the Google Cloud SDK.
+type SDKConfig struct {
+        conf         oauth2.Config
+        initialToken *oauth2.Token
+}
+
+// NewSDKConfig creates an SDKConfig for the given Google Cloud SDK
+// account. If account is empty, the account currently active in
+// Google Cloud SDK properties is used.
+// Google Cloud SDK credentials must be created by running `gcloud auth`
+// before using this function.
+// The Google Cloud SDK is available at https://cloud.google.com/sdk/.
+func NewSDKConfig(account string) (*SDKConfig, error) {
+        configPath, err := sdkConfigPath()
+        if err != nil {
+                return nil, fmt.Errorf("oauth2/google: error getting SDK config path: %v", err)
+        }
+        credentialsPath := filepath.Join(configPath, "credentials")
+        f, err := os.Open(credentialsPath)
+        if err != nil {
+                return nil, fmt.Errorf("oauth2/google: failed to load SDK credentials: %v", err)
+        }
+        defer f.Close()
+
+        var c sdkCredentials
+        if err := json.NewDecoder(f).Decode(&c); err != nil {
+                return nil, fmt.Errorf("oauth2/google: failed to decode SDK credentials from %q: %v", credentialsPath, err)
+        }
+        if len(c.Data) == 0 {
+                return nil, fmt.Errorf("oauth2/google: no credentials found in %q, run `gcloud auth login` to create one", credentialsPath)
+        }
+        if account == "" {
+                propertiesPath := filepath.Join(configPath, "properties")
+                f, err := os.Open(propertiesPath)
+                if err != nil {
+                        return nil, fmt.Errorf("oauth2/google: failed to load SDK properties: %v", err)
+                }
+                defer f.Close()
+                ini, err := parseINI(f)
+                if err != nil {
+                        return nil, fmt.Errorf("oauth2/google: failed to parse SDK properties %q: %v", propertiesPath, err)
+                }
+                core, ok := ini["core"]
+                if !ok {
+                        return nil, fmt.Errorf("oauth2/google: failed to find [core] section in %v", ini)
+                }
+                active, ok := core["account"]
+                if !ok {
+                        return nil, fmt.Errorf("oauth2/google: failed to find %q attribute in %v", "account", core)
+                }
+                account = active
+        }
+
+        for _, d := range c.Data {
+                if account == "" || d.Key.Account == account {
+                        if d.Credential.AccessToken == "" && d.Credential.RefreshToken == "" {
+                                return nil, fmt.Errorf("oauth2/google: no token available for account %q", account)
+                        }
+                        var expiry time.Time
+                        if d.Credential.TokenExpiry != nil {
+                                expiry = *d.Credential.TokenExpiry
+                        }
+                        return &SDKConfig{
+                                conf: oauth2.Config{
+                                        ClientID:     d.Credential.ClientID,
+                                        ClientSecret: d.Credential.ClientSecret,
+                                        Scopes:       strings.Split(d.Key.Scope, " "),
+                                        Endpoint:     Endpoint,
+                                        RedirectURL:  "oob",
+                                },
+                                initialToken: &oauth2.Token{
+                                        AccessToken:  d.Credential.AccessToken,
+                                        RefreshToken: d.Credential.RefreshToken,
+                                        Expiry:       expiry,
+                                },
+                        }, nil
+                }
+        }
+        return nil, fmt.Errorf("oauth2/google: no such credentials for account %q", account)
+}
+
+// Client returns an HTTP client using Google Cloud SDK credentials to
+// authorize requests. The token will auto-refresh as necessary. The
+// underlying http.RoundTripper will be obtained using the provided
+// context. The returned client and its Transport should not be
+// modified.
+func (c *SDKConfig) Client(ctx context.Context) *http.Client {
+        return &http.Client{
+                Transport: &oauth2.Transport{
+                        Source: c.TokenSource(ctx),
+                },
+        }
+}
+
+// TokenSource returns an oauth2.TokenSource that retrieve tokens from
+// Google Cloud SDK credentials using the provided context.
+// It will returns the current access token stored in the credentials,
+// and refresh it when it expires, but it won't update the credentials
+// with the new access token.
+func (c *SDKConfig) TokenSource(ctx context.Context) oauth2.TokenSource {
+        return c.conf.TokenSource(ctx, c.initialToken)
+}
+
+// Scopes are the OAuth 2.0 scopes the current account is authorized for.
+func (c *SDKConfig) Scopes() []string {
+        return c.conf.Scopes
+}
+
+func parseINI(ini io.Reader) (map[string]map[string]string, error) {
+        result := map[string]map[string]string{
+                "": {}, // root section
+        }
+        scanner := bufio.NewScanner(ini)
+        currentSection := ""
+        for scanner.Scan() {
+                line := strings.TrimSpace(scanner.Text())
+                if strings.HasPrefix(line, ";") {
+                        // comment.
+                        continue
+                }
+                if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+                        currentSection = strings.TrimSpace(line[1 : len(line)-1])
+                        result[currentSection] = map[string]string{}
+                        continue
+                }
+                parts := strings.SplitN(line, "=", 2)
+                if len(parts) == 2 && parts[0] != "" {
+                        result[currentSection][strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
+                }
+        }
+        if err := scanner.Err(); err != nil {
+                return nil, fmt.Errorf("error scanning ini: %v", err)
+        }
+        return result, nil
+}
+
+// sdkConfigPath tries to guess where the gcloud config is located.
+// It can be overridden during tests.
+var sdkConfigPath = func() (string, error) {
+        if runtime.GOOS == "windows" {
+                return filepath.Join(os.Getenv("APPDATA"), "gcloud"), nil
+        }
+        homeDir := guessUnixHomeDir()
+        if homeDir == "" {
+                return "", errors.New("unable to get current user home directory: os/user lookup failed; $HOME is empty")
+        }
+        return filepath.Join(homeDir, ".config", "gcloud"), nil
+}
+
+func guessUnixHomeDir() string {
+        // Prefer $HOME over user.Current due to glibc bug: golang.org/issue/13470
+        if v := os.Getenv("HOME"); v != "" {
+                return v
+        }
+        // Else, fall back to user.Current:
+        if u, err := user.Current(); err == nil {
+                return u.HomeDir
+        }
+        return ""
+}