ClientCertProvider is a function that returns a TLS client certificate to be
used when opening TLS connections. It follows the same semantics as
[crypto/tls.Config.GetClientCertificate].
GRPCClientConnPool
typeGRPCClientConnPoolinterface{// Connection returns a [google.golang.org/grpc.ClientConn] from the pool.//// ClientConn aren't returned to the pool and should not be closed directly.Connection()*grpc.ClientConn// Len returns the number of connections in the pool. It will always return// the same value.Len()int// Close closes every ClientConn in the pool. The error returned by Close// may be a single error or multiple errors.Close()errorgrpc.ClientConnInterface// contains filtered or unexported methods}
GRPCClientConnPool is an interface that satisfies
[google.golang.org/grpc.ClientConnInterface] and has some utility functions
that are needed for connection lifecycle when using in a client library. It
may be a pool or a single connection. This interface is not intended to, and
can't be, implemented by others.
Dial returns a GRPCClientConnPool that can be used to communicate with a
Google cloud service, configured with the provided [Options]. It
automatically appends Authorization metadata to all outgoing requests.
InternalOptions
typeInternalOptionsstruct{// EnableNonDefaultSAForDirectPath overrides the default requirement for// using the default service account for DirectPath.EnableNonDefaultSAForDirectPathbool// EnableDirectPath overrides the default attempt to use DirectPath.EnableDirectPathbool// EnableDirectPathXds overrides the default DirectPath type. It is only// valid when DirectPath is enabled.EnableDirectPathXdsbool// EnableJWTWithScope specifies if scope can be used with self-signed JWT.EnableJWTWithScopebool// AllowHardBoundTokens allows libraries to request a hard-bound token.// Obtaining hard-bound tokens requires the connection to be established// using either ALTS or mTLS with S2A.AllowHardBoundTokens[]string// DefaultAudience specifies a default audience to be used as the audience// field ("aud") for the JWT token authentication.DefaultAudiencestring// DefaultEndpointTemplate combined with UniverseDomain specifies// the default endpoint.DefaultEndpointTemplatestring// DefaultMTLSEndpoint specifies the default mTLS endpoint.DefaultMTLSEndpointstring// DefaultScopes specifies the default OAuth2 scopes to be used for a// service.DefaultScopes[]string// SkipValidation bypasses validation on Options. It should only be used// internally for clients that needs more control over their transport.SkipValidationbool}
InternalOptions are only meant to be set by generated client code. These are
not meant to be set directly by consumers of this package. Configuration in
this type is considered EXPERIMENTAL and may be removed at any time in the
future without warning.
Options
typeOptionsstruct{// DisableTelemetry disables default telemetry (OpenTelemetry). An example// reason to do so would be to bind custom telemetry that overrides the// defaults.DisableTelemetrybool// DisableAuthentication specifies that no authentication should be used. It// is suitable only for testing and for accessing public resources, like// public Google Cloud Storage buckets.DisableAuthenticationbool// Endpoint overrides the default endpoint to be used for a service.Endpointstring// Metadata is extra gRPC metadata that will be appended to every outgoing// request.Metadatamap[string]string// GRPCDialOpts are dial options that will be passed to `grpc.Dial` when// establishing a`grpc.Conn``GRPCDialOpts[]grpc.DialOption// PoolSize is specifies how many connections to balance between when making// requests. If unset or less than 1, the value defaults to 1.PoolSizeint// Credentials used to add Authorization metadata to all requests. If set// DetectOpts are ignored.Credentials*auth.Credentials// ClientCertProvider is a function that returns a TLS client certificate to// be used when opening TLS connections. It follows the same semantics as// crypto/tls.Config.GetClientCertificate.ClientCertProviderClientCertProvider// DetectOpts configures settings for detect Application Default// Credentials.DetectOpts*credentials.DetectOptions// UniverseDomain is the default service domain for a given Cloud universe.// The default value is "googleapis.com". This is the universe domain// configured for the client, which will be compared to the universe domain// that is separately configured for the credentials.UniverseDomainstring// APIKey specifies an API key to be used as the basis for authentication.// If set DetectOpts are ignored.APIKeystring// Logger is used for debug logging. If provided, logging will be enabled// at the loggers configured level. By default logging is disabled unless// enabled by setting GOOGLE_SDK_GO_LOGGING_LEVEL in which case a default// logger will be used. Optional.Logger*slog.Logger// InternalOptions are NOT meant to be set directly by consumers of this// package, they should only be set by generated client code.InternalOptions*InternalOptions}
Options used to configure a [GRPCClientConnPool] from [Dial].
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-05 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003egrpctransport\u003c/code\u003e package is 0.15.0, and there are multiple older versions available, down to 0.1.1, which can be accessed through the links provided.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003egrpctransport\u003c/code\u003e package facilitates managing gRPC client connections to Google Cloud services.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eGRPCClientConnPool\u003c/code\u003e is an interface provided by this package that helps manage a pool of connections, and can't be implemented by consumers, however it satisfies \u003ccode\u003egoogle.golang.org/grpc.ClientConnInterface\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eDial\u003c/code\u003e function configures and returns a \u003ccode\u003eGRPCClientConnPool\u003c/code\u003e that can communicate with Google cloud services, automatically managing authorization metadata on requests.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eOptions\u003c/code\u003e struct allows configuration of a \u003ccode\u003eGRPCClientConnPool\u003c/code\u003e, including settings for authentication, telemetry, endpoints, metadata, connection pooling, and more, and it contains internal options that are set by generated code.\u003c/p\u003e\n"]]],[],null,["# Package cloud.google.com/go/auth/grpctransport (v0.16.0)\n\nVersion latestkeyboard_arrow_down\n\n- [0.16.0 (latest)](/go/docs/reference/cloud.google.com/go/auth/latest/grpctransport)\n- [0.15.0](/go/docs/reference/cloud.google.com/go/auth/0.15.0/grpctransport)\n- [0.14.1](/go/docs/reference/cloud.google.com/go/auth/0.14.1/grpctransport)\n- [0.13.0](/go/docs/reference/cloud.google.com/go/auth/0.13.0/grpctransport)\n- [0.12.1](/go/docs/reference/cloud.google.com/go/auth/0.12.1/grpctransport)\n- [0.11.0](/go/docs/reference/cloud.google.com/go/auth/0.11.0/grpctransport)\n- [0.10.2](/go/docs/reference/cloud.google.com/go/auth/0.10.2/grpctransport)\n- [0.9.9](/go/docs/reference/cloud.google.com/go/auth/0.9.9/grpctransport)\n- [0.8.1](/go/docs/reference/cloud.google.com/go/auth/0.8.1/grpctransport)\n- [0.7.3](/go/docs/reference/cloud.google.com/go/auth/0.7.3/grpctransport)\n- [0.6.1](/go/docs/reference/cloud.google.com/go/auth/0.6.1/grpctransport)\n- [0.5.2](/go/docs/reference/cloud.google.com/go/auth/0.5.2/grpctransport)\n- [0.4.2](/go/docs/reference/cloud.google.com/go/auth/0.4.2/grpctransport)\n- [0.3.0](/go/docs/reference/cloud.google.com/go/auth/0.3.0/grpctransport)\n- [0.2.2](/go/docs/reference/cloud.google.com/go/auth/0.2.2/grpctransport)\n- [0.1.1](/go/docs/reference/cloud.google.com/go/auth/0.1.1/grpctransport) \n**Note:** To get more information about this package, such as access to older versions, view [this package on pkg.go.dev](https://pkg.go.dev/cloud.google.com/go/auth/grpctransport). \n\u003cbr /\u003e\n\nPackage grpctransport provides functionality for managing gRPC client\nconnections to Google Cloud services. \n\nClientCertProvider\n------------------\n\n type ClientCertProvider = func(*https://pkg.go.dev/crypto/tls.https://pkg.go.dev/crypto/tls#CertificateRequestInfo) (*https://pkg.go.dev/crypto/tls.https://pkg.go.dev/crypto/tls#Certificate, https://pkg.go.dev/builtin#error)\n\nClientCertProvider is a function that returns a TLS client certificate to be\nused when opening TLS connections. It follows the same semantics as\n\\[crypto/tls.Config.GetClientCertificate\\]. \n\nGRPCClientConnPool\n------------------\n\n type GRPCClientConnPool interface {\n \t// Connection returns a [google.golang.org/grpc.ClientConn] from the pool.\n \t//\n \t// ClientConn aren't returned to the pool and should not be closed directly.\n \tConnection() *https://pkg.go.dev/google.golang.org/grpc.https://pkg.go.dev/google.golang.org/grpc#ClientConn\n\n \t// Len returns the number of connections in the pool. It will always return\n \t// the same value.\n \tLen() https://pkg.go.dev/builtin#int\n\n \t// Close closes every ClientConn in the pool. The error returned by Close\n \t// may be a single error or multiple errors.\n \tClose() https://pkg.go.dev/builtin#error\n\n \thttps://pkg.go.dev/google.golang.org/grpc.https://pkg.go.dev/google.golang.org/grpc#ClientConnInterface\n \t// contains filtered or unexported methods\n }\n\nGRPCClientConnPool is an interface that satisfies\n\\[google.golang.org/grpc.ClientConnInterface\\] and has some utility functions\nthat are needed for connection lifecycle when using in a client library. It\nmay be a pool or a single connection. This interface is not intended to, and\ncan't be, implemented by others. \n\n### func Dial\n\n func Dial(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context, secure https://pkg.go.dev/builtin#bool, opts *#cloud_google_com_go_auth_grpctransport_Options) (#cloud_google_com_go_auth_grpctransport_GRPCClientConnPool, https://pkg.go.dev/builtin#error)\n\nDial returns a GRPCClientConnPool that can be used to communicate with a\nGoogle cloud service, configured with the provided \\[Options\\]. It\nautomatically appends Authorization metadata to all outgoing requests. \n\nInternalOptions\n---------------\n\n type InternalOptions struct {\n \t// EnableNonDefaultSAForDirectPath overrides the default requirement for\n \t// using the default service account for DirectPath.\n \tEnableNonDefaultSAForDirectPath https://pkg.go.dev/builtin#bool\n \t// EnableDirectPath overrides the default attempt to use DirectPath.\n \tEnableDirectPath https://pkg.go.dev/builtin#bool\n \t// EnableDirectPathXds overrides the default DirectPath type. It is only\n \t// valid when DirectPath is enabled.\n \tEnableDirectPathXds https://pkg.go.dev/builtin#bool\n \t// EnableJWTWithScope specifies if scope can be used with self-signed JWT.\n \tEnableJWTWithScope https://pkg.go.dev/builtin#bool\n \t// AllowHardBoundTokens allows libraries to request a hard-bound token.\n \t// Obtaining hard-bound tokens requires the connection to be established\n \t// using either ALTS or mTLS with S2A.\n \tAllowHardBoundTokens []https://pkg.go.dev/builtin#string\n \t// DefaultAudience specifies a default audience to be used as the audience\n \t// field (\"aud\") for the JWT token authentication.\n \tDefaultAudience https://pkg.go.dev/builtin#string\n \t// DefaultEndpointTemplate combined with UniverseDomain specifies\n \t// the default endpoint.\n \tDefaultEndpointTemplate https://pkg.go.dev/builtin#string\n \t// DefaultMTLSEndpoint specifies the default mTLS endpoint.\n \tDefaultMTLSEndpoint https://pkg.go.dev/builtin#string\n \t// DefaultScopes specifies the default OAuth2 scopes to be used for a\n \t// service.\n \tDefaultScopes []https://pkg.go.dev/builtin#string\n \t// SkipValidation bypasses validation on Options. It should only be used\n \t// internally for clients that needs more control over their transport.\n \tSkipValidation https://pkg.go.dev/builtin#bool\n }\n\nInternalOptions are only meant to be set by generated client code. These are\nnot meant to be set directly by consumers of this package. Configuration in\nthis type is considered EXPERIMENTAL and may be removed at any time in the\nfuture without warning. \n\nOptions\n-------\n\n type Options struct {\n \t// DisableTelemetry disables default telemetry (OpenTelemetry). An example\n \t// reason to do so would be to bind custom telemetry that overrides the\n \t// defaults.\n \tDisableTelemetry https://pkg.go.dev/builtin#bool\n \t// DisableAuthentication specifies that no authentication should be used. It\n \t// is suitable only for testing and for accessing public resources, like\n \t// public Google Cloud Storage buckets.\n \tDisableAuthentication https://pkg.go.dev/builtin#bool\n \t// Endpoint overrides the default endpoint to be used for a service.\n \tEndpoint https://pkg.go.dev/builtin#string\n \t// Metadata is extra gRPC metadata that will be appended to every outgoing\n \t// request.\n \tMetadata map[https://pkg.go.dev/builtin#string]https://pkg.go.dev/builtin#string\n \t// GRPCDialOpts are dial options that will be passed to `grpc.Dial` when\n \t// establishing a`grpc.Conn``\n \tGRPCDialOpts []https://pkg.go.dev/google.golang.org/grpc.https://pkg.go.dev/google.golang.org/grpc#DialOption\n \t// PoolSize is specifies how many connections to balance between when making\n \t// requests. If unset or less than 1, the value defaults to 1.\n \tPoolSize https://pkg.go.dev/builtin#int\n \t// Credentials used to add Authorization metadata to all requests. If set\n \t// DetectOpts are ignored.\n \tCredentials */go/docs/reference/cloud.google.com/go/auth/latest./go/docs/reference/cloud.google.com/go/auth/latest#cloud_google_com_go_auth_Credentials\n \t// ClientCertProvider is a function that returns a TLS client certificate to\n \t// be used when opening TLS connections. It follows the same semantics as\n \t// crypto/tls.Config.GetClientCertificate.\n \tClientCertProvider #cloud_google_com_go_auth_grpctransport_ClientCertProvider\n \t// DetectOpts configures settings for detect Application Default\n \t// Credentials.\n \tDetectOpts */go/docs/reference/cloud.google.com/go/auth/latest/credentials./go/docs/reference/cloud.google.com/go/auth/latest/credentials#cloud_google_com_go_auth_credentials_DetectOptions\n \t// UniverseDomain is the default service domain for a given Cloud universe.\n \t// The default value is \"googleapis.com\". This is the universe domain\n \t// configured for the client, which will be compared to the universe domain\n \t// that is separately configured for the credentials.\n \tUniverseDomain https://pkg.go.dev/builtin#string\n \t// APIKey specifies an API key to be used as the basis for authentication.\n \t// If set DetectOpts are ignored.\n \tAPIKey https://pkg.go.dev/builtin#string\n \t// Logger is used for debug logging. If provided, logging will be enabled\n \t// at the loggers configured level. By default logging is disabled unless\n \t// enabled by setting GOOGLE_SDK_GO_LOGGING_LEVEL in which case a default\n \t// logger will be used. Optional.\n \tLogger *https://pkg.go.dev/log/slog.https://pkg.go.dev/log/slog#Logger\n\n \t// InternalOptions are NOT meant to be set directly by consumers of this\n \t// package, they should only be set by generated client code.\n \tInternalOptions *#cloud_google_com_go_auth_grpctransport_InternalOptions\n }\n\nOptions used to configure a \\[GRPCClientConnPool\\] from \\[Dial\\]."]]
