Module: Gaargh

Defined in:
lib/gaargh.rb,
lib/gaargh/version.rb

Defined Under Namespace

Classes: Error

Constant Summary collapse

VERSION = 
"0.1.5"

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.loggerObject 



12
13
14
 
# File 'lib/gaargh.rb', line 12

def self.logger
  @logger ||= Logger.new(STDOUT)
end

Class Method Details

.impersonate_service_account(service_account_email: '', lifetime: '3600s', scopes: ['https://www.googleapis.com/auth/cloud-platform']) ⇒ Signet::OAuth2::Client

Returns an impersonated credentials client to be used with the GCP clients impersonated_credentials_client = Gaargh.impersonate_service_account(service_account_email: ‘[email protected]’) e.g. storage = Google::Cloud::Storage.new(credentials: impersonated_credentials_client, project_id: ‘your-storage-project-id’)

Parameters:

  • service_account_email (String) (defaults to: '')
  • lifetime (String) (defaults to: '3600s')

    • the lifetime of the access token in seconds (default: 3600s)

  • scopes (Array) (defaults to: ['https://www.googleapis.com/auth/cloud-platform'])

Returns:

  • (Signet::OAuth2::Client)

    client - the client to be used with GCP clients



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/gaargh.rb', line 24

def self.(service_account_email: '', lifetime: '3600s', scopes: ['https://www.googleapis.com/auth/cloud-platform'])
  creds_service = Google::Apis::IamcredentialsV1::IAMCredentialsService.new

  creds_service.authorization = Google::Auth.get_application_default(scopes)

  generate_token_request = Google::Apis::IamcredentialsV1::GenerateAccessTokenRequest.new(
      lifetime: lifetime,
      scope: ['https://www.googleapis.com/auth/cloud-platform']
  )
  # The resource name of the service account
   = "projects/-/serviceAccounts/#{}"

  begin
     = creds_service.(, generate_token_request)
  rescue Google::Apis::ClientError => e
    logger.error("Service account #{} does not exist or you do not have permissions.")
    raise e
  end

  client = Signet::OAuth2::Client.new
  client.access_token = .access_token
  return client
end

.token_expiration_time(access_token:) ⇒ Hash

Returns information about the access token provided e.g. expiration time, email address etc.

Parameters:

  • access_token (String)

    • the access token to retrieve information about

Returns:

  • (Hash)

    token_info - a hash containing information about the access token, error informaiton if the request fails



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/gaargh.rb', line 52

def self.token_expiration_time(access_token:)
  uri = URI.parse("https://oauth2.googleapis.com/tokeninfo?access_token=#{access_token}")
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true

  request = Net::HTTP::Get.new(uri.request_uri)

  response = http.request(request)

  if response.code == '200'
    data = JSON.parse(response.body)
    expiration_time = Time.at(data['exp'].to_i)
    logger.info("Token expires at: #{expiration_time}")
    token_info = {
      token_data: data,
      token_expiration_time: expiration_time
    }
    return token_info
  else
    error_hash = {
      error: "Failed to retrieve token information",
      response_code: response.code,
      response_body: response.body
    }
    logger.error("Error retrieving token information: response.code: #{response.code}, response.body: #{response.body}")
    return error_hash
  end
end