Class: Google::Auth::ServiceAccountCredentials

Inherits:

Signet::OAuth2::Client

• Object
• Signet::OAuth2::Client
• Google::Auth::ServiceAccountCredentials

Extended by:

Memoist

Defined in:

lib/googleauth/service_account.rb

Overview

Authenticates requests using Google’s Service Account credentials.

This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via ‘Generate new Json Key’).

cf [Application Default Credentials](goo.gl/mkAHpZ)

Constant Summary

ENV_VAR =

'GOOGLE_APPLICATION_CREDENTIALS'

NOT_FOUND_ERROR =

"Unable to read the credential file specified by #{ENV_VAR}"

TOKEN_CRED_URI =

'https://www.googleapis.com/oauth2/v3/token'

WELL_KNOWN_PATH =

'gcloud/application_default_credentials.json'

WELL_KNOWN_ERROR =

'Unable to read the default credential file'

Class Method Summary

• .from_env(scope) ⇒ Object

  Creates an instance from the path specified in an environment variable.

• .from_well_known_path(scope) ⇒ Object

  Creates an instance from a well known path.

• .windows? ⇒ Boolean

  determines if the current OS is windows.

Instance Method Summary

• #initialize(scope, json_key_io) ⇒ ServiceAccountCredentials constructor

  Initializes a ServiceAccountCredentials.

Methods inherited from Signet::OAuth2::Client

#apply, #apply!, #updater_proc

Constructor Details

#initialize(scope, json_key_io) ⇒ ServiceAccountCredentials

Initializes a ServiceAccountCredentials.

Parameters:

• scope (string|array) —

  the scope(s) to access

• json_key_io (IO) —

  an IO from which the JSON key can be read

# File 'lib/googleauth/service_account.rb', line 108

def initialize(scope, json_key_io)
  private_key, client_email = read_json_key(json_key_io)
  super(token_credential_uri: TOKEN_CRED_URI,
        audience: TOKEN_CRED_URI,  # TODO: confirm this
        scope: scope,
        issuer: client_email,
        signing_key: OpenSSL::PKey::RSA.new(private_key))
end

Class Method Details

.from_env(scope) ⇒ Object

Creates an instance from the path specified in an environment variable.

Parameters:

• scope (string|array) —

  the scope(s) to access

# File 'lib/googleauth/service_account.rb', line 76

def from_env(scope)
  return nil unless ENV.key?(ENV_VAR)
  path = ENV[ENV_VAR]
  fail 'file #{path} does not exist' unless File.exist?(path)
  File.open(path) do |f|
    return new(scope, f)
  end
rescue StandardError => e
  raise "#{NOT_FOUND_ERROR}: #{e}"
end

.from_well_known_path(scope) ⇒ Object

Creates an instance from a well known path.

Parameters:

• scope (string|array) —

  the scope(s) to access

# File 'lib/googleauth/service_account.rb', line 90

def from_well_known_path(scope)
  home_var, base = windows? ? 'APPDATA' : 'HOME', WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? '' : ENV[home_var]
  base = File.join('.config', base) unless windows?
  path = File.join(root, base)
  return nil unless File.exist?(path)
  File.open(path) do |f|
    return new(scope, f)
  end
rescue StandardError => e
  raise "#{WELL_KNOWN_ERROR}: #{e}"
end

.windows? ⇒ Boolean

determines if the current OS is windows

Returns:

• (Boolean)

# File 'lib/googleauth/service_account.rb', line 67

def windows?
  RbConfig::CONFIG['host_os'] =~ /Windows|mswin/
end