Module: Google::Auth

Defined in:
lib/googleauth/iam.rb,
lib/googleauth/version.rb,
lib/googleauth/client_id.rb,
lib/googleauth/id_tokens.rb,
lib/googleauth/scope_util.rb,
lib/googleauth/base_client.rb,
lib/googleauth/credentials.rb,
lib/googleauth/token_store.rb,
lib/googleauth/user_refresh.rb,
lib/googleauth/compute_engine.rb,
lib/googleauth/json_key_reader.rb,
lib/googleauth/service_account.rb,
lib/googleauth/user_authorizer.rb,
lib/googleauth/external_account.rb,
lib/googleauth/id_tokens/errors.rb,
lib/googleauth/oauth2/sts_client.rb,
lib/googleauth/credentials_loader.rb,
lib/googleauth/helpers/connection.rb,
lib/googleauth/id_tokens/verifier.rb,
lib/googleauth/application_default.rb,
lib/googleauth/default_credentials.rb,
lib/googleauth/web_user_authorizer.rb,
lib/googleauth/id_tokens/key_sources.rb,
lib/googleauth/stores/file_token_store.rb,
lib/googleauth/stores/redis_token_store.rb,
lib/googleauth/external_account/aws_credentials.rb,
lib/googleauth/external_account/base_credentials.rb,
lib/googleauth/external_account/pluggable_credentials.rb,
lib/googleauth/external_account/external_account_utils.rb,
lib/googleauth/external_account/identity_pool_credentials.rb

Overview

Module Auth provides classes that provide Google-specific authorization used to access Google APIs.

Defined Under Namespace

Modules: BaseClient, CredentialsLoader, ExternalAccount, Helpers, IDTokens, JsonKeyReader, OAuth2, ScopeUtil, Stores Classes: ClientId, Credentials, DefaultCredentials, GCECredentials, IAMCredentials, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, TokenStore, UserAuthorizer, UserRefreshCredentials, WebUserAuthorizer

Constant Summary collapse

VERSION =
"1.11.1".freeze
NO_METADATA_SERVER_ERROR =
<<~ERROR.freeze
  Error code 404 trying to get security access token
  from Compute Engine metadata for the default service account. This
  may be because the virtual machine instance does not have permission
  scopes specified.
ERROR
UNEXPECTED_ERROR_SUFFIX =
<<~ERROR.freeze
  trying to get security access token from Compute Engine metadata for
  the default service account
ERROR
NOT_FOUND_ERROR =
<<~ERROR_MESSAGE.freeze
  Your credentials were not found. To set up Application Default
  Credentials for your environment, see
  https://cloud.google.com/docs/authentication/external/set-up-adc
ERROR_MESSAGE

Class Method Summary collapse

Class Method Details

.get_application_default(scope = nil, options = {}) ⇒ Object

Obtains the default credentials implementation to use in this environment.

Use this to obtain the Application Default Credentials for accessing Google APIs. Application Default Credentials are described in detail at https://cloud.google.com/docs/authentication/production.

If supplied, scope is used to create the credentials instance, when it can be applied. E.g, on google compute engine and for user credentials the scope is ignored.

Parameters:

  • scope (string|array|nil) (defaults to: nil)

    the scope(s) to access

  • options (Hash) (defaults to: {})

    Connection options. These may be used to configure the Faraday::Connection used for outgoing HTTP requests. For example, if a connection proxy must be used in the current network, you may provide a connection with with the needed proxy options. The following keys are recognized:

    • :default_connection The connection object to use for token refresh requests.
    • :connection_builder A Proc that creates and returns a connection to use for token refresh requests.
    • :connection The connection to use to determine whether GCE metadata credentials are available.

Raises:



53
54
55
56
57
58
59
60
# File 'lib/googleauth/application_default.rb', line 53

def get_application_default scope = nil, options = {}
  creds = DefaultCredentials.from_env(scope, options) ||
          DefaultCredentials.from_well_known_path(scope, options) ||
          DefaultCredentials.from_system_default_path(scope, options)
  return creds unless creds.nil?
  raise NOT_FOUND_ERROR unless GCECredentials.on_gce? options
  GCECredentials.new options.merge(scope: scope)
end