Class: Google::Auth::DefaultCredentials

Inherits:
Object
  • Object
show all
Extended by:
CredentialsLoader
Defined in:
lib/googleauth/default_credentials.rb

Overview

DefaultCredentials is used to preload the credentials file, to determine which type of credentials should be loaded.

Constant Summary

Constants included from CredentialsLoader

CredentialsLoader::ACCOUNT_TYPE_VAR, CredentialsLoader::AWS_ACCESS_KEY_ID_VAR, CredentialsLoader::AWS_DEFAULT_REGION_VAR, CredentialsLoader::AWS_REGION_VAR, CredentialsLoader::AWS_SECRET_ACCESS_KEY_VAR, CredentialsLoader::AWS_SESSION_TOKEN_VAR, CredentialsLoader::CLIENT_EMAIL_VAR, CredentialsLoader::CLIENT_ID_VAR, CredentialsLoader::CLIENT_SECRET_VAR, CredentialsLoader::CLOUD_SDK_CLIENT_ID, CredentialsLoader::CREDENTIALS_FILE_NAME, CredentialsLoader::ENV_VAR, CredentialsLoader::GCLOUD_CONFIG_COMMAND, CredentialsLoader::GCLOUD_POSIX_COMMAND, CredentialsLoader::GCLOUD_WINDOWS_COMMAND, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::PRIVATE_KEY_VAR, CredentialsLoader::PROJECT_ID_VAR, CredentialsLoader::REFRESH_TOKEN_VAR, CredentialsLoader::SYSTEM_DEFAULT_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH

Class Method Summary collapse

Methods included from CredentialsLoader

from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds

Class Method Details

.determine_creds_class(json_key_io) ⇒ Object

Reads the input json and determines which creds class to use.



74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/googleauth/default_credentials.rb', line 74

def self.determine_creds_class json_key_io
  json_key = MultiJson.load json_key_io.read
  key = "type"
  raise "the json is missing the '#{key}' field" unless json_key.key? key
  type = json_key[key]
  case type
  when "service_account"
    [json_key, ServiceAccountCredentials]
  when "authorized_user"
    [json_key, UserRefreshCredentials]
  when "external_account"
    [json_key, ExternalAccount::Credentials]
  else
    raise "credentials type '#{type}' is not supported"
  end
end

.make_creds(options = {}) ⇒ Object

Override CredentialsLoader#make_creds to use the class determined by loading the json.

Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to Validate credential configurations from external sources.



45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/googleauth/default_credentials.rb', line 45

def self.make_creds options = {}
  json_key_io = options[:json_key_io]
  if json_key_io
    json_key, clz = determine_creds_class json_key_io
    io = StringIO.new MultiJson.dump(json_key)
    clz.make_creds options.merge(json_key_io: io)
  else
    clz = read_creds
    clz.make_creds options
  end
end

.read_credsObject 



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/googleauth/default_credentials.rb', line 57

def self.read_creds
  env_var = CredentialsLoader::ACCOUNT_TYPE_VAR
  type = ENV[env_var]
  raise "#{env_var} is undefined in env" unless type
  case type
  when "service_account"
    ServiceAccountCredentials
  when "authorized_user"
    UserRefreshCredentials
  when "external_account"
    ExternalAccount::Credentials
  else
    raise "credentials type '#{type}' is not supported"
  end
end