Class: Google::Auth::DefaultCredentials

Inherits:

Object

• Object
• Google::Auth::DefaultCredentials

Extended by:

CredentialsLoader

Defined in:

lib/googleauth/default_credentials.rb

Overview

DefaultCredentials is used to preload the credentials file, to determine which type of credentials should be loaded.

Constant Summary

Constants included from CredentialsLoader

CredentialsLoader::ACCOUNT_TYPE_VAR, CredentialsLoader::AWS_ACCESS_KEY_ID_VAR, CredentialsLoader::AWS_DEFAULT_REGION_VAR, CredentialsLoader::AWS_REGION_VAR, CredentialsLoader::AWS_SECRET_ACCESS_KEY_VAR, CredentialsLoader::AWS_SESSION_TOKEN_VAR, CredentialsLoader::CLIENT_EMAIL_VAR, CredentialsLoader::CLIENT_ID_VAR, CredentialsLoader::CLIENT_SECRET_VAR, CredentialsLoader::CLOUD_SDK_CLIENT_ID, CredentialsLoader::CREDENTIALS_FILE_NAME, CredentialsLoader::ENV_VAR, CredentialsLoader::GCLOUD_CONFIG_COMMAND, CredentialsLoader::GCLOUD_POSIX_COMMAND, CredentialsLoader::GCLOUD_WINDOWS_COMMAND, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::PRIVATE_KEY_VAR, CredentialsLoader::PROJECT_ID_VAR, CredentialsLoader::REFRESH_TOKEN_VAR, CredentialsLoader::SYSTEM_DEFAULT_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH

Class Method Summary

• .determine_creds_class(json_key_io) ⇒ Object

  Reads the input json and determines which creds class to use.

• .make_creds(options = {}) ⇒ Object

  override CredentialsLoader#make_creds to use the class determined by loading the json.

• .read_creds ⇒ Object

Methods included from CredentialsLoader

from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds

Class Method Details

.determine_creds_class(json_key_io) ⇒ Object

Reads the input json and determines which creds class to use.

# File 'lib/googleauth/default_credentials.rb', line 63

def self.determine_creds_class json_key_io
  json_key = MultiJson.load json_key_io.read
  key = "type"
  raise "the json is missing the '#{key}' field" unless json_key.key? key
  type = json_key[key]
  case type
  when "service_account"
    [json_key, ServiceAccountCredentials]
  when "authorized_user"
    [json_key, UserRefreshCredentials]
  when "external_account"
    [json_key, ExternalAccount::Credentials]
  else
    raise "credentials type '#{type}' is not supported"
  end
end

.make_creds(options = {}) ⇒ Object

override CredentialsLoader#make_creds to use the class determined by loading the json.

# File 'lib/googleauth/default_credentials.rb', line 34

def self.make_creds options = {}
  json_key_io = options[:json_key_io]
  if json_key_io
    json_key, clz = determine_creds_class json_key_io
    io = StringIO.new MultiJson.dump(json_key)
    clz.make_creds options.merge(json_key_io: io)
  else
    clz = read_creds
    clz.make_creds options
  end
end

.read_creds ⇒ Object

# File 'lib/googleauth/default_credentials.rb', line 46

def self.read_creds
  env_var = CredentialsLoader::ACCOUNT_TYPE_VAR
  type = ENV[env_var]
  raise "#{env_var} is undefined in env" unless type
  case type
  when "service_account"
    ServiceAccountCredentials
  when "authorized_user"
    UserRefreshCredentials
  when "external_account"
    ExternalAccount::Credentials
  else
    raise "credentials type '#{type}' is not supported"
  end
end