Class: Google::Auth::GCECredentials

Inherits:

Signet::OAuth2::Client

• Object
• Signet::OAuth2::Client
• Google::Auth::GCECredentials

Defined in:

lib/googleauth/compute_engine.rb

Overview

Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.

Constant Summary

Constants included from BaseClient

BaseClient::AUTH_METADATA_KEY

Instance Attribute Summary

Attributes inherited from Signet::OAuth2::Client

#universe_domain

Class Method Summary

• .on_gce?(_options = {}, _reload = false) ⇒ Boolean

  Detect if this appear to be a GCE instance, by checking if metadata is available.

• .reset_cache ⇒ Object (also: unmemoize_all)

Instance Method Summary

• #fetch_access_token(_options = {}) ⇒ Object

  Overrides the super class method to change how access tokens are fetched.

• #initialize(options = {}) ⇒ GCECredentials constructor

  Construct a GCECredentials.

Methods inherited from Signet::OAuth2::Client

#build_default_connection, #configure_connection, #fetch_access_token!, #orig_fetch_access_token!, #retry_with_error, #token_type, #update_token!, #update_token_signet_base

Methods included from BaseClient

#apply, #apply!, #expires_within?, #needs_access_token?, #notify_refresh_listeners, #on_refresh, #updater_proc

Constructor Details

#initialize(options = {}) ⇒ GCECredentials

Construct a GCECredentials

# File 'lib/googleauth/compute_engine.rb', line 87

def initialize options = {}
  # Override the constructor to remember whether the universe domain was
  # overridden by a constructor argument.
  @universe_domain_overridden = options["universe_domain"] || options[:universe_domain] ? true : false
  # TODO: Remove when universe domain metadata endpoint is stable (see b/349488459).
  @disable_universe_domain_check = true
  super options
end

Class Method Details

.on_gce?(_options = {}, _reload = false) ⇒ Boolean

Detect if this appear to be a GCE instance, by checking if metadata is available. The parameters are deprecated and unused.

Returns:

• (Boolean)

# File 'lib/googleauth/compute_engine.rb', line 72

def on_gce? _options = {}, _reload = false # rubocop:disable Style/OptionalBooleanParameter
  Google::Cloud.env.metadata?
end

.reset_cache ⇒ Object Also known as: unmemoize_all

# File 'lib/googleauth/compute_engine.rb', line 76

def reset_cache
  Google::Cloud.env.compute_metadata.reset_existence!
  Google::Cloud.env.compute_metadata.cache.expire_all!
end

Instance Method Details

#fetch_access_token(_options = {}) ⇒ Object

Overrides the super class method to change how access tokens are fetched.

# File 'lib/googleauth/compute_engine.rb', line 98

def fetch_access_token _options = {}
  if token_type == :id_token
    query = { "audience" => target_audience, "format" => "full" }
    entry = "service-accounts/default/identity"
  else
    query = {}
    entry = "service-accounts/default/token"
  end
  query[:scopes] = Array(scope).join "," if scope
  begin
    resp = Google::Cloud.env.lookup_metadata_response "instance", entry, query: query
    case resp.status
    when 200
      build_token_hash resp.body, resp.headers["content-type"], resp.retrieval_monotonic_time
    when 403, 500
      msg = "Unexpected error code #{resp.status} #{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::UnexpectedStatusError, msg
    when 404
      raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR
    else
      msg = "Unexpected error code #{resp.status} #{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::AuthorizationError, msg
    end
  rescue Google::Cloud::Env::MetadataServerNotResponding => e
    raise Signet::AuthorizationError, e.message
  end
end