Class: Google::Auth::GCECredentials

# File 'lib/googleauth/compute_engine.rb', line 60

def compute_auth_token_uri
  "#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/token".freeze
end

.compute_check_uri ⇒ `Object`



56
57
58

# File 'lib/googleauth/compute_engine.rb', line 56

def compute_check_uri
  "http://#{metadata_host}".freeze
end

.compute_id_token_uri ⇒ `Object`



64
65
66

# File 'lib/googleauth/compute_engine.rb', line 64

def compute_id_token_uri
  "#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/identity".freeze
end

.metadata_host ⇒ `Object`



52
53
54

# File 'lib/googleauth/compute_engine.rb', line 52

def metadata_host
  ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
end

.on_gce?(options = {}, reload = false) ⇒ `Boolean`

Detect if this appear to be a GCE instance, by checking if metadata is available.

Returns:

(Boolean)

# File 'lib/googleauth/compute_engine.rb', line 70

def on_gce? options = {}, reload = false # rubocop:disable Style/OptionalBooleanParameter
  # We can follow OptionalBooleanParameter here because it's a public interface, we can't change it.
  @on_gce_cache.delete options if reload
  @on_gce_cache.fetch options do
    @on_gce_cache[options] = begin
      # TODO: This should use google-cloud-env instead.
      c = options[:connection] || Faraday.default_connection
      headers = { "Metadata-Flavor" => "Google" }
      resp = c.get compute_check_uri, nil, headers do |req|
        req.options.timeout = 1.0
        req.options.open_timeout = 0.1
      end
      return false unless resp.status == 200
      resp.headers["Metadata-Flavor"] == "Google"
    rescue Faraday::TimeoutError, Faraday::ConnectionFailed
      false
    end
  end
end

.reset_cache ⇒ `Object` Also known as: unmemoize_all



90
91
92

# File 'lib/googleauth/compute_engine.rb', line 90

def reset_cache
  @on_gce_cache.clear
end

Instance Method Details

#fetch_access_token(options = {}) ⇒ `Object`

Overrides the super class method to change how access tokens are fetched.

# File 'lib/googleauth/compute_engine.rb', line 98

def fetch_access_token options = {}
  c = options[:connection] || Faraday.default_connection
  retry_with_error do
    uri = target_audience ? GCECredentials.compute_id_token_uri : GCECredentials.compute_auth_token_uri
    query = target_audience ? { "audience" => target_audience, "format" => "full" } : {}
    query[:scopes] = Array(scope).join "," if scope
    resp = c.get uri, query, "Metadata-Flavor" => "Google"
    case resp.status
    when 200
      content_type = resp.headers["content-type"]
      if ["text/html", "application/text"].include? content_type
        { (target_audience ? "id_token" : "access_token") => resp.body }
      else
        Signet::OAuth2.parse_credentials resp.body, content_type
      end
    when 403, 500
      msg = "Unexpected error code #{resp.status} #{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::UnexpectedStatusError, msg
    when 404
      raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR
    else
      msg = "Unexpected error code #{resp.status} #{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::AuthorizationError, msg
    end
  end
end

Class: Google::Auth::GCECredentials

Overview

Constant Summary collapse

Constants included from BaseClient

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Signet::OAuth2::Client

Methods included from BaseClient

Class Method Details

.compute_auth_token_uri ⇒ Object

.compute_check_uri ⇒ Object

.compute_id_token_uri ⇒ Object

.metadata_host ⇒ Object

.on_gce?(options = {}, reload = false) ⇒ Boolean

.reset_cache ⇒ Object Also known as: unmemoize_all

Instance Method Details

#fetch_access_token(options = {}) ⇒ Object

.compute_auth_token_uri ⇒ `Object`

.compute_check_uri ⇒ `Object`

.compute_id_token_uri ⇒ `Object`

.metadata_host ⇒ `Object`

.on_gce?(options = {}, reload = false) ⇒ `Boolean`

.reset_cache ⇒ `Object` Also known as: unmemoize_all

#fetch_access_token(options = {}) ⇒ `Object`