Class: Google::Auth::DefaultCredentials

Inherits:
Object
  • Object
show all
Extended by:
CredentialsLoader
Defined in:
lib/googleauth/default_credentials.rb

Overview

DefaultCredentials is used to preload the credentials file, to determine which type of credentials should be loaded.

Constant Summary

Constants included from CredentialsLoader

CredentialsLoader::ACCOUNT_TYPE_VAR, CredentialsLoader::AWS_ACCESS_KEY_ID_VAR, CredentialsLoader::AWS_DEFAULT_REGION_VAR, CredentialsLoader::AWS_REGION_VAR, CredentialsLoader::AWS_SECRET_ACCESS_KEY_VAR, CredentialsLoader::AWS_SESSION_TOKEN_VAR, CredentialsLoader::CLIENT_EMAIL_VAR, CredentialsLoader::CLIENT_ID_VAR, CredentialsLoader::CLIENT_SECRET_VAR, CredentialsLoader::CLOUD_SDK_CLIENT_ID, CredentialsLoader::CREDENTIALS_FILE_NAME, CredentialsLoader::ENV_VAR, CredentialsLoader::GCLOUD_CONFIG_COMMAND, CredentialsLoader::GCLOUD_POSIX_COMMAND, CredentialsLoader::GCLOUD_WINDOWS_COMMAND, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::PRIVATE_KEY_VAR, CredentialsLoader::PROJECT_ID_VAR, CredentialsLoader::REFRESH_TOKEN_VAR, CredentialsLoader::SYSTEM_DEFAULT_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH

Class Method Summary collapse

Methods included from CredentialsLoader

from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds

Class Method Details

.determine_creds_class(json_key_io) ⇒ Array(Hash, Class)

Reads the input json and determines which creds class to use.

Parameters:

  • json_key_io (IO)

    An IO object containing the JSON key

Returns:

  • (Array(Hash, Class))

    The JSON key and the credential class to use

Raises:



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/googleauth/default_credentials.rb', line 86

def self.determine_creds_class json_key_io
  json_key = MultiJson.load json_key_io.read
  key = "type"
  raise InitializationError, "the json is missing the '#{key}' field" unless json_key.key? key
  type = json_key[key]
  case type
  when "service_account"
    [json_key, ServiceAccountCredentials]
  when "authorized_user"
    [json_key, UserRefreshCredentials]
  when "external_account"
    [json_key, ExternalAccount::Credentials]
  else
    raise InitializationError, "credentials type '#{type}' is not supported"
  end
end

.make_creds(options = {}) ⇒ Google::Auth::Credentials

Override CredentialsLoader#make_creds to use the class determined by loading the json.

Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to Validate credential configurations from external sources.

Parameters:

  • options (Hash) (defaults to: {})

    Options for creating the credentials

Returns:

Raises:



49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/googleauth/default_credentials.rb', line 49

def self.make_creds options = {}
  json_key_io = options[:json_key_io]
  if json_key_io
    json_key, clz = determine_creds_class json_key_io
    io = StringIO.new MultiJson.dump(json_key)
    clz.make_creds options.merge(json_key_io: io)
  else
    clz = read_creds
    clz.make_creds options
  end
end

.read_credsClass

Reads the credential type from environment and returns the appropriate class

Returns:

  • (Class)

    The credential class to use

Raises:



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/googleauth/default_credentials.rb', line 65

def self.read_creds
  env_var = CredentialsLoader::ACCOUNT_TYPE_VAR
  type = ENV[env_var]
  raise InitializationError, "#{env_var} is undefined in env" unless type
  case type
  when "service_account"
    ServiceAccountCredentials
  when "authorized_user"
    UserRefreshCredentials
  when "external_account"
    ExternalAccount::Credentials
  else
    raise InitializationError, "credentials type '#{type}' is not supported"
  end
end