Class: Google::Auth::GCECredentials

Inherits:

Signet::OAuth2::Client

• Object
• Signet::OAuth2::Client
• Google::Auth::GCECredentials

Defined in:

lib/googleauth/compute_engine.rb

Overview

Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.

Constant Summary

Constants included from BaseClient

BaseClient::AUTH_METADATA_KEY

Instance Attribute Summary

Attributes included from BaseClient

#logger

Class Method Summary

• .on_gce?(_options = {}, _reload = false) ⇒ Boolean

  Detect if this appear to be a GCE instance, by checking if metadata is available.

• .reset_cache ⇒ Object (also: unmemoize_all)

Instance Method Summary

• #duplicate(options = {}) ⇒ Object

  Creates a duplicate of these credentials without the Signet::OAuth2::Client-specific transient state (e.g. cached tokens).

• #fetch_access_token(_options = {}) ⇒ Hash

  Overrides the super class method to change how access tokens are fetched.

• #initialize(options = {}) ⇒ GCECredentials constructor

  Construct a GCECredentials.

• #update!(options = {}) ⇒ Google::Auth::GCECredentials

  Destructively updates these credentials.

Methods inherited from Signet::OAuth2::Client

#build_default_connection, #configure_connection, #fetch_access_token!, #generate_access_token_request, #googleauth_orig_generate_access_token_request, #orig_fetch_access_token!, #retry_with_error, #token_type, #update_signet_base, #update_token!, #update_token_signet_base

Methods included from BaseClient

#apply, #apply!, #expires_within?, #needs_access_token?, #notify_refresh_listeners, #on_refresh, #updater_proc

Constructor Details

#initialize(options = {}) ⇒ GCECredentials

Construct a GCECredentials

# File 'lib/googleauth/compute_engine.rb', line 88

def initialize options = {}
  # Override the constructor to remember whether the universe domain was
  # overridden by a constructor argument.
  @universe_domain_overridden = options["universe_domain"] || options[:universe_domain]
  # TODO: Remove when universe domain metadata endpoint is stable (see b/349488459).
  @disable_universe_domain_check = true
  super options
end

Class Method Details

.on_gce?(_options = {}, _reload = false) ⇒ Boolean

Detect if this appear to be a GCE instance, by checking if metadata is available. The parameters are deprecated and unused.

Returns:

• (Boolean)

# File 'lib/googleauth/compute_engine.rb', line 73

def on_gce? _options = {}, _reload = false # rubocop:disable Style/OptionalBooleanParameter
  Google::Cloud.env.metadata?
end

.reset_cache ⇒ Object Also known as: unmemoize_all

# File 'lib/googleauth/compute_engine.rb', line 77

def reset_cache
  Google::Cloud.env.compute_metadata.reset_existence!
  Google::Cloud.env.compute_metadata.cache.expire_all!
end

Instance Method Details

#duplicate(options = {}) ⇒ Object

Creates a duplicate of these credentials without the Signet::OAuth2::Client-specific transient state (e.g. cached tokens)

Parameters:

• options (Hash) (defaults to: {}) —

  Overrides for the credentials parameters. The following keys are recognized in addition to keys in the Signet::OAuth2::Client

  • :universe_domain_overridden Whether the universe domain was overriden during credentials creation

# File 'lib/googleauth/compute_engine.rb', line 106

def duplicate options = {}
  options = deep_hash_normalize options
  super(
    {
      universe_domain_overridden: @universe_domain_overridden
    }.merge(options)
  )
end

#fetch_access_token(_options = {}) ⇒ Hash

Overrides the super class method to change how access tokens are fetched.

Parameters:

• _options (Hash) (defaults to: {}) —

  Options for token fetch (not used)

Returns:

• (Hash) —

  The token data hash

Raises:

• (Google::Auth::UnexpectedStatusError) —

  On unexpected HTTP status codes

• (Google::Auth::AuthorizationError) —

  If metadata server is unavailable or returns error

# File 'lib/googleauth/compute_engine.rb', line 135

def fetch_access_token _options = {}
  query, entry = build_metadata_request_params
  begin
    log_fetch_query
    resp = Google::Cloud.env.lookup_metadata_response "instance", entry, query: query
    log_fetch_resp resp
    handle_metadata_response resp
  rescue Google::Cloud::Env::MetadataServerNotResponding => e
    log_fetch_err e
    raise AuthorizationError.with_details(
      e.message,
      credential_type_name: self.class.name,
      principal: principal
    )
  end
end

#update!(options = {}) ⇒ Google::Auth::GCECredentials

Destructively updates these credentials.

This method is called by Signet::OAuth2::Client's constructor

Parameters:

• options (Hash) (defaults to: {}) —

  Overrides for the credentials parameters. The following keys are recognized in addition to keys in the Signet::OAuth2::Client

  • :universe_domain_overridden Whether the universe domain was overriden during credentials creation

Returns:

• (Google::Auth::GCECredentials)

# File 'lib/googleauth/compute_engine.rb', line 162

def update! options = {}
  # Normalize all keys to symbols to allow indifferent access.
  options = deep_hash_normalize options

  @universe_domain_overridden = options[:universe_domain_overridden] if options.key? :universe_domain_overridden

  super(options)

  self
end