Module: Google::Auth::CredentialsLoader
- Extended by:
- Memoist
- Included in:
- DefaultCredentials, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, UserRefreshCredentials
- Defined in:
- lib/googleauth/credentials_loader.rb
Overview
CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.
Constant Summary collapse
- ENV_VAR =
'GOOGLE_APPLICATION_CREDENTIALS'.freeze
- PRIVATE_KEY_VAR =
'GOOGLE_PRIVATE_KEY'.freeze
- CLIENT_EMAIL_VAR =
'GOOGLE_CLIENT_EMAIL'.freeze
- CLIENT_ID_VAR =
'GOOGLE_CLIENT_ID'.freeze
- CLIENT_SECRET_VAR =
'GOOGLE_CLIENT_SECRET'.freeze
- REFRESH_TOKEN_VAR =
'GOOGLE_REFRESH_TOKEN'.freeze
- ACCOUNT_TYPE_VAR =
'GOOGLE_ACCOUNT_TYPE'.freeze
- PROJECT_ID_VAR =
'GOOGLE_PROJECT_ID'.freeze
- GCLOUD_POSIX_COMMAND =
'gcloud'.freeze
- GCLOUD_WINDOWS_COMMAND =
'gcloud.cmd'.freeze
- GCLOUD_CONFIG_COMMAND =
'config config-helper --format json'.freeze
- CREDENTIALS_FILE_NAME =
'application_default_credentials.json'.freeze
- NOT_FOUND_ERROR =
"Unable to read the credential file specified by #{ENV_VAR}".freeze
- WELL_KNOWN_PATH =
"gcloud/#{CREDENTIALS_FILE_NAME}".freeze
- WELL_KNOWN_ERROR =
'Unable to read the default credential file'.freeze
- SYSTEM_DEFAULT_ERROR =
'Unable to read the system default credential file'.freeze
- CLOUD_SDK_CLIENT_ID =
'764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app'\ 's.googleusercontent.com'.freeze
- CLOUD_SDK_CREDENTIALS_WARNING =
'Your application has authenticated '\ 'using end user credentials from Google Cloud SDK. We recommend that '\ 'most server applications use service accounts instead. If your '\ 'application continues to use end user credentials from Cloud SDK, '\ 'you might receive a "quota exceeded" or "API not enabled" error. For'\ ' more information about service accounts, see '\ 'https://cloud.google.com/docs/authentication/.'.freeze
Class Method Summary collapse
-
.load_gcloud_project_id ⇒ Object
Finds project_id from gcloud CLI configuration.
-
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used.
Instance Method Summary collapse
-
#from_env(scope = nil, options = {}) ⇒ Object
Creates an instance from the path specified in an environment variable.
-
#from_system_default_path(scope = nil, options = {}) ⇒ Object
Creates an instance from the system default path.
-
#from_well_known_path(scope = nil, options = {}) ⇒ Object
Creates an instance from a well known path.
-
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance.
Class Method Details
.load_gcloud_project_id ⇒ Object
Finds project_id from gcloud CLI configuration
174 175 176 177 178 179 180 181 |
# File 'lib/googleauth/credentials_loader.rb', line 174 def load_gcloud_project_id gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows? gcloud = GCLOUD_POSIX_COMMAND unless OS.windows? config = MultiJson.load(`#{gcloud} #{GCLOUD_CONFIG_COMMAND}`) config['configuration']['properties']['core']['project'] rescue nil end |
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used
168 169 170 |
# File 'lib/googleauth/credentials_loader.rb', line 168 def warn_if_cloud_sdk_credentials(client_id) warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID end |
Instance Method Details
#from_env(scope = nil, options = {}) ⇒ Object
Creates an instance from the path specified in an environment variable.
98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/googleauth/credentials_loader.rb', line 98 def from_env(scope = nil, = {}) = scope, if ENV.key?(ENV_VAR) path = ENV[ENV_VAR] raise "file #{path} does not exist" unless File.exist?(path) File.open(path) do |f| return make_creds(.merge(json_key_io: f)) end elsif service_account_env_vars? || return make_creds() end rescue StandardError => e raise "#{NOT_FOUND_ERROR}: #{e}" end |
#from_system_default_path(scope = nil, options = {}) ⇒ Object
Creates an instance from the system default path
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/googleauth/credentials_loader.rb', line 150 def from_system_default_path(scope = nil, = {}) = scope, if OS.windows? return nil unless ENV['ProgramData'] prefix = File.join(ENV['ProgramData'], 'Google/Auth') else prefix = '/etc/google/auth/' end path = File.join(prefix, CREDENTIALS_FILE_NAME) return nil unless File.exist?(path) File.open(path) do |f| return make_creds(.merge(json_key_io: f)) end rescue StandardError => e raise "#{SYSTEM_DEFAULT_ERROR}: #{e}" end |
#from_well_known_path(scope = nil, options = {}) ⇒ Object
Creates an instance from a well known path.
124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/googleauth/credentials_loader.rb', line 124 def from_well_known_path(scope = nil, = {}) = scope, home_var = OS.windows? ? 'APPDATA' : 'HOME' base = WELL_KNOWN_PATH root = ENV[home_var].nil? ? '' : ENV[home_var] base = File.join('.config', base) unless OS.windows? path = File.join(root, base) return nil unless File.exist?(path) File.open(path) do |f| return make_creds(.merge(json_key_io: f)) end rescue StandardError => e raise "#{WELL_KNOWN_ERROR}: #{e}" end |
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance
By default, it calls #new on the current class, but this behaviour can be modified, allowing different instances to be created.
78 79 80 81 82 83 84 |
# File 'lib/googleauth/credentials_loader.rb', line 78 def make_creds(*args) creds = new(*args) if creds.respond_to?(:configure_connection) && args.size == 1 creds = creds.configure_connection(args[0]) end creds end |