Class: Google::Auth::GCECredentials

Inherits:

Signet::OAuth2::Client

Object
Signet::OAuth2::Client
Google::Auth::GCECredentials

show all

Extended by:: Memoist

Defined in:: lib/googleauth/compute_engine.rb

Overview

Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.

Constant Summary collapse

COMPUTE_AUTH_TOKEN_URI = The IP Address is used in the URIs to speed up failures on non-GCE systems.

"http://169.254.169.254/computeMetadata/v1/"\
"instance/service-accounts/default/token".freeze

COMPUTE_CHECK_URI =

"http://169.254.169.254".freeze

Class Method Summary collapse

.on_gce?(options = {}) ⇒ Boolean

Detect if this appear to be a GCE instance, by checking if metadata is available.

Instance Method Summary collapse

#fetch_access_token(options = {}) ⇒ Object

Overrides the super class method to change how access tokens are fetched.

Methods inherited from Signet::OAuth2::Client

#apply, #apply!, #build_default_connection, #configure_connection, #fetch_access_token!, #notify_refresh_listeners, #on_refresh, #orig_fetch_access_token!, #retry_with_error, #updater_proc

Class Method Details

.on_gce?(options = {}) ⇒ `Boolean`

Detect if this appear to be a GCE instance, by checking if metadata is available.

Returns:

(Boolean)

# File 'lib/googleauth/compute_engine.rb', line 63

def on_gce? options = {}
  # TODO: This should use google-cloud-env instead.
  c = options[:connection] || Faraday.default_connection
  headers = { "Metadata-Flavor" => "Google" }
  resp = c.get COMPUTE_CHECK_URI, nil, headers do |req|
    req.options.timeout = 1.0
    req.options.open_timeout = 0.1
  end
  return false unless resp.status == 200
  resp.headers["Metadata-Flavor"] == "Google"
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
  false
end

Instance Method Details

#fetch_access_token(options = {}) ⇒ `Object`

Overrides the super class method to change how access tokens are fetched.

# File 'lib/googleauth/compute_engine.rb', line 82

def fetch_access_token options = {}
  c = options[:connection] || Faraday.default_connection
  retry_with_error do
    headers = { "Metadata-Flavor" => "Google" }
    resp = c.get COMPUTE_AUTH_TOKEN_URI, nil, headers
    case resp.status
    when 200
      Signet::OAuth2.parse_credentials(resp.body,
                                       resp.headers["content-type"])
    when 404
      raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR
    else
      msg = "Unexpected error code #{resp.status}" \
        "#{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::AuthorizationError, msg
    end
  end
end