Module: Google::Auth::CredentialsLoader
- Extended by:
- Memoist
- Included in:
- DefaultCredentials, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, UserRefreshCredentials
- Defined in:
- lib/googleauth/credentials_loader.rb
Overview
CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.
Constant Summary collapse
- ENV_VAR =
"GOOGLE_APPLICATION_CREDENTIALS".freeze
- PRIVATE_KEY_VAR =
"GOOGLE_PRIVATE_KEY".freeze
- CLIENT_EMAIL_VAR =
"GOOGLE_CLIENT_EMAIL".freeze
- CLIENT_ID_VAR =
"GOOGLE_CLIENT_ID".freeze
- CLIENT_SECRET_VAR =
"GOOGLE_CLIENT_SECRET".freeze
- REFRESH_TOKEN_VAR =
"GOOGLE_REFRESH_TOKEN".freeze
- ACCOUNT_TYPE_VAR =
"GOOGLE_ACCOUNT_TYPE".freeze
- PROJECT_ID_VAR =
"GOOGLE_PROJECT_ID".freeze
- GCLOUD_POSIX_COMMAND =
"gcloud".freeze
- GCLOUD_WINDOWS_COMMAND =
"gcloud.cmd".freeze
- GCLOUD_CONFIG_COMMAND =
"config config-helper --format json --verbosity none".freeze
- CREDENTIALS_FILE_NAME =
"application_default_credentials.json".freeze
- NOT_FOUND_ERROR =
"Unable to read the credential file specified by #{ENV_VAR}".freeze
- WELL_KNOWN_PATH =
"gcloud/#{CREDENTIALS_FILE_NAME}".freeze
- WELL_KNOWN_ERROR =
"Unable to read the default credential file".freeze
- SYSTEM_DEFAULT_ERROR =
"Unable to read the system default credential file".freeze
- CLOUD_SDK_CLIENT_ID =
"764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app"\ "s.googleusercontent.com".freeze
- CLOUD_SDK_CREDENTIALS_WARNING =
"Your application has authenticated using end user "\ "credentials from Google Cloud SDK. We recommend that most server applications use "\ "service accounts instead. If your application continues to use end user credentials "\ 'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For '\ "more information about service accounts, see "\ "https://cloud.google.com/docs/authentication/. To suppress this message, set the "\ "GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
Class Method Summary collapse
-
.load_gcloud_project_id ⇒ Object
Finds project_id from gcloud CLI configuration.
-
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used.
Instance Method Summary collapse
-
#from_env(scope = nil, options = {}) ⇒ Object
Creates an instance from the path specified in an environment variable.
-
#from_system_default_path(scope = nil, options = {}) ⇒ Object
Creates an instance from the system default path.
-
#from_well_known_path(scope = nil, options = {}) ⇒ Object
Creates an instance from a well known path.
-
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance.
Class Method Details
.load_gcloud_project_id ⇒ Object
Finds project_id from gcloud CLI configuration
175 176 177 178 179 180 181 182 183 |
# File 'lib/googleauth/credentials_loader.rb', line 175 def load_gcloud_project_id gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows? gcloud = GCLOUD_POSIX_COMMAND unless OS.windows? gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", &:read) config = MultiJson.load gcloud_json config["configuration"]["properties"]["core"]["project"] rescue StandardError nil end |
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used
169 170 171 172 |
# File 'lib/googleauth/credentials_loader.rb', line 169 def warn_if_cloud_sdk_credentials client_id return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"] warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID end |
Instance Method Details
#from_env(scope = nil, options = {}) ⇒ Object
Creates an instance from the path specified in an environment variable.
97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/googleauth/credentials_loader.rb', line 97 def from_env scope = nil, = {} = scope, if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty? path = ENV[ENV_VAR] raise "file #{path} does not exist" unless File.exist? path File.open path do |f| return make_creds .merge(json_key_io: f) end elsif service_account_env_vars? || make_creds end rescue StandardError => e raise "#{NOT_FOUND_ERROR}: #{e}" end |
#from_system_default_path(scope = nil, options = {}) ⇒ Object
Creates an instance from the system default path
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# File 'lib/googleauth/credentials_loader.rb', line 149 def from_system_default_path scope = nil, = {} = scope, if OS.windows? return nil unless ENV["ProgramData"] prefix = File.join ENV["ProgramData"], "Google/Auth" else prefix = "/etc/google/auth/" end path = File.join prefix, CREDENTIALS_FILE_NAME return nil unless File.exist? path File.open path do |f| return make_creds .merge(json_key_io: f) end rescue StandardError => e raise "#{SYSTEM_DEFAULT_ERROR}: #{e}" end |
#from_well_known_path(scope = nil, options = {}) ⇒ Object
Creates an instance from a well known path.
123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/googleauth/credentials_loader.rb', line 123 def from_well_known_path scope = nil, = {} = scope, home_var = OS.windows? ? "APPDATA" : "HOME" base = WELL_KNOWN_PATH root = ENV[home_var].nil? ? "" : ENV[home_var] base = File.join ".config", base unless OS.windows? path = File.join root, base return nil unless File.exist? path File.open path do |f| return make_creds .merge(json_key_io: f) end rescue StandardError => e raise "#{WELL_KNOWN_ERROR}: #{e}" end |
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance
By default, it calls #new on the current class, but this behaviour can be modified, allowing different instances to be created.
79 80 81 82 83 |
# File 'lib/googleauth/credentials_loader.rb', line 79 def make_creds *args creds = new(*args) creds = creds.configure_connection args[0] if creds.respond_to?(:configure_connection) && args.size == 1 creds end |