Module: Google::Auth::CredentialsLoader

Extended by:

Memoist

Included in:

DefaultCredentials, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, UserRefreshCredentials

Defined in:

lib/googleauth/credentials_loader.rb

Overview

CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.

Constant Summary

ENV_VAR =

'GOOGLE_APPLICATION_CREDENTIALS'.freeze

PRIVATE_KEY_VAR =

'GOOGLE_PRIVATE_KEY'.freeze

CLIENT_EMAIL_VAR =

'GOOGLE_CLIENT_EMAIL'.freeze

CLIENT_ID_VAR =

'GOOGLE_CLIENT_ID'.freeze

CLIENT_SECRET_VAR =

'GOOGLE_CLIENT_SECRET'.freeze

REFRESH_TOKEN_VAR =

'GOOGLE_REFRESH_TOKEN'.freeze

ACCOUNT_TYPE_VAR =

'GOOGLE_ACCOUNT_TYPE'.freeze

CREDENTIALS_FILE_NAME =

'application_default_credentials.json'.freeze

NOT_FOUND_ERROR =

"Unable to read the credential file specified by #{ENV_VAR}".freeze

WELL_KNOWN_PATH =

"gcloud/#{CREDENTIALS_FILE_NAME}".freeze

WELL_KNOWN_ERROR =

'Unable to read the default credential file'.freeze

SYSTEM_DEFAULT_ERROR =

'Unable to read the system default credential file'.freeze

Instance Method Summary

• #from_env(scope = nil) ⇒ Object

  Creates an instance from the path specified in an environment variable.

• #from_system_default_path(scope = nil) ⇒ Object

  Creates an instance from the system default path.

• #from_well_known_path(scope = nil) ⇒ Object

  Creates an instance from a well known path.

• #make_creds(*args) ⇒ Object

  make_creds proxies the construction of a credentials instance.

Instance Method Details

#from_env(scope = nil) ⇒ Object

Creates an instance from the path specified in an environment variable.

Parameters:

• scope (string|array|nil) (defaults to: nil) —

  the scope(s) to access

# File 'lib/googleauth/credentials_loader.rb', line 72

def from_env(scope = nil)
  if ENV.key?(ENV_VAR)
    path = ENV[ENV_VAR]
    raise "file #{path} does not exist" unless File.exist?(path)
    File.open(path) do |f|
      return make_creds(json_key_io: f, scope: scope)
    end
  elsif service_account_env_vars? || authorized_user_env_vars?
    return make_creds(scope: scope)
  end
rescue StandardError => e
  raise "#{NOT_FOUND_ERROR}: #{e}"
end

#from_system_default_path(scope = nil) ⇒ Object

Creates an instance from the system default path

Parameters:

• scope (string|array|nil) (defaults to: nil) —

  the scope(s) to access

# File 'lib/googleauth/credentials_loader.rb', line 106

def from_system_default_path(scope = nil)
  if OS.windows?
    return nil unless ENV['ProgramData']
    prefix = File.join(ENV['ProgramData'], 'Google/Auth')
  else
    prefix = '/etc/google/auth/'
  end
  path = File.join(prefix, CREDENTIALS_FILE_NAME)
  return nil unless File.exist?(path)
  File.open(path) do |f|
    return make_creds(json_key_io: f, scope: scope)
  end
rescue StandardError => e
  raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
end

#from_well_known_path(scope = nil) ⇒ Object

Creates an instance from a well known path.

Parameters:

• scope (string|array|nil) (defaults to: nil) —

  the scope(s) to access

# File 'lib/googleauth/credentials_loader.rb', line 89

def from_well_known_path(scope = nil)
  home_var = OS.windows? ? 'APPDATA' : 'HOME'
  base = WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? '' : ENV[home_var]
  base = File.join('.config', base) unless OS.windows?
  path = File.join(root, base)
  return nil unless File.exist?(path)
  File.open(path) do |f|
    return make_creds(json_key_io: f, scope: scope)
  end
rescue StandardError => e
  raise "#{WELL_KNOWN_ERROR}: #{e}"
end

#make_creds(*args) ⇒ Object

make_creds proxies the construction of a credentials instance

By default, it calls #new on the current class, but this behaviour can be modified, allowing different instances to be created.

# File 'lib/googleauth/credentials_loader.rb', line 64

def make_creds(*args)
  new(*args)
end