Module: Google::Auth::CredentialsLoader
- Extended by:
- Memoist
- Included in:
- DefaultCredentials, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, UserRefreshCredentials
- Defined in:
- lib/googleauth/credentials_loader.rb
Overview
CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.
Constant Summary collapse
- ENV_VAR =
'GOOGLE_APPLICATION_CREDENTIALS'.freeze
- PRIVATE_KEY_VAR =
'GOOGLE_PRIVATE_KEY'.freeze
- CLIENT_EMAIL_VAR =
'GOOGLE_CLIENT_EMAIL'.freeze
- CLIENT_ID_VAR =
'GOOGLE_CLIENT_ID'.freeze
- CLIENT_SECRET_VAR =
'GOOGLE_CLIENT_SECRET'.freeze
- REFRESH_TOKEN_VAR =
'GOOGLE_REFRESH_TOKEN'.freeze
- ACCOUNT_TYPE_VAR =
'GOOGLE_ACCOUNT_TYPE'.freeze
- PROJECT_ID_VAR =
'GOOGLE_PROJECT_ID'.freeze
- GCLOUD_POSIX_COMMAND =
'gcloud'.freeze
- GCLOUD_WINDOWS_COMMAND =
'gcloud.cmd'.freeze
- GCLOUD_CONFIG_COMMAND =
'config config-helper --format json'.freeze
- CREDENTIALS_FILE_NAME =
'application_default_credentials.json'.freeze
- NOT_FOUND_ERROR =
"Unable to read the credential file specified by #{ENV_VAR}".freeze
- WELL_KNOWN_PATH =
"gcloud/#{CREDENTIALS_FILE_NAME}".freeze
- WELL_KNOWN_ERROR =
'Unable to read the default credential file'.freeze
- SYSTEM_DEFAULT_ERROR =
'Unable to read the system default credential file'.freeze
- CLOUD_SDK_CLIENT_ID =
'764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app'\ 's.googleusercontent.com'.freeze
- CLOUD_SDK_CREDENTIALS_WARNING =
'Your application has authenticated '\ 'using end user credentials from Google Cloud SDK. We recommend that '\ 'most server applications use service accounts instead. If your '\ 'application continues to use end user credentials from Cloud SDK, '\ 'you might receive a "quota exceeded" or "API not enabled" error. For'\ ' more information about service accounts, see '\ 'https://cloud.google.com/docs/authentication/.'.freeze
Class Method Summary collapse
- .load_gcloud_project_id ⇒ Object
-
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used.
Instance Method Summary collapse
-
#from_env(scope = nil) ⇒ Object
Creates an instance from the path specified in an environment variable.
-
#from_system_default_path(scope = nil) ⇒ Object
Creates an instance from the system default path.
-
#from_well_known_path(scope = nil) ⇒ Object
Creates an instance from a well known path.
-
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance.
Class Method Details
.load_gcloud_project_id ⇒ Object
142 143 144 145 146 147 148 149 |
# File 'lib/googleauth/credentials_loader.rb', line 142 def load_gcloud_project_id gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows? gcloud = GCLOUD_POSIX_COMMAND unless OS.windows? config = MultiJson.load(`#{gcloud} #{GCLOUD_CONFIG_COMMAND}`) config['configuration']['properties']['core']['project'] rescue warn 'Unable to determine project id.' end |
.warn_if_cloud_sdk_credentials(client_id) ⇒ Object
Issues warning if cloud sdk client id is used
137 138 139 |
# File 'lib/googleauth/credentials_loader.rb', line 137 def warn_if_cloud_sdk_credentials(client_id) warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID end |
Instance Method Details
#from_env(scope = nil) ⇒ Object
Creates an instance from the path specified in an environment variable.
86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/googleauth/credentials_loader.rb', line 86 def from_env(scope = nil) if ENV.key?(ENV_VAR) path = ENV[ENV_VAR] raise "file #{path} does not exist" unless File.exist?(path) File.open(path) do |f| return make_creds(json_key_io: f, scope: scope) end elsif service_account_env_vars? || return make_creds(scope: scope) end rescue StandardError => e raise "#{NOT_FOUND_ERROR}: #{e}" end |
#from_system_default_path(scope = nil) ⇒ Object
Creates an instance from the system default path
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/googleauth/credentials_loader.rb', line 120 def from_system_default_path(scope = nil) if OS.windows? return nil unless ENV['ProgramData'] prefix = File.join(ENV['ProgramData'], 'Google/Auth') else prefix = '/etc/google/auth/' end path = File.join(prefix, CREDENTIALS_FILE_NAME) return nil unless File.exist?(path) File.open(path) do |f| return make_creds(json_key_io: f, scope: scope) end rescue StandardError => e raise "#{SYSTEM_DEFAULT_ERROR}: #{e}" end |
#from_well_known_path(scope = nil) ⇒ Object
Creates an instance from a well known path.
103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/googleauth/credentials_loader.rb', line 103 def from_well_known_path(scope = nil) home_var = OS.windows? ? 'APPDATA' : 'HOME' base = WELL_KNOWN_PATH root = ENV[home_var].nil? ? '' : ENV[home_var] base = File.join('.config', base) unless OS.windows? path = File.join(root, base) return nil unless File.exist?(path) File.open(path) do |f| return make_creds(json_key_io: f, scope: scope) end rescue StandardError => e raise "#{WELL_KNOWN_ERROR}: #{e}" end |
#make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance
By default, it calls #new on the current class, but this behaviour can be modified, allowing different instances to be created.
78 79 80 |
# File 'lib/googleauth/credentials_loader.rb', line 78 def make_creds(*args) new(*args) end |