Class: Mongo::Crypt::KMS::GCP::CredentialsRetriever Private

Inherits:

Object

• Object
• Mongo::Crypt::KMS::GCP::CredentialsRetriever

Defined in:

lib/mongo/crypt/kms/gcp/credentials_retriever.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

This class retrieves GPC credentials using Google Compute Engine metadata host. This should be used when the driver is used on the Google Compute Engine instance.

API:

• private

Constant Summary

METADATA_HOST_ENV =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

API:

• private

'GCE_METADATA_HOST'

DEFAULT_HOST =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

API:

• private

'metadata.google.internal'

Class Method Summary

• .fetch_access_token(timeout_holder = nil) ⇒ String private

  Fetch GCP access token.

Class Method Details

.fetch_access_token(timeout_holder = nil) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Fetch GCP access token.

Parameters:

• (defaults to: nil)

  CSOT timeout.

Returns:

• GCP access token.

Raises:

API:

• private

# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 40

def self.fetch_access_token(timeout_holder = nil)
  host = ENV.fetch(METADATA_HOST_ENV) { DEFAULT_HOST }
  uri = URI("http://#{host}/computeMetadata/v1/instance/service-accounts/default/token")
  req = Net::HTTP::Get.new(uri)
  req['Metadata-Flavor'] = 'Google'
  resp = fetch_response(uri, req, timeout_holder)
  if resp.code != '200'
    raise KMS::CredentialsNotFound,
      "GCE metadata host responded with code #{resp.code}"
  end
  parsed_resp = JSON.parse(resp.body)
  parsed_resp.fetch('access_token')
rescue JSON::ParserError, KeyError => e
  raise KMS::CredentialsNotFound,
    "GCE metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.message}"
  rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e
    raise KMS::CredentialsNotFound,
          "Could not receive GCP metadata response; #{e.class}: #{e.message}"
end