Class: Train::Transports::Gcp::Connection

Inherits:
BaseConnection
  • Object
show all
Defined in:
lib/train/transports/gcp.rb

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ Connection

Returns a new instance of Connection.



39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/train/transports/gcp.rb', line 39

def initialize(options)
  super(options)

  # additional GCP platform metadata
  release = Gem.loaded_specs["google-api-client"].version
  @platform_details = { release: "google-api-client-v#{release}" }

  # Initialize the client object cache
  @cache_enabled[:api_call] = true
  @cache[:api_call] = {}

  connect
end

Instance Method Details

#connectObject 



91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/train/transports/gcp.rb', line 91

def connect
  ENV["GOOGLE_APPLICATION_CREDENTIALS"] = @options[:google_application_credentials] if @options[:google_application_credentials]
  ENV["GOOGLE_CLOUD_PROJECT"] = @options[:google_cloud_project] if @options[:google_cloud_project]
  # GCP initialization
  scopes = ["https://www.googleapis.com/auth/cloud-platform",
            "https://www.googleapis.com/auth/compute"]
  authorization = Google::Auth.get_application_default(scopes)
  Google::Apis::ClientOptions.default.application_name = "chef-inspec-train"
  Google::Apis::ClientOptions.default.application_version = Train::VERSION
  Google::Apis::RequestOptions.default.authorization = authorization
end

#gcp_admin_clientObject 



74
75
76
77
78
79
80
81
82
 
# File 'lib/train/transports/gcp.rb', line 74

def gcp_admin_client
  scopes = ["https://www.googleapis.com/auth/admin.directory.user.readonly"]
  authorization = Google::Auth.get_application_default(scopes).dup
  # Use of the Admin API requires delegation (impersonation). An email address of a Super Admin in
  # the G Suite account may be required.
  authorization.sub = @options[:google_super_admin_email] if @options[:google_super_admin_email]
  Google::Apis::RequestOptions.default.authorization = authorization
  gcp_client(Google::Apis::AdminDirectoryV1::DirectoryService)
end

#gcp_client(klass) ⇒ Object

Let’s allow for other clients too



85
86
87
88
89
 
# File 'lib/train/transports/gcp.rb', line 85

def gcp_client(klass)
  return klass.new unless cache_enabled?(:api_call)

  @cache[:api_call][klass.to_s.to_sym] ||= klass.new
end

#gcp_compute_clientObject

Instantiate some named classes for ease of use



58
59
60
 
# File 'lib/train/transports/gcp.rb', line 58

def gcp_compute_client
  gcp_client(Google::Apis::ComputeV1::ComputeService)
end

#gcp_iam_clientObject 



62
63
64
 
# File 'lib/train/transports/gcp.rb', line 62

def gcp_iam_client
  gcp_client(Google::Apis::IamV1::IamService)
end

#gcp_project_clientObject 



66
67
68
 
# File 'lib/train/transports/gcp.rb', line 66

def gcp_project_client
  gcp_client(Google::Apis::CloudresourcemanagerV1::CloudResourceManagerService)
end

#gcp_storage_clientObject 



70
71
72
 
# File 'lib/train/transports/gcp.rb', line 70

def gcp_storage_client
  gcp_client(Google::Apis::StorageV1::StorageService)
end

#platformObject 



53
54
55
 
# File 'lib/train/transports/gcp.rb', line 53

def platform
  force_platform!("gcp", @platform_details)
end

#unique_identifierObject 



107
108
109
110
111
112
113
114
 
# File 'lib/train/transports/gcp.rb', line 107

def unique_identifier
  unique_id = "default"
  # use auth client_id for users (issuer is nil)
  unique_id = gcp_iam_client.request_options.authorization.client_id unless gcp_iam_client.request_options.authorization.client_id.nil?
  # for service account credentials (client_id is nil)
  unique_id = gcp_iam_client.request_options.authorization.issuer unless gcp_iam_client.request_options.authorization.issuer.nil?
  unique_id
end

#uriObject 



103
104
105
 
# File 'lib/train/transports/gcp.rb', line 103

def uri
  "gcp://#{unique_identifier}"
end