Module: Google::Auth

Defined in:: lib/googleauth/iam.rb,
lib/googleauth/errors.rb,
lib/googleauth/api_key.rb,
lib/googleauth/version.rb,
lib/googleauth/client_id.rb,
lib/googleauth/id_tokens.rb,
lib/googleauth/scope_util.rb,
lib/googleauth/base_client.rb,
lib/googleauth/credentials.rb,
lib/googleauth/token_store.rb,
lib/googleauth/bearer_token.rb,
lib/googleauth/user_refresh.rb,
lib/googleauth/compute_engine.rb,
lib/googleauth/json_key_reader.rb,
lib/googleauth/service_account.rb,
lib/googleauth/user_authorizer.rb,
lib/googleauth/external_account.rb,
lib/googleauth/id_tokens/errors.rb,
lib/googleauth/oauth2/sts_client.rb,
lib/googleauth/credentials_loader.rb,
lib/googleauth/helpers/connection.rb,
lib/googleauth/id_tokens/verifier.rb,
lib/googleauth/application_default.rb,
lib/googleauth/default_credentials.rb,
lib/googleauth/web_user_authorizer.rb,
lib/googleauth/id_tokens/key_sources.rb,
lib/googleauth/stores/file_token_store.rb,
lib/googleauth/stores/redis_token_store.rb,
lib/googleauth/service_account_jwt_header.rb,
lib/googleauth/impersonated_service_account.rb,
lib/googleauth/external_account/aws_credentials.rb,
lib/googleauth/external_account/base_credentials.rb,
lib/googleauth/external_account/pluggable_credentials.rb,
lib/googleauth/external_account/external_account_utils.rb,
lib/googleauth/external_account/identity_pool_credentials.rb

Overview

Module Auth provides classes that provide Google-specific authorization used to access Google APIs.

Defined Under Namespace

Modules: BaseClient, CredentialsLoader, DetailedError, Error, ExternalAccount, Helpers, IDTokens, JsonKeyReader, OAuth2, ScopeUtil, Stores Classes: APIKeyCredentials, AuthorizationError, BearerTokenCredentials, ClientId, Credentials, CredentialsError, DefaultCredentials, GCECredentials, IAMCredentials, ImpersonatedServiceAccountCredentials, InitializationError, ParseError, ServiceAccountCredentials, ServiceAccountJwtHeaderCredentials, TokenStore, UnexpectedStatusError, UserAuthorizer, UserRefreshCredentials, WebUserAuthorizer

Constant Summary collapse

VERSION =

"1.16.1".freeze

NO_METADATA_SERVER_ERROR =

"Error code 404 trying to get security access token\nfrom Compute Engine metadata for the default service account. This\nmay be because the virtual machine instance does not have permission\nscopes specified.\n".freeze

UNEXPECTED_ERROR_SUFFIX =

"trying to get security access token from Compute Engine metadata for\nthe default service account\n".freeze

NOT_FOUND_ERROR =

"Your credentials were not found. To set up Application Default\nCredentials for your environment, see\nhttps://cloud.google.com/docs/authentication/external/set-up-adc\n".freeze

Class Method Summary collapse

.get_application_default(scope = nil, options = {}) ⇒ Object
Obtains the default credentials implementation to use in this environment.

Class Method Details

.get_application_default(scope = nil, options = {}) ⇒ `Object`

Obtains the default credentials implementation to use in this environment.

Use this to obtain the Application Default Credentials for accessing Google APIs. Application Default Credentials are described in detail at https://cloud.google.com/docs/authentication/production.

If supplied, scope is used to create the credentials instance, when it can be applied. E.g, on google compute engine and for user credentials the scope is ignored.

Raises:

(Google::Auth::InitializationError) —
If the credentials cannot be found

# File 'lib/googleauth/application_default.rb', line 55

def get_application_default scope = nil, options = {}
  creds = DefaultCredentials.from_env(scope, options) ||
          DefaultCredentials.from_well_known_path(scope, options) ||
          DefaultCredentials.from_system_default_path(scope, options)
  return creds unless creds.nil?
  raise InitializationError, NOT_FOUND_ERROR unless GCECredentials.on_gce? options
  GCECredentials.new options.merge(scope: scope)
end