class Google::Auth::GCECredentials

the GCE metadata server.
Extends Signet::OAuth2::Client so that the auth token is obtained from

def fetch_access_token(options = {})

fetched.
Overrides the super class method to change how access tokens are

def fetch_access_token(options = {})
  c = options[:connection] || Faraday.default_connection
  c.headers = { 'Metadata-Flavor' => 'Google' }
  retry_with_error do
    resp = c.get(COMPUTE_AUTH_TOKEN_URI)
    case resp.status
    when 200
      Signet::OAuth2.parse_credentials(resp.body,
                                       resp.headers['content-type'])
    when 404
      raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
    else
      msg = "Unexpected error code #{resp.status}" \
        "#{UNEXPECTED_ERROR_SUFFIX}"
      raise(Signet::AuthorizationError, msg)
    end
  end
end

def on_gce?(options = {})

is available
Detect if this appear to be a GCE instance, by checking if metadata

def on_gce?(options = {})
  c = options[:connection] || Faraday.default_connection
  resp = c.get(COMPUTE_CHECK_URI) do |req|
    # Comment from: oauth2client/client.py
    #
    # Note: the explicit `timeout` below is a workaround. The underlying
    # issue is that resolving an unknown host on some networks will take
    # 20-30 seconds; making this timeout short fixes the issue, but
    # could lead to false negatives in the event that we are on GCE, but
    # the metadata resolution was particularly slow. The latter case is
    # "unlikely".
    req.options.timeout = 0.1
  end
  return false unless resp.status == 200
  return false unless resp.headers.key?('Metadata-Flavor')
  return resp.headers['Metadata-Flavor'] == 'Google'
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
  return false
end

Namespace

Google::Auth

Parent class

Google::Auth::Signet::OAuth2::Client

Instance Methods

Defined in

lib/googleauth/compute_engine.rb

Modules

Classes