class Google::Auth::Credentials
which overrides the SCOPE constant.
This class is intended to be inherited by API-specific classes
def self.default(options = {})
previously stated locations do not contain keyfile information,
evironment variables, json environment variables, default paths. If the
Returns the default credentials checking, in this order, the path env
def self.default(options = {}) # First try to find keyfile file from environment variables. client = from_path_vars options # Second try to find keyfile json from environment variables. client ||= from_json_vars options # Third try to find keyfile file from known file paths. client ||= from_default_paths options # Finally get instantiated client from Google::Auth client ||= from_application_default options client end
def self.from_application_default(options)
def self.from_application_default(options) scope = options[:scope] || self::SCOPE client = Google::Auth.get_application_default scope new client, options end
def self.from_default_paths(options)
def self.from_default_paths(options) self::DEFAULT_PATHS .select { |p| ::File.file? p } .each do |file| return new file, options end nil end
def self.from_json_vars(options)
def self.from_json_vars(options) json = lambda do |v| unless ENV[v].nil? begin JSON.parse ENV[v] rescue nil end end end self::JSON_ENV_VARS.map(&json).compact.each do |hash| return new hash, options end nil end
def self.from_path_vars(options)
def self.from_path_vars(options) self::PATH_ENV_VARS .map { |v| ENV[v] } .compact .select { |p| ::File.file? p } .each do |file| return new file, options end nil end
def client_options(options)
def client_options(options) # Keyfile options have higher priority over constructor defaults options['token_credential_uri'] ||= self.class::TOKEN_CREDENTIAL_URI options['audience'] ||= self.class::AUDIENCE options['scope'] ||= self.class::SCOPE # client options for initializing signet client { token_credential_uri: options['token_credential_uri'], audience: options['audience'], scope: Array(options['scope']), issuer: options['client_email'], signing_key: OpenSSL::PKey::RSA.new(options['private_key']) } end
def init_client(keyfile, connection_options = {})
def init_client(keyfile, connection_options = {}) client_opts = client_options keyfile Signet::OAuth2::Client.new(client_opts) .configure_connection(connection_options) end
def initialize(keyfile, options = {})
def initialize(keyfile, options = {}) scope = options[:scope] verify_keyfile_provided! keyfile @project_id = options['project_id'] || options['project'] if keyfile.is_a? Signet::OAuth2::Client @client = keyfile @project_id ||= keyfile.project_id if keyfile.respond_to? :project_id elsif keyfile.is_a? Hash hash = stringify_hash_keys keyfile hash['scope'] ||= scope @client = init_client hash, options @project_id ||= (hash['project_id'] || hash['project']) else verify_keyfile_exists! keyfile json = JSON.parse ::File.read(keyfile) json['scope'] ||= scope @project_id ||= (json['project_id'] || json['project']) @client = init_client json, options end CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id @project_id ||= CredentialsLoader.load_gcloud_project_id @client.fetch_access_token! end
def stringify_hash_keys(hash)
def stringify_hash_keys(hash) Hash[hash.map { |k, v| [k.to_s, v] }] end
def verify_keyfile_exists!(keyfile)
def verify_keyfile_exists!(keyfile) exists = ::File.file? keyfile raise "The keyfile '#{keyfile}' is not a valid file." unless exists end
def verify_keyfile_provided!(keyfile)
def verify_keyfile_provided!(keyfile) return unless keyfile.nil? raise 'The keyfile passed to Google::Auth::Credentials.new was nil.' end