module Google::Auth::CredentialsLoader

def authorized_user_env_vars? 

def authorized_user_env_vars?
  ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR).join(" ").empty?
end

def from_env scope = nil, options = {}

Raises:
  • (Google::Auth::InitializationError) - If the credentials file cannot be read

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_env scope = nil, options = {}
  options = interpret_options scope, options
  if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty?
    path = ENV[ENV_VAR]
    raise InitializationError, "file #{path} does not exist" unless File.exist? path
    File.open path do |f|
      return make_creds options.merge(json_key_io: f)
    end
  elsif service_account_env_vars? || authorized_user_env_vars?
    make_creds options
  end
rescue StandardError => e
  raise InitializationError, "#{NOT_FOUND_ERROR}: #{e}"
end

def from_system_default_path scope = nil, options = {}

Raises:
  • (Google::Auth::InitializationError) - If the credentials file cannot be read or is invalid

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_system_default_path scope = nil, options = {}
  options = interpret_options scope, options
  if OS.windows?
    return nil unless ENV["ProgramData"]
    prefix = File.join ENV["ProgramData"], "Google/Auth"
  else
    prefix = "/etc/google/auth/"
  end
  path = File.join prefix, CREDENTIALS_FILE_NAME
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise InitializationError, "#{SYSTEM_DEFAULT_ERROR}: #{e}"
end

def from_well_known_path scope = nil, options = {}

Raises:
  • (Google::Auth::InitializationError) - If the credentials file cannot be read

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_well_known_path scope = nil, options = {}
  options = interpret_options scope, options
  home_var = OS.windows? ? "APPDATA" : "HOME"
  base = WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? "" : ENV[home_var]
  base = File.join ".config", base unless OS.windows?
  path = File.join root, base
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise InitializationError, "#{WELL_KNOWN_ERROR}: #{e}"
end

def interpret_options scope, options 

def interpret_options scope, options
  if scope.is_a? Hash
    options = scope
    scope = nil
  end
  return options.merge scope: scope if scope && !options[:scope]
  options
end

def load_and_verify_json_key_type json_key_io, expected_type

Raises:
  • (Google::Auth::InitializationError) - If the JSON key type does not match the expected type.

Parameters:
  • expected_type (String) -- The expected credential type name.
  • json_key_io (IO) -- An IO object containing the JSON key.

Other tags:
    Private: - 
def load_and_verify_json_key_type json_key_io, expected_type
  json_key = MultiJson.load json_key_io.read
  json_key_io.rewind # Rewind the stream so it can be read again.
  return if json_key["type"] == expected_type
  raise Google::Auth::InitializationError,
        "The provided credentials were not of type '#{expected_type}'. " \
        "Instead, the type was '#{json_key['type']}'."
end

def load_gcloud_project_id

Finds project_id from gcloud CLI configuration 
def load_gcloud_project_id
  gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
  gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
  gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", err: :close, &:read)
  config = MultiJson.load gcloud_json
  config["configuration"]["properties"]["core"]["project"]
rescue StandardError
  nil
end

def make_creds *args

be modified, allowing different instances to be created.
By default, it calls #new on the current class, but this behaviour can

make_creds proxies the construction of a credentials instance 
def make_creds *args
  creds = new(*args)
  creds = creds.configure_connection args[0] if creds.respond_to?(:configure_connection) && args.size == 1
  creds
end

def service_account_env_vars? 

def service_account_env_vars?
  ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR).join(" ").empty?
end