module Google::Auth::CredentialsLoader

def authorized_user_env_vars? 

def authorized_user_env_vars?
  ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR).join(" ").empty?
end

def from_env scope = nil, options = {}

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_env scope = nil, options = {}
  options = interpret_options scope, options
  if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty?
    path = ENV[ENV_VAR]
    raise "file #{path} does not exist" unless File.exist? path
    File.open path do |f|
      return make_creds options.merge(json_key_io: f)
    end
  elsif service_account_env_vars? || authorized_user_env_vars?
    make_creds options
  end
rescue StandardError => e
  raise "#{NOT_FOUND_ERROR}: #{e}"
end

def from_system_default_path scope = nil, options = {}

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_system_default_path scope = nil, options = {}
  options = interpret_options scope, options
  if OS.windows?
    return nil unless ENV["ProgramData"]
    prefix = File.join ENV["ProgramData"], "Google/Auth"
  else
    prefix = "/etc/google/auth/"
  end
  path = File.join prefix, CREDENTIALS_FILE_NAME
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
end

def from_well_known_path scope = nil, options = {}

Parameters:
  • options (Hash) -- Connection options. These may be used to configure
  • scope (string|array|nil) -- the scope(s) to access 
def from_well_known_path scope = nil, options = {}
  options = interpret_options scope, options
  home_var = OS.windows? ? "APPDATA" : "HOME"
  base = WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? "" : ENV[home_var]
  base = File.join ".config", base unless OS.windows?
  path = File.join root, base
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise "#{WELL_KNOWN_ERROR}: #{e}"
end

def interpret_options scope, options 

def interpret_options scope, options
  if scope.is_a? Hash
    options = scope
    scope = nil
  end
  return options.merge scope: scope if scope && !options[:scope]
  options
end

def load_gcloud_project_id

Finds project_id from gcloud CLI configuration 
def load_gcloud_project_id
  gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
  gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
  gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", in: :close, err: :close, &:read)
  config = MultiJson.load gcloud_json
  config["configuration"]["properties"]["core"]["project"]
rescue StandardError
  nil
end

def make_creds *args

be modified, allowing different instances to be created.
By default, it calls #new on the current class, but this behaviour can

make_creds proxies the construction of a credentials instance 
def make_creds *args
  creds = new(*args)
  creds = creds.configure_connection args[0] if creds.respond_to?(:configure_connection) && args.size == 1
  creds
end

def service_account_env_vars? 

def service_account_env_vars?
  ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR).join(" ").empty?
end

def warn_if_cloud_sdk_credentials client_id

Issues warning if cloud sdk client id is used 
def warn_if_cloud_sdk_credentials client_id
  return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"]
  warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
end