module Google::Auth::CredentialsLoader

CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.

Constants

ACCOUNT_TYPE_VAR
CLIENT_EMAIL_VAR
CLIENT_ID_VAR
CLIENT_SECRET_VAR
CLOUD_SDK_CLIENT_ID
CLOUD_SDK_CREDENTIALS_WARNING
CREDENTIALS_FILE_NAME
ENV_VAR
GCLOUD_CONFIG_COMMAND
GCLOUD_POSIX_COMMAND
GCLOUD_WINDOWS_COMMAND
NOT_FOUND_ERROR
PRIVATE_KEY_VAR
PROJECT_ID_VAR
REFRESH_TOKEN_VAR
SYSTEM_DEFAULT_ERROR
WELL_KNOWN_ERROR
WELL_KNOWN_PATH

Public Instance Methods

from_env(scope = nil, options = {}) click to toggle source

Creates an instance from the path specified in an environment variable.

@param scope [string|array|nil] the scope(s) to access @param options [Hash] Connection options. These may be used to configure

how OAuth tokens are retrieved, by providing a suitable
`Faraday::Connection`. For example, if a connection proxy must be
used in the current network, you may provide a connection with
with the needed proxy options.
The following keys are recognized:
* `:default_connection` The connection object to use.
* `:connection_builder` A `Proc` that returns a connection.
# File lib/googleauth/credentials_loader.rb, line 97
def from_env scope = nil, options = {}
  options = interpret_options scope, options
  if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty?
    path = ENV[ENV_VAR]
    raise "file #{path} does not exist" unless File.exist? path
    File.open path do |f|
      return make_creds options.merge(json_key_io: f)
    end
  elsif service_account_env_vars? || authorized_user_env_vars?
    return make_creds options
  end
rescue StandardError => e
  raise "#{NOT_FOUND_ERROR}: #{e}"
end
from_system_default_path(scope = nil, options = {}) click to toggle source

Creates an instance from the system default path

@param scope [string|array|nil] the scope(s) to access @param options [Hash] Connection options. These may be used to configure

how OAuth tokens are retrieved, by providing a suitable
`Faraday::Connection`. For example, if a connection proxy must be
used in the current network, you may provide a connection with
with the needed proxy options.
The following keys are recognized:
* `:default_connection` The connection object to use.
* `:connection_builder` A `Proc` that returns a connection.
# File lib/googleauth/credentials_loader.rb, line 149
def from_system_default_path scope = nil, options = {}
  options = interpret_options scope, options
  if OS.windows?
    return nil unless ENV["ProgramData"]
    prefix = File.join ENV["ProgramData"], "Google/Auth"
  else
    prefix = "/etc/google/auth/"
  end
  path = File.join prefix, CREDENTIALS_FILE_NAME
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
end
from_well_known_path(scope = nil, options = {}) click to toggle source

Creates an instance from a well known path.

@param scope [string|array|nil] the scope(s) to access @param options [Hash] Connection options. These may be used to configure

how OAuth tokens are retrieved, by providing a suitable
`Faraday::Connection`. For example, if a connection proxy must be
used in the current network, you may provide a connection with
with the needed proxy options.
The following keys are recognized:
* `:default_connection` The connection object to use.
* `:connection_builder` A `Proc` that returns a connection.
# File lib/googleauth/credentials_loader.rb, line 123
def from_well_known_path scope = nil, options = {}
  options = interpret_options scope, options
  home_var = OS.windows? ? "APPDATA" : "HOME"
  base = WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? "" : ENV[home_var]
  base = File.join ".config", base unless OS.windows?
  path = File.join root, base
  return nil unless File.exist? path
  File.open path do |f|
    return make_creds options.merge(json_key_io: f)
  end
rescue StandardError => e
  raise "#{WELL_KNOWN_ERROR}: #{e}"
end
load_gcloud_project_id() click to toggle source

Finds project_id from gcloud CLI configuration

# File lib/googleauth/credentials_loader.rb, line 175
def load_gcloud_project_id
  gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
  gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
  gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", &:read)
  config = MultiJson.load gcloud_json
  config["configuration"]["properties"]["core"]["project"]
rescue StandardError
  nil
end
make_creds(*args) click to toggle source

make_creds proxies the construction of a credentials instance

By default, it calls new on the current class, but this behaviour can be modified, allowing different instances to be created.

# File lib/googleauth/credentials_loader.rb, line 79
def make_creds *args
  creds = new(*args)
  creds = creds.configure_connection args[0] if creds.respond_to?(:configure_connection) && args.size == 1
  creds
end
warn_if_cloud_sdk_credentials(client_id) click to toggle source

Issues warning if cloud sdk client id is used

# File lib/googleauth/credentials_loader.rb, line 169
def warn_if_cloud_sdk_credentials client_id
  return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"]
  warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
end

Private Instance Methods

authorized_user_env_vars?() click to toggle source
# File lib/googleauth/credentials_loader.rb, line 201
def authorized_user_env_vars?
  ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR).join(" ").empty?
end
interpret_options(scope, options) click to toggle source
# File lib/googleauth/credentials_loader.rb, line 187
def interpret_options scope, options
  if scope.is_a? Hash
    options = scope
    scope = nil
  end
  return options.merge scope: scope if scope && !options[:scope]
  options
end
service_account_env_vars?() click to toggle source
# File lib/googleauth/credentials_loader.rb, line 196
def service_account_env_vars?
  ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? &&
    !ENV.to_h.fetch_values(PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR).join(" ").empty?
end