class Google::Auth::GCECredentials
Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.
Constants
- COMPUTE_AUTH_TOKEN_URI
The IP Address is used in the URIs to speed up failures on non-GCE systems.
- COMPUTE_CHECK_URI
- COMPUTE_ID_TOKEN_URI
Public Class Methods
on_gce?(options = {})
click to toggle source
Detect if this appear to be a GCE instance, by checking if metadata is available.
# File lib/googleauth/compute_engine.rb, line 65 def on_gce? options = {} # TODO: This should use google-cloud-env instead. c = options[:connection] || Faraday.default_connection headers = { "Metadata-Flavor" => "Google" } resp = c.get COMPUTE_CHECK_URI, nil, headers do |req| req.options.timeout = 1.0 req.options.open_timeout = 0.1 end return false unless resp.status == 200 resp.headers["Metadata-Flavor"] == "Google" rescue Faraday::TimeoutError, Faraday::ConnectionFailed false end
Public Instance Methods
fetch_access_token(options = {})
click to toggle source
Overrides the super class method to change how access tokens are fetched.
# File lib/googleauth/compute_engine.rb, line 84 def fetch_access_token options = {} c = options[:connection] || Faraday.default_connection retry_with_error do uri = target_audience ? COMPUTE_ID_TOKEN_URI : COMPUTE_AUTH_TOKEN_URI query = target_audience ? { "audience" => target_audience, "format" => "full" } : {} query[:scopes] = Array(scope).join " " if scope headers = { "Metadata-Flavor" => "Google" } resp = c.get uri, query, headers case resp.status when 200 content_type = resp.headers["content-type"] if content_type == "text/html" { (target_audience ? "id_token" : "access_token") => resp.body } else Signet::OAuth2.parse_credentials resp.body, content_type end when 404 raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR else msg = "Unexpected error code #{resp.status}" \ "#{UNEXPECTED_ERROR_SUFFIX}" raise Signet::AuthorizationError, msg end end end