class Google::Auth::GCECredentials

Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.

Constants

COMPUTE_AUTH_TOKEN_URI

The IP Address is used in the URIs to speed up failures on non-GCE systems.

COMPUTE_CHECK_URI
COMPUTE_ID_TOKEN_URI

Public Class Methods

on_gce?(options = {}) click to toggle source

Detect if this appear to be a GCE instance, by checking if metadata is available.

# File lib/googleauth/compute_engine.rb, line 65
def on_gce? options = {}
  # TODO: This should use google-cloud-env instead.
  c = options[:connection] || Faraday.default_connection
  headers = { "Metadata-Flavor" => "Google" }
  resp = c.get COMPUTE_CHECK_URI, nil, headers do |req|
    req.options.timeout = 1.0
    req.options.open_timeout = 0.1
  end
  return false unless resp.status == 200
  resp.headers["Metadata-Flavor"] == "Google"
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
  false
end

Public Instance Methods

fetch_access_token(options = {}) click to toggle source

Overrides the super class method to change how access tokens are fetched.

# File lib/googleauth/compute_engine.rb, line 84
def fetch_access_token options = {}
  c = options[:connection] || Faraday.default_connection
  retry_with_error do
    uri = target_audience ? COMPUTE_ID_TOKEN_URI : COMPUTE_AUTH_TOKEN_URI
    query = target_audience ? { "audience" => target_audience, "format" => "full" } : {}
    query[:scopes] = Array(scope).join " " if scope
    headers = { "Metadata-Flavor" => "Google" }
    resp = c.get uri, query, headers
    case resp.status
    when 200
      content_type = resp.headers["content-type"]
      if content_type == "text/html"
        { (target_audience ? "id_token" : "access_token") => resp.body }
      else
        Signet::OAuth2.parse_credentials resp.body, content_type
      end
    when 404
      raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR
    else
      msg = "Unexpected error code #{resp.status}" \
        "#{UNEXPECTED_ERROR_SUFFIX}"
      raise Signet::AuthorizationError, msg
    end
  end
end