Google Cloud Storage C++ Client  1.42.0
A C++ Client Library for Google Cloud Storage
Public Member Functions | List of all members
google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType > Class Template Reference

Wrapper class for Google OAuth 2.0 GCE instance service account credentials. More...

#include <google/cloud/storage/oauth2/compute_engine_credentials.h>

Public Member Functions

 ComputeEngineCredentials ()
 
 ComputeEngineCredentials (std::string service_account_email)
 
StatusOr< std::string > AuthorizationHeader () override
 Attempts to obtain a value for the Authorization HTTP header. More...
 
std::string AccountEmail () const override
 Return the account's email associated with these credentials, if any. More...
 
std::string service_account_email () const
 Returns the email or alias of this credential's service account. More...
 
std::set< std::string > scopes () const
 Returns the set of scopes granted to this credential's service account. More...
 
virtual StatusOr< std::vector< std::uint8_t > > SignBlob (SigningAccount const &service_account, std::string const &string_to_sign) const
 Try to sign string_to_sign using service_account. More...
 
virtual std::string KeyId () const
 Return the account's key_id associated with these credentials, if any. More...
 

Detailed Description

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
class google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >

Wrapper class for Google OAuth 2.0 GCE instance service account credentials.

Takes a service account email address or alias (e.g. "default") and uses the Google Compute Engine instance's metadata server to obtain service account metadata and OAuth 2.0 access tokens as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.

An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.

See also
https://cloud.google.com/compute/docs/authentication#using for details on how to get started with Compute Engine service account credentials.
Template Parameters
HttpRequestBuilderTypea dependency injection point. It makes it possible to mock internal libcurl wrappers. This should generally not be overridden except for testing.
ClockTypea dependency injection point to fetch the current time. This should generally not be overridden except for testing.

Definition at line 81 of file compute_engine_credentials.h.

Constructor & Destructor Documentation

◆ ComputeEngineCredentials() [1/2]

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::ComputeEngineCredentials ( )
inlineexplicit

Definition at line 83 of file compute_engine_credentials.h.

◆ ComputeEngineCredentials() [2/2]

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::ComputeEngineCredentials ( std::string  service_account_email)
inlineexplicit

Definition at line 85 of file compute_engine_credentials.h.

Member Function Documentation

◆ AccountEmail()

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
std::string google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::AccountEmail ( ) const
inlineoverridevirtual

Return the account's email associated with these credentials, if any.

Reimplemented from google::cloud::storage::oauth2::Credentials.

Definition at line 94 of file compute_engine_credentials.h.

◆ AuthorizationHeader()

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
StatusOr<std::string> google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::AuthorizationHeader ( )
inlineoverridevirtual

Attempts to obtain a value for the Authorization HTTP header.

If unable to obtain a value for the Authorization header, which could happen for Credentials that need to be periodically refreshed, the underlying Status will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.

Implements google::cloud::storage::oauth2::Credentials.

Definition at line 88 of file compute_engine_credentials.h.

◆ KeyId()

virtual std::string google::cloud::storage::oauth2::Credentials::KeyId ( ) const
inlinevirtualinherited

Return the account's key_id associated with these credentials, if any.

Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.

Definition at line 70 of file credentials.h.

◆ scopes()

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
std::set<std::string> google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::scopes ( ) const
inline

Returns the set of scopes granted to this credential's service account.

Note
Because this class must query the Compute Engine instance's metadata server to fetch service account metadata, this method will return an empty set if the credential has not been refreshed yet.

Definition at line 122 of file compute_engine_credentials.h.

◆ service_account_email()

template<typename HttpRequestBuilderType = storage::internal::CurlRequestBuilder, typename ClockType = std::chrono::system_clock>
std::string google::cloud::storage::oauth2::ComputeEngineCredentials< HttpRequestBuilderType, ClockType >::service_account_email ( ) const
inline

Returns the email or alias of this credential's service account.

Note
This class must query the Compute Engine instance's metadata server to fetch service account metadata. Because of this, if an alias (e.g. "default") was supplied in place of an actual email address when initializing this credential, that alias is returned as this credential's email address if the credential has not been refreshed yet.

Definition at line 110 of file compute_engine_credentials.h.

◆ SignBlob()

virtual StatusOr<std::vector<std::uint8_t> > google::cloud::storage::oauth2::Credentials::SignBlob ( SigningAccount const &  service_account,
std::string const &  string_to_sign 
) const
virtualinherited

Try to sign string_to_sign using service_account.

Some Credentials types can locally sign a blob, most often just on behalf of an specific service account. This function returns an error if the credentials cannot sign the blob at all, or if the service account is a mismatch.

Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.