Google Cloud Storage C++ Client
1.42.0
A C++ Client Library for Google Cloud Storage
|
Wrapper class for Google OAuth 2.0 GCE instance service account credentials. More...
#include <google/cloud/storage/oauth2/compute_engine_credentials.h>
Public Member Functions | |
ComputeEngineCredentials () | |
ComputeEngineCredentials (std::string service_account_email) | |
StatusOr< std::string > | AuthorizationHeader () override |
Attempts to obtain a value for the Authorization HTTP header. More... | |
std::string | AccountEmail () const override |
Return the account's email associated with these credentials, if any. More... | |
std::string | service_account_email () const |
Returns the email or alias of this credential's service account. More... | |
std::set< std::string > | scopes () const |
Returns the set of scopes granted to this credential's service account. More... | |
virtual StatusOr< std::vector< std::uint8_t > > | SignBlob (SigningAccount const &service_account, std::string const &string_to_sign) const |
Try to sign string_to_sign using service_account . More... | |
virtual std::string | KeyId () const |
Return the account's key_id associated with these credentials, if any. More... | |
Wrapper class for Google OAuth 2.0 GCE instance service account credentials.
Takes a service account email address or alias (e.g. "default") and uses the Google Compute Engine instance's metadata server to obtain service account metadata and OAuth 2.0 access tokens as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.
An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.
HttpRequestBuilderType | a dependency injection point. It makes it possible to mock internal libcurl wrappers. This should generally not be overridden except for testing. |
ClockType | a dependency injection point to fetch the current time. This should generally not be overridden except for testing. |
Definition at line 81 of file compute_engine_credentials.h.
|
inlineexplicit |
Definition at line 83 of file compute_engine_credentials.h.
|
inlineexplicit |
Definition at line 85 of file compute_engine_credentials.h.
|
inlineoverridevirtual |
Return the account's email associated with these credentials, if any.
Reimplemented from google::cloud::storage::oauth2::Credentials.
Definition at line 94 of file compute_engine_credentials.h.
|
inlineoverridevirtual |
Attempts to obtain a value for the Authorization HTTP header.
If unable to obtain a value for the Authorization header, which could happen for Credentials
that need to be periodically refreshed, the underlying Status
will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.
Implements google::cloud::storage::oauth2::Credentials.
Definition at line 88 of file compute_engine_credentials.h.
|
inlinevirtualinherited |
Return the account's key_id associated with these credentials, if any.
Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.
Definition at line 70 of file credentials.h.
|
inline |
Returns the set of scopes granted to this credential's service account.
Definition at line 122 of file compute_engine_credentials.h.
|
inline |
Returns the email or alias of this credential's service account.
Definition at line 110 of file compute_engine_credentials.h.
|
virtualinherited |
Try to sign string_to_sign
using service_account
.
Some Credentials types can locally sign a blob, most often just on behalf of an specific service account. This function returns an error if the credentials cannot sign the blob at all, or if the service account is a mismatch.
Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.