|
Google Cloud Storage C++ Client 2.13.0
A C++ Client Library for Google Cloud Storage
|
Wrapper class for Google OAuth 2.0 GCE instance service account credentials. More...
#include <google/cloud/storage/oauth2/compute_engine_credentials.h>
Public Member Functions | |
| ComputeEngineCredentials () | |
| ComputeEngineCredentials (std::string service_account_email) | |
| StatusOr< std::string > | AuthorizationHeader () override |
| Attempts to obtain a value for the Authorization HTTP header. More... | |
| std::string | AccountEmail () const override |
| Return the account's email associated with these credentials, if any. More... | |
| std::string | service_account_email () const |
| Returns the email or alias of this credential's service account. More... | |
| std::set< std::string > | scopes () const |
| Returns the set of scopes granted to this credential's service account. More... | |
| virtual StatusOr< std::vector< std::uint8_t > > | SignBlob (SigningAccount const &service_account, std::string const &string_to_sign) const |
Try to sign string_to_sign using service_account. More... | |
| virtual std::string | KeyId () const |
| Return the account's key_id associated with these credentials, if any. More... | |
Wrapper class for Google OAuth 2.0 GCE instance service account credentials.
Takes a service account email address or alias (e.g. "default") and uses the Google Compute Engine instance's metadata server to obtain service account metadata and OAuth 2.0 access tokens as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.
An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.
| HttpRequestBuilderType | a dependency injection point. It makes it possible to mock internal libcurl wrappers. This should generally not be overridden except for testing. |
| ClockType | a dependency injection point to fetch the current time. This should generally not be overridden except for testing. |
|
inlineexplicit |
|
inlineexplicit |
|
inlineoverridevirtual |
Return the account's email associated with these credentials, if any.
Reimplemented from google::cloud::storage::oauth2::Credentials.
|
inlineoverridevirtual |
Attempts to obtain a value for the Authorization HTTP header.
If unable to obtain a value for the Authorization header, which could happen for Credentials that need to be periodically refreshed, the underlying Status will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.
Implements google::cloud::storage::oauth2::Credentials.
|
inlinevirtualinherited |
Return the account's key_id associated with these credentials, if any.
Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.
|
inline |
Returns the set of scopes granted to this credential's service account.
|
inline |
Returns the email or alias of this credential's service account.
|
virtualinherited |
Try to sign string_to_sign using service_account.
Some Credentials types can locally sign a blob, most often just on behalf of an specific service account. This function returns an error if the credentials cannot sign the blob at all, or if the service account is a mismatch.
Reimplemented in google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >.
1.9.5