Class: Google::Auth::ExternalAccount::IdentityPoolCredentials

Inherits:

Object

Object
Google::Auth::ExternalAccount::IdentityPoolCredentials

show all

Extended by:: CredentialsLoader

Includes:: BaseCredentials, ExternalAccountUtils

Defined in:: lib/googleauth/external_account/identity_pool_credentials.rb

Overview

This module handles the retrieval of credentials from Google Cloud by utilizing the any 3PI provider then exchanging the credentials for a short-lived Google Cloud access token.

Constant Summary

Constants included from CredentialsLoader

Instance Attribute Summary collapse

#client_id ⇒ Object readonly
Will always be nil, but method still gets used.

Attributes included from BaseCredentials

#access_token, #expires_at, #universe_domain

Instance Method Summary collapse

#initialize(options = {}) ⇒ IdentityPoolCredentials constructor
Initialize from options map.
#retrieve_subject_token! ⇒ Object
Implementation of BaseCredentials retrieve_subject_token!.

Methods included from CredentialsLoader

from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds

Methods included from ExternalAccountUtils

#normalize_timestamp, #project_id, #project_number, #service_account_email

Methods included from BaseCredentials

#expires_within?, #fetch_access_token!, #is_workforce_pool?

Methods included from Helpers::Connection

connection

Methods included from BaseClient

#apply, #apply!, #expires_within?, #needs_access_token?, #notify_refresh_listeners, #on_refresh, #updater_proc

Constructor Details

#initialize(options = {}) ⇒ `IdentityPoolCredentials`

Initialize from options map.

Parameters:

audience (string)
credential_source (hash{symbol => value}) —
credential_source is a hash that contains either source file or url. credential_source_format is either text or json. To define how we parse the credential response.

# File 'lib/googleauth/external_account/identity_pool_credentials.rb', line 40

def initialize options = {}
  base_setup options

  @audience = options[:audience]
  @credential_source = options[:credential_source] || {}
  @credential_source_file = @credential_source[:file]
  @credential_source_url = @credential_source[:url]
  @credential_source_headers = @credential_source[:headers] || {}
  @credential_source_format = @credential_source[:format] || {}
  @credential_source_format_type = @credential_source_format[:type] || "text"
  validate_credential_source
end

Instance Attribute Details

#client_id ⇒ `Object` (readonly)

Will always be nil, but method still gets used.



31
32
33

# File 'lib/googleauth/external_account/identity_pool_credentials.rb', line 31

def client_id
  @client_id
end

Instance Method Details

#retrieve_subject_token! ⇒ `Object`

Implementation of BaseCredentials retrieve_subject_token!

# File 'lib/googleauth/external_account/identity_pool_credentials.rb', line 54

def retrieve_subject_token!
  content, resource_name = token_data
  if @credential_source_format_type == "text"
    token = content
  else
    begin
      response_data = MultiJson.load content, symbolize_keys: true
      token = response_data[@credential_source_field_name.to_sym]
    rescue StandardError
      raise "Unable to parse subject_token from JSON resource #{resource_name} " \
            "using key #{@credential_source_field_name}"
    end
  end
  raise "Missing subject_token in the credential_source file/response." unless token
  token
end