class Mongo::Crypt::KMS::GCP::CredentialsRetriever
This class retrieves GPC credentials using Google Compute Engine metadata host. This should be used when the driver is used on the Google Compute Engine instance.
@api private
Constants
- DEFAULT_HOST
- METADATA_HOST_ENV
Public Class Methods
fetch_access_token()
click to toggle source
# File lib/mongo/crypt/kms/gcp/credentials_retriever.rb, line 31 def self.fetch_access_token host = ENV.fetch(METADATA_HOST_ENV) { DEFAULT_HOST } uri = URI("http://#{host}/computeMetadata/v1/instance/service-accounts/default/token") req = Net::HTTP::Get.new(uri) req['Metadata-Flavor'] = 'Google' resp = Net::HTTP.start(uri.hostname, uri.port, use_ssl: false) do |http| http.request(req) end if resp.code != '200' raise KMS::CredentialsNotFound, "GCE metadata host responded with code #{resp.code}" end parsed_resp = JSON.parse(resp.body) parsed_resp.fetch('access_token') rescue JSON::ParserError, KeyError => e raise KMS::CredentialsNotFound, "GCE metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.message}" rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e raise KMS::CredentialsNotFound, "Could not receive GCP metadata response; #{e.class}: #{e.message}" end