class Mongo::Crypt::KMS::GCP::Credentials
GCP Cloud Key Management Credentials object contains credentials for using GCP KMS provider.
@api private
Constants
- FORMAT_HINT
Attributes
@return [ String | nil ] GCP access token.
@return [ String ] GCP email to authenticate with.
@return [ String ] GCP private key, base64 encoded DER format.
Public Class Methods
Creates an GCP KMS credentials object form a parameters hash.
@param [ Hash ] opts A hash that contains credentials for
GCP KMS provider
@option opts [ String ] :email GCP email. @option opts [ String ] :private_key GCP private key. This method accepts
private key in either base64 encoded DER format, or PEM format.
@option opts [ String | nil ] :endpoint GCP endpoint, optional. @option opts [ String | nil ] :access_token GCP access token, optional.
If this option is not null, other options are ignored.
@raise [ ArgumentError ] If required options are missing or incorrectly
formatted.
# File lib/mongo/crypt/kms/gcp/credentials.rb, line 60 def initialize(opts) @opts = opts return if empty? if opts[:access_token] @access_token = opts[:access_token] else @email = validate_param(:email, opts, FORMAT_HINT) @private_key = begin private_key_opt = validate_param(:private_key, opts, FORMAT_HINT) if BSON::Environment.jruby? # We cannot really validate private key on JRuby, so we assume # it is in base64 encoded DER format. private_key_opt else # Check if private key is in PEM format. pkey = OpenSSL::PKey::RSA.new(private_key_opt) # PEM it is, need to be converted to base64 encoded DER. der = if pkey.respond_to?(:private_to_der) pkey.private_to_der else pkey.to_der end Base64.encode64(der) end rescue OpenSSL::PKey::RSAError # Check if private key is in DER. begin OpenSSL::PKey.read(Base64.decode64(private_key_opt)) # Private key is fine, use it. private_key_opt rescue OpenSSL::PKey::PKeyError raise ArgumentError.new( "The private_key option must be either either base64 encoded DER format, or PEM format." ) end end @endpoint = validate_param( :endpoint, opts, FORMAT_HINT, required: false ) end end
Public Instance Methods
Convert credentials object to a BSON document in libmongocrypt format.
@return [ BSON::Document ] Azure KMS credentials in libmongocrypt format.
# File lib/mongo/crypt/kms/gcp/credentials.rb, line 107 def to_document return BSON::Document.new if empty? if access_token BSON::Document.new({ accessToken: access_token }) else BSON::Document.new({ email: email, privateKey: BSON::Binary.new(private_key, :generic), }).tap do |bson| unless endpoint.nil? bson.update({ endpoint: endpoint }) end end end end