class Google::Auth::GCECredentials
Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.
Constants
- COMPUTE_AUTH_TOKEN_URI
The IP Address is used in the URIs to speed up failures on non-GCE systems.
- COMPUTE_CHECK_URI
Public Class Methods
on_gce?(options = {})
click to toggle source
Detect if this appear to be a GCE instance, by checking if metadata is available
# File lib/googleauth/compute_engine.rb, line 63 def on_gce?(options = {}) c = options[:connection] || Faraday.default_connection resp = c.get(COMPUTE_CHECK_URI) do |req| # Comment from: oauth2client/client.py # # Note: the explicit `timeout` below is a workaround. The underlying # issue is that resolving an unknown host on some networks will take # 20-30 seconds; making this timeout short fixes the issue, but # could lead to false negatives in the event that we are on GCE, but # the metadata resolution was particularly slow. The latter case is # "unlikely". req.options.timeout = 0.1 end return false unless resp.status == 200 return false unless resp.headers.key?('Metadata-Flavor') return resp.headers['Metadata-Flavor'] == 'Google' rescue Faraday::TimeoutError, Faraday::ConnectionFailed return false end
Public Instance Methods
fetch_access_token(options = {})
click to toggle source
Overrides the super class method to change how access tokens are fetched.
# File lib/googleauth/compute_engine.rb, line 88 def fetch_access_token(options = {}) c = options[:connection] || Faraday.default_connection c.headers = { 'Metadata-Flavor' => 'Google' } retry_with_error do resp = c.get(COMPUTE_AUTH_TOKEN_URI) case resp.status when 200 Signet::OAuth2.parse_credentials(resp.body, resp.headers['content-type']) when 404 raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR) else msg = "Unexpected error code #{resp.status}" \ "#{UNEXPECTED_ERROR_SUFFIX}" raise(Signet::AuthorizationError, msg) end end end