class Google::Auth::GCECredentials

Extends Signet::OAuth2::Client so that the auth token is obtained from the GCE metadata server.

Constants

COMPUTE_AUTH_TOKEN_URI

The IP Address is used in the URIs to speed up failures on non-GCE systems.

COMPUTE_CHECK_URI

Public Class Methods

on_gce?(options = {}) click to toggle source

Detect if this appear to be a GCE instance, by checking if metadata is available

# File lib/googleauth/compute_engine.rb, line 63
def on_gce?(options = {})
  c = options[:connection] || Faraday.default_connection
  resp = c.get(COMPUTE_CHECK_URI) do |req|
    # Comment from: oauth2client/client.py
    #
    # Note: the explicit `timeout` below is a workaround. The underlying
    # issue is that resolving an unknown host on some networks will take
    # 20-30 seconds; making this timeout short fixes the issue, but
    # could lead to false negatives in the event that we are on GCE, but
    # the metadata resolution was particularly slow. The latter case is
    # "unlikely".
    req.options.timeout = 0.1
  end
  return false unless resp.status == 200
  return false unless resp.headers.key?('Metadata-Flavor')
  return resp.headers['Metadata-Flavor'] == 'Google'
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
  return false
end

Public Instance Methods

fetch_access_token(options = {}) click to toggle source

Overrides the super class method to change how access tokens are fetched.

# File lib/googleauth/compute_engine.rb, line 88
def fetch_access_token(options = {})
  c = options[:connection] || Faraday.default_connection
  c.headers = { 'Metadata-Flavor' => 'Google' }

  retry_with_error do
    resp = c.get(COMPUTE_AUTH_TOKEN_URI)
    case resp.status
    when 200
      Signet::OAuth2.parse_credentials(resp.body,
                                       resp.headers['content-type'])
    when 404
      raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
    else
      msg = "Unexpected error code #{resp.status}"                "#{UNEXPECTED_ERROR_SUFFIX}"
      raise(Signet::AuthorizationError, msg)
    end
  end
end