module Google::Auth::CredentialsLoader

CredentialsLoader contains the behaviour used to locate and find default credentials files on the file system.

Constants

ACCOUNT_TYPE_VAR
CLIENT_EMAIL_VAR
CLIENT_ID_VAR
CLIENT_SECRET_VAR
CREDENTIALS_FILE_NAME
ENV_VAR
NOT_FOUND_ERROR
PRIVATE_KEY_VAR
REFRESH_TOKEN_VAR
SYSTEM_DEFAULT_ERROR
WELL_KNOWN_ERROR
WELL_KNOWN_PATH

Public Instance Methods

from_env(scope = nil) click to toggle source

Creates an instance from the path specified in an environment variable.

@param scope [string|array|nil] the scope(s) to access

# File lib/googleauth/credentials_loader.rb, line 71
def from_env(scope = nil)
  if ENV.key?(ENV_VAR)
    path = ENV[ENV_VAR]
    fail "file #{path} does not exist" unless File.exist?(path)
    File.open(path) do |f|
      return make_creds(json_key_io: f, scope: scope)
    end
  elsif service_account_env_vars? || authorized_user_env_vars?
    return make_creds(scope: scope)
  end
rescue StandardError => e
  raise "#{NOT_FOUND_ERROR}: #{e}"
end
from_system_default_path(scope = nil) click to toggle source

Creates an instance from the system default path

@param scope [string|array|nil] the scope(s) to access

# File lib/googleauth/credentials_loader.rb, line 105
def from_system_default_path(scope = nil)
  if OS.windows?
    return nil unless ENV['ProgramData']
    prefix = File.join(ENV['ProgramData'], 'Google/Auth')
  else
    prefix = '/etc/google/auth/'
  end
  path = File.join(prefix, CREDENTIALS_FILE_NAME)
  return nil unless File.exist?(path)
  File.open(path) do |f|
    return make_creds(json_key_io: f, scope: scope)
  end
rescue StandardError => e
  raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
end
from_well_known_path(scope = nil) click to toggle source

Creates an instance from a well known path.

@param scope [string|array|nil] the scope(s) to access

# File lib/googleauth/credentials_loader.rb, line 88
def from_well_known_path(scope = nil)
  home_var = OS.windows? ? 'APPDATA' : 'HOME'
  base = WELL_KNOWN_PATH
  root = ENV[home_var].nil? ? '' : ENV[home_var]
  base = File.join('.config', base) unless OS.windows?
  path = File.join(root, base)
  return nil unless File.exist?(path)
  File.open(path) do |f|
    return make_creds(json_key_io: f, scope: scope)
  end
rescue StandardError => e
  raise "#{WELL_KNOWN_ERROR}: #{e}"
end
make_creds(*args) click to toggle source

#make_creds proxies the construction of a credentials instance

By default, it calls new on the current class, but this behaviour can be modified, allowing different instances to be created.

# File lib/googleauth/credentials_loader.rb, line 63
def make_creds(*args)
  new(*args)
end

Private Instance Methods

authorized_user_env_vars?() click to toggle source
# File lib/googleauth/credentials_loader.rb, line 127
def authorized_user_env_vars?
  ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] -
    ENV.keys).empty?
end
service_account_env_vars?() click to toggle source
# File lib/googleauth/credentials_loader.rb, line 123
def service_account_env_vars?
  ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty?
end