module Google::Auth::ExternalAccount::ExternalAccountUtils
Authenticates requests using External Account credentials, such as those provided by the AWS provider or OIDC provider like Azure, etc.
Constants
- CLOUD_RESOURCE_MANAGER
-
Cloud resource manager URL used to retrieve project information.
Public Instance Methods
Source
# File lib/googleauth/external_account/external_account_utils.rb, line 77 def normalize_timestamp time case time when NilClass nil when Time time when String Time.parse time else raise "Invalid time value #{time}" end end
Source
# File lib/googleauth/external_account/external_account_utils.rb, line 42 def project_id return @project_id unless @project_id.nil? project_number = self.project_number || @workforce_pool_user_project # if we missing either project number or scope, we won't retrieve project_id return nil if project_number.nil? || @scope.nil? url = "#{CLOUD_RESOURCE_MANAGER}#{project_number}" response = connection.get url do |req| req.headers["Authorization"] = "Bearer #{@access_token}" req.headers["Content-Type"] = "application/json" end if response.status == 200 response_data = MultiJson.load response.body, symbolize_names: true @project_id = response_data[:projectId] end @project_id end
Retrieves the project ID corresponding to the workload identity or workforce pool. For workforce pool credentials, it returns the project ID corresponding to the workforce_pool_user_project. When not determinable, None is returned.
The resource may not have permission (resourcemanager.projects.get) to call this API or the required scopes may not be selected: cloud.google.com/resource-manager/reference/rest/v1/projects/get#authorization-scopes
@return [string,nil]
The project ID corresponding to the workload identity pool or workforce pool if determinable.
Source
# File lib/googleauth/external_account/external_account_utils.rb, line 70 def project_number segments = @audience.split "/" idx = segments.index "projects" return nil if idx.nil? || idx + 1 == segments.size segments[idx + 1] end
Retrieve the project number corresponding to workload identity pool STS audience pattern:
`//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/...`
@return [string, nil]
Source
# File lib/googleauth/external_account/external_account_utils.rb, line 90 def service_account_email return nil if @service_account_impersonation_url.nil? start_idx = @service_account_impersonation_url.rindex "/" end_idx = @service_account_impersonation_url.index ":generateAccessToken" if start_idx != -1 && end_idx != -1 && start_idx < end_idx start_idx += 1 return @service_account_impersonation_url[start_idx..end_idx] end nil end