lib/googleauth/credentials_loader.rb in googleauth-0.4.1 vs lib/googleauth/credentials_loader.rb in googleauth-0.4.2
- old
+ new
@@ -37,15 +37,26 @@
# CredentialsLoader contains the behaviour used to locate and find default
# credentials files on the file system.
module CredentialsLoader
extend Memoist
ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'
+
+ PRIVATE_KEY_VAR = 'GOOGLE_PRIVATE_KEY'
+ CLIENT_EMAIL_VAR = 'GOOGLE_CLIENT_EMAIL'
+ CLIENT_ID_VAR = 'GOOGLE_CLIENT_ID'
+ CLIENT_SECRET_VAR = 'GOOGLE_CLIENT_SECRET'
+ REFRESH_TOKEN_VAR = 'GOOGLE_REFRESH_TOKEN'
+ ACCOUNT_TYPE_VAR = 'GOOGLE_ACCOUNT_TYPE'
+
+ CREDENTIALS_FILE_NAME = 'application_default_credentials.json'
NOT_FOUND_ERROR =
"Unable to read the credential file specified by #{ENV_VAR}"
- WELL_KNOWN_PATH = 'gcloud/application_default_credentials.json'
+ WELL_KNOWN_PATH = "gcloud/#{CREDENTIALS_FILE_NAME}"
WELL_KNOWN_ERROR = 'Unable to read the default credential file'
+ SYSTEM_DEFAULT_ERROR = 'Unable to read the system default credential file'
+
# determines if the current OS is windows
def windows?
RbConfig::CONFIG['host_os'] =~ /Windows|mswin/
end
memoize :windows?
@@ -61,33 +72,67 @@
# Creates an instance from the path specified in an environment
# variable.
#
# @param scope [string|array|nil] the scope(s) to access
def from_env(scope = nil)
- return nil unless ENV.key?(ENV_VAR)
- path = ENV[ENV_VAR]
- fail 'file #{path} does not exist' unless File.exist?(path)
- File.open(path) do |f|
- return make_creds(f, scope)
+ if ENV.key?(ENV_VAR)
+ path = ENV[ENV_VAR]
+ fail "file #{path} does not exist" unless File.exist?(path)
+ File.open(path) do |f|
+ return make_creds(json_key_io: f, scope: scope)
+ end
+ elsif service_account_env_vars? || authorized_user_env_vars?
+ return make_creds(scope: scope)
end
rescue StandardError => e
raise "#{NOT_FOUND_ERROR}: #{e}"
end
# Creates an instance from a well known path.
#
# @param scope [string|array|nil] the scope(s) to access
def from_well_known_path(scope = nil)
- home_var, base = windows? ? 'APPDATA' : 'HOME', WELL_KNOWN_PATH
+ home_var = windows? ? 'APPDATA' : 'HOME'
+ base = WELL_KNOWN_PATH
root = ENV[home_var].nil? ? '' : ENV[home_var]
base = File.join('.config', base) unless windows?
path = File.join(root, base)
return nil unless File.exist?(path)
File.open(path) do |f|
- return make_creds(f, scope)
+ return make_creds(json_key_io: f, scope: scope)
end
rescue StandardError => e
raise "#{WELL_KNOWN_ERROR}: #{e}"
+ end
+
+ # Creates an instance from the system default path
+ #
+ # @param scope [string|array|nil] the scope(s) to access
+ def from_system_default_path(scope = nil)
+ if windows?
+ return nil unless ENV['ProgramData']
+ prefix = File.join(ENV['ProgramData'], 'Google/Auth')
+ else
+ prefix = '/etc/google/auth/'
+ end
+ path = File.join(prefix, CREDENTIALS_FILE_NAME)
+ return nil unless File.exist?(path)
+ File.open(path) do |f|
+ return make_creds(json_key_io: f, scope: scope)
+ end
+ rescue StandardError => e
+ raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
+ end
+
+ private
+
+ def service_account_env_vars?
+ ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty?
+ end
+
+ def authorized_user_env_vars?
+ ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] -
+ ENV.keys).empty?
end
end
end
end