ImpersonatedServiceAccountCredentials
class ImpersonatedServiceAccountCredentials extends CredentialsLoader implements SignBlobInterface (View source)
Traits
Constants
TOKEN_CREDENTIAL_URI |
|
ENV_VAR |
|
QUOTA_PROJECT_ENV_VAR |
|
WELL_KNOWN_PATH |
|
NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
MTLS_WELL_KNOWN_PATH |
|
MTLS_CERT_ENV_VAR |
|
Properties
protected string | $impersonatedServiceAccountName | ||
protected UserRefreshCredentials | $sourceCredentials |
Methods
Updates metadata with the authorization token.
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
Gets a callable which returns the default device certification.
Determines whether or not the default device certificate should be loaded.
Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.
Sign a string using the default service account private key.
Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that has be created with the --impersonated-service-account flag.
Get the client name from the keyfile
No description
No description
No description
Details
in UpdateMetadataTrait at line 35
callable
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
in UpdateMetadataTrait at line 48
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
in CredentialsLoader at line 77
static array |null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
in CredentialsLoader at line 103
static array |null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
in CredentialsLoader at line 131
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)
Create a new Credentials instance.
in CredentialsLoader at line 172
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
in CredentialsLoader at line 197
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
in CredentialsLoader at line 209
static string|null
quotaProjectFromEnv()
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
in CredentialsLoader at line 220
static callable|null
getDefaultClientCertSource()
Gets a callable which returns the default device certification.
in CredentialsLoader at line 245
static bool
shouldLoadClientCertSource()
Determines whether or not the default device certificate should be loaded.
in CredentialsLoader at line 284
string
getUniverseDomain()
Get the universe domain from the credential. Defaults to "googleapis.com" for all credential types which do not support universe domain.
in IamSignerTrait at line 48
string
signBlob(string $stringToSign, bool $forceOpenSsl = false, string $accessToken = null)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.
at line 48
__construct(string|string[] $scope, string|array $jsonKey)
Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that has be created with the --impersonated-service-account flag.
at line 104
string
getClientName(callable $unusedHttpHandler = null)
Get the client name from the keyfile
In this implementation, it will return the issuers email from the oauth token.