GCECredentials
class GCECredentials extends CredentialsLoader implements SignBlobInterface, ProjectIdProviderInterface, GetQuotaProjectInterface (View source)
GCECredentials supports authorization on Google Compute Engine.
It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:
use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;
$gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);
$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' ]);
$res = $client->get('myproject/taskqueues/myqueue');
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| cacheKey |
|
| METADATA_IP |
The metadata IP address on appengine instances. The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine. |
| TOKEN_URI_PATH |
The metadata path of the default token. |
| ID_TOKEN_URI_PATH |
The metadata path of the default id token. |
| CLIENT_ID_URI_PATH |
The metadata path of the client ID. |
| PROJECT_ID_URI_PATH |
The metadata path of the project ID. |
| FLAVOR_HEADER |
The header whose presence indicates GCE presence. |
| MAX_COMPUTE_PING_TRIES |
Note: the explicit This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios. |
| COMPUTE_PING_CONNECTION_TIMEOUT_S |
|
Properties
| protected | $lastReceivedToken | Result of fetchAuthToken. |
Methods
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Updates metadata with the authorization token.
No description
The full uri for accessing the default token.
The full uri for accessing the default service account.
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
Determines if this a GCE instance, by accessing the expected metadata host.
Implements FetchAuthTokenInterface#fetchAuthToken.
No description
No description
Get the client name from GCE metadata.
Sign a string using the default service account private key.
Fetch the default Project ID from compute engine.
Get the quota project used for this API request
Details
in CredentialsLoader at line 86
static array|null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
in CredentialsLoader at line 112
static array|null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
in CredentialsLoader at line 140
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|array $scope, array $jsonKey, string|array $defaultScope = null)
Create a new Credentials instance.
in CredentialsLoader at line 171
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
in CredentialsLoader at line 208
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
in CredentialsLoader at line 219
array
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
in CredentialsLoader at line 232
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
at line 177
__construct(Iam $iam = null, string|array $scope = null, string $targetAudience = null, string $quotaProject = null, string $serviceAccountIdentity = null)
at line 219
static string
getTokenUri(string $serviceAccountIdentity = null)
The full uri for accessing the default token.
at line 241
static string
getClientNameUri(string $serviceAccountIdentity = null)
The full uri for accessing the default service account.
at line 298
static bool
onAppEngineFlexible()
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
at line 311
static bool
onGce(callable $httpHandler = null)
Determines if this a GCE instance, by accessing the expected metadata host.
If $httpHandler is not specified a the default HttpHandler is used.
at line 365
array
fetchAuthToken(callable $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.
at line 398
string
getCacheKey()
at line 406
null|array
getLastReceivedToken()
at line 426
string
getClientName(callable $httpHandler = null)
Get the client name from GCE metadata.
Subsequent calls will return a cached value.
at line 464
string
signBlob(string $stringToSign, bool $forceOpenSsl = false)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.
at line 490
string|null
getProjectId(callable $httpHandler = null)
Fetch the default Project ID from compute engine.
Returns null if called outside GCE.
at line 537
string|null
getQuotaProject()
Get the quota project used for this API request