GCECredentials
class GCECredentials extends CredentialsLoader implements SignBlobInterface, ProjectIdProviderInterface, GetQuotaProjectInterface (View source)
GCECredentials supports authorization on Google Compute Engine.
It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:
use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;
$gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);
$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' ]);
$res = $client->get('myproject/taskqueues/myqueue');
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| MTLS_WELL_KNOWN_PATH |
|
| MTLS_CERT_ENV_VAR |
|
| cacheKey |
|
| METADATA_IP |
The metadata IP address on appengine instances. The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine. |
| TOKEN_URI_PATH |
The metadata path of the default token. |
| ID_TOKEN_URI_PATH |
The metadata path of the default id token. |
| CLIENT_ID_URI_PATH |
The metadata path of the client ID. |
| PROJECT_ID_URI_PATH |
The metadata path of the project ID. |
| FLAVOR_HEADER |
The header whose presence indicates GCE presence. |
| MAX_COMPUTE_PING_TRIES |
Note: the explicit This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios. |
| COMPUTE_PING_CONNECTION_TIMEOUT_S |
|
Properties
| protected array | $lastReceivedToken | Result of fetchAuthToken. |
Methods
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Updates metadata with the authorization token.
Gets a callable which returns the default device certification.
Determines whether or not the default device certificate should be loaded.
No description
The full uri for accessing the default token.
The full uri for accessing the default service account.
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
Determines if this a GCE instance, by accessing the expected metadata host.
Implements FetchAuthTokenInterface#fetchAuthToken.
No description
No description
Get the client name from GCE metadata.
Sign a string using the default service account private key.
Fetch the default Project ID from compute engine.
Get the quota project used for this API request
Details
static array|null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
static array|null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)
Create a new Credentials instance.
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
callable
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
static callable|null
getDefaultClientCertSource()
Gets a callable which returns the default device certification.
static bool
shouldLoadClientCertSource()
Determines whether or not the default device certificate should be loaded.
__construct(Iam $iam = null, string|string[] $scope = null, string $targetAudience = null, string $quotaProject = null, string $serviceAccountIdentity = null)
No description
static string
getTokenUri(string $serviceAccountIdentity = null)
The full uri for accessing the default token.
static string
getClientNameUri(string $serviceAccountIdentity = null)
The full uri for accessing the default service account.
static bool
onAppEngineFlexible()
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
static bool
onGce(callable $httpHandler = null)
Determines if this a GCE instance, by accessing the expected metadata host.
If $httpHandler is not specified a the default HttpHandler is used.
array
fetchAuthToken(callable $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.
string
getCacheKey()
No description
null|array
getLastReceivedToken()
No description
string
getClientName(callable $httpHandler = null)
Get the client name from GCE metadata.
Subsequent calls will return a cached value.
string
signBlob(string $stringToSign, bool $forceOpenSsl = false, string $accessToken = null)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.
string|null
getProjectId(callable $httpHandler = null)
Fetch the default Project ID from compute engine.
Returns null if called outside GCE.
string|null
getQuotaProject()
Get the quota project used for this API request