class GCECredentials extends CredentialsLoader (View source)

GCECredentials supports authorization on Google Compute Engine.

It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:

use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;

$gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);

$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' ]);

$res = $client->get('myproject/taskqueues/myqueue');

Constants

TOKEN_CREDENTIAL_URI

ENV_VAR

WELL_KNOWN_PATH

NON_WINDOWS_WELL_KNOWN_PATH_BASE

AUTH_METADATA_KEY

cacheKey

METADATA_IP

The metadata IP address on appengine instances.

The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine.

TOKEN_URI_PATH

The metadata path of the default token.

FLAVOR_HEADER

The header whose presence indicates GCE presence.

MAX_COMPUTE_PING_TRIES

Note: the explicit timeout and tries below is a workaround. The underlying issue is that resolving an unknown host on some networks will take 20-30 seconds; making this timeout short fixes the issue, but could lead to false negatives in the event that we are on GCE, but the metadata resolution was particularly slow. The latter case is "unlikely" since the expected 4-nines time is about 0.5 seconds.

This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios.

COMPUTE_PING_CONNECTION_TIMEOUT_S

Properties

protected $lastReceivedToken

Result of fetchAuthToken.

Methods

static array
fromEnv()

Load a JSON key from the path specified in the environment.

static array
fromWellKnownFile()

Load a JSON key from a well known path.

makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

array
getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

static string
getTokenUri()

The full uri for accessing the default token.

static true
onAppEngineFlexible()

Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.

static true
onGce(callable $httpHandler = null)

Determines if this a GCE instance, by accessing the expected metadata host.

array
fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

string
getCacheKey()

No description

null|array
getLastReceivedToken()

No description

Details

static array fromEnv()

Load a JSON key from the path specified in the environment.

Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.

Return Value

array

JSON key | null

static array fromWellKnownFile()

Load a JSON key from a well known path.

The well known path is OS dependent:

  • windows: %APPDATA%/gcloud/application_default_credentials.json
  • others: $HOME/.config/gcloud/application_default_credentials.json

If the file does not exists, this returns null.

Return Value

array

JSON key | null

static ServiceAccountCredentials|UserRefreshCredentials makeCredentials(string|array $scope, array $jsonKey)

Create a new Credentials instance.

Parameters

string|array $scope

the scope of the access request, expressed either as an Array or as a space-delimited String.

array $jsonKey

the JSON credentials.

Return Value

ServiceAccountCredentials|UserRefreshCredentials

static Client makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)

Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.

Parameters

FetchAuthTokenInterface $fetcher

is used to fetch the auth token

array $httpClientOptions
callable $httpHandler

(optional) http client to fetch the token.

callable $tokenCallback

(optional) function to be called when a new token is fetched.

Return Value

Client

array getUpdateMetadataFunc()

export a callback function which updates runtime metadata.

Return Value

array

updateMetadata function

array updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)

Updates metadata with the authorization token.

Parameters

array $metadata

metadata hashmap

string $authUri

optional auth uri

callable $httpHandler

callback which delivers psr7 request

Return Value

array

updated metadata hashmap

static string getTokenUri()

The full uri for accessing the default token.

Return Value

string

static true onAppEngineFlexible()

Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.

Return Value

true

if this an App Engine Flexible Instance, false otherwise

static true onGce(callable $httpHandler = null)

Determines if this a GCE instance, by accessing the expected metadata host.

If $httpHandler is not specified a the default HttpHandler is used.

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

true

if this a GCEInstance false otherwise

array fetchAuthToken(callable $httpHandler = null)

Implements FetchAuthTokenInterface#fetchAuthToken.

Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

Exceptions

Exception

string getCacheKey()

No description

Return Value

string

a key that may be used to cache the auth token.

null|array getLastReceivedToken()

No description

Return Value

null|array

{ The last received access token.