ImpersonatedServiceAccountCredentials
class ImpersonatedServiceAccountCredentials extends CredentialsLoader implements SignBlobInterface (View source)
Traits
Provides shared methods for updating request metadata (request headers).
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| QUOTA_PROJECT_ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| MTLS_WELL_KNOWN_PATH |
|
| MTLS_CERT_ENV_VAR |
|
Properties
| protected string | $impersonatedServiceAccountName | ||
| protected UserRefreshCredentials | $sourceCredentials |
Methods
Updates metadata with the authorization token.
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
Gets a callable which returns the default device certification.
Determines whether or not the default device certificate should be loaded.
Sign a string using the default service account private key.
Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that has be created with the --impersonated-service-account flag.
Get the client name from the keyfile
No description
No description
No description
Details
callable
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
static array|null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
static array|null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)
Create a new Credentials instance.
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
static string|null
quotaProjectFromEnv()
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
static callable|null
getDefaultClientCertSource()
Gets a callable which returns the default device certification.
static bool
shouldLoadClientCertSource()
Determines whether or not the default device certificate should be loaded.
string
signBlob(string $stringToSign, bool $forceOpenSsl = false, string $accessToken = null)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.
__construct(string|string[] $scope, string|array $jsonKey)
Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that has be created with the --impersonated-service-account flag.
string
getClientName(callable $unusedHttpHandler = null)
Get the client name from the keyfile
In this implementation, it will return the issuers email from the oauth token.
array
fetchAuthToken(callable $httpHandler = null)
No description
string
getCacheKey()
No description
null|array
getLastReceivedToken()
No description