GCECredentials
class GCECredentials extends CredentialsLoader implements SignBlobInterface, ProjectIdProviderInterface, GetQuotaProjectInterface (View source)
GCECredentials supports authorization on Google Compute Engine.
It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:
use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;
$gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);
$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' ]);
$res = $client->get('myproject/taskqueues/myqueue');
Traits
Provides shared methods for updating request metadata (request headers).
Trait containing helper methods required for enabling observability metrics in the library.
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| QUOTA_PROJECT_ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| MTLS_WELL_KNOWN_PATH |
|
| MTLS_CERT_ENV_VAR |
|
| cacheKey |
|
| METADATA_IP |
The metadata IP address on appengine instances. The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine. |
| TOKEN_URI_PATH |
The metadata path of the default token. |
| ID_TOKEN_URI_PATH |
The metadata path of the default id token. |
| CLIENT_ID_URI_PATH |
The metadata path of the client ID. |
| PROJECT_ID_URI_PATH |
The metadata path of the project ID. |
| UNIVERSE_DOMAIN_URI_PATH |
The metadata path of the project ID. |
| FLAVOR_HEADER |
The header whose presence indicates GCE presence. |
| private GKE_PRODUCT_NAME_FILE |
The Linux file which contains the product name. |
| private WINDOWS_REGISTRY_KEY_PATH |
The Windows Registry key path to the product name |
| private WINDOWS_REGISTRY_KEY_NAME |
The Windows registry key name for the product name |
| private PRODUCT_NAME |
The Name of the product expected from the windows registry |
| private CRED_TYPE |
|
| MAX_COMPUTE_PING_TRIES |
Note: the explicit This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios. |
| COMPUTE_PING_CONNECTION_TIMEOUT_S |
|
Properties
| static protected string | $metricMetadataKey | from MetricsTrait | |
| protected array | $lastReceivedToken | Result of fetchAuthToken. |
Methods
No description
No description
No description
Updates metadata with the authorization token.
Load a JSON key from the path specified in the environment.
Load a JSON key from a well known path.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
Gets a callable which returns the default device certification.
Determines whether or not the default device certificate should be loaded.
Fetch the default universe domain from the metadata server.
Sign a string using the default service account private key.
No description
The full uri for accessing the default token.
The full uri for accessing the default service account.
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
Determines if this a GCE instance, by accessing the expected metadata host.
Implements FetchAuthTokenInterface#fetchAuthToken.
Returns the Cache Key for the credential token.
No description
Get the client name from GCE metadata.
Fetch the default Project ID from compute engine.
Get the quota project used for this API request
Set whether or not we've already checked the GCE environment.
Details
static protected string
getMetricsHeader(string $credType = '', string $authRequestType = '')
No description
protected array
applyServiceApiUsageMetrics(array $metadata)
No description
protected array
applyTokenEndpointMetrics(array $metadata, string $authRequestType)
No description
static protected string
getVersion()
No description
protected string
getCredType()
No description
callable
getUpdateMetadataFunc()
deprecated
deprecated
export a callback function which updates runtime metadata.
array
updateMetadata(array $metadata, string $authUri = null, callable|null $httpHandler = null)
Updates metadata with the authorization token.
static array|null
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
static array|null
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exist, this returns null.
static ServiceAccountCredentials|UserRefreshCredentials|ImpersonatedServiceAccountCredentials|ExternalAccountCredentials
makeCredentials(string|string[] $scope, array $jsonKey, string|string[] $defaultScope = null)
Create a new Credentials instance.
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable|null $httpHandler = null, callable|null $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
static string|null
quotaProjectFromEnv()
Fetch a quota project from the environment variable GOOGLE_CLOUD_QUOTA_PROJECT. Return null if GOOGLE_CLOUD_QUOTA_PROJECT is not specified.
static callable|null
getDefaultClientCertSource()
Gets a callable which returns the default device certification.
static bool
shouldLoadClientCertSource()
Determines whether or not the default device certificate should be loaded.
string
getUniverseDomain(callable|null $httpHandler = null)
Fetch the default universe domain from the metadata server.
string
signBlob(string $stringToSign, bool $forceOpenSsl = false, string $accessToken = null)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.
__construct(Iam|null $iam = null, string|string[] $scope = null, string $targetAudience = null, string $quotaProject = null, string $serviceAccountIdentity = null, string|null $universeDomain = null)
No description
static string
getTokenUri(string $serviceAccountIdentity = null)
The full uri for accessing the default token.
static string
getClientNameUri(string $serviceAccountIdentity = null)
The full uri for accessing the default service account.
static bool
onAppEngineFlexible()
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
static bool
onGce(callable|null $httpHandler = null)
Determines if this a GCE instance, by accessing the expected metadata host.
If $httpHandler is not specified a the default HttpHandler is used.
array
fetchAuthToken(callable|null $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.
string
getCacheKey()
Returns the Cache Key for the credential token.
The format for the cache key is: TokenURI
null|array
getLastReceivedToken()
No description
string
getClientName(callable|null $httpHandler = null)
Get the client name from GCE metadata.
Subsequent calls will return a cached value.
string|null
getProjectId(callable|null $httpHandler = null)
Fetch the default Project ID from compute engine.
Returns null if called outside GCE.
string|null
getQuotaProject()
Get the quota project used for this API request
void
setIsOnGce(bool $isOnGce)
Set whether or not we've already checked the GCE environment.