GCECredentials
class GCECredentials extends CredentialsLoader implements SignBlobInterface (View source)
GCECredentials supports authorization on Google Compute Engine.
It can be used to authorize requests using the AuthTokenMiddleware, but will only succeed if being run on GCE:
use Google\Auth\Credentials\GCECredentials; use Google\Auth\Middleware\AuthTokenMiddleware; use GuzzleHttp\Client; use GuzzleHttp\HandlerStack;
$gce = new GCECredentials(); $middleware = new AuthTokenMiddleware($gce); $stack = HandlerStack::create(); $stack->push($middleware);
$client = new Client([ 'handler' => $stack, 'base_uri' => 'https://www.googleapis.com/taskqueue/v1beta2/projects/', 'auth' => 'google_auth' ]);
$res = $client->get('myproject/taskqueues/myqueue');
Constants
| TOKEN_CREDENTIAL_URI |
|
| ENV_VAR |
|
| WELL_KNOWN_PATH |
|
| NON_WINDOWS_WELL_KNOWN_PATH_BASE |
|
| AUTH_METADATA_KEY |
|
| cacheKey |
|
| METADATA_IP |
The metadata IP address on appengine instances. The IP is used instead of the domain 'metadata' to avoid slow responses when not on Compute Engine. |
| TOKEN_URI_PATH |
The metadata path of the default token. |
| ID_TOKEN_URI_PATH |
The metadata path of the default id token. |
| CLIENT_ID_URI_PATH |
The metadata path of the client ID. |
| FLAVOR_HEADER |
The header whose presence indicates GCE presence. |
| MAX_COMPUTE_PING_TRIES |
Note: the explicit This allows us to limit the total ping maximum timeout to 1.5 seconds for developer desktop scenarios. |
| COMPUTE_PING_CONNECTION_TIMEOUT_S |
|
Properties
| protected | $lastReceivedToken | Result of fetchAuthToken. |
Methods
Load a JSON key from the path specified in the environment.
Create a new Credentials instance.
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
Create a new instance of InsecureCredentials.
export a callback function which updates runtime metadata.
Updates metadata with the authorization token.
No description
The full uri for accessing the default token.
The full uri for accessing the default service account.
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
Determines if this a GCE instance, by accessing the expected metadata host.
Implements FetchAuthTokenInterface#fetchAuthToken.
No description
No description
Get the client name from GCE metadata.
Sign a string using the default service account private key.
Details
static array
fromEnv()
Load a JSON key from the path specified in the environment.
Load a JSON key from the path specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS. Return null if GOOGLE_APPLICATION_CREDENTIALS is not specified.
static array
fromWellKnownFile()
Load a JSON key from a well known path.
The well known path is OS dependent:
- windows: %APPDATA%/gcloud/application_default_credentials.json
- others: $HOME/.config/gcloud/application_default_credentials.json
If the file does not exists, this returns null.
static ServiceAccountCredentials|UserRefreshCredentials
makeCredentials(string|array $scope, array $jsonKey)
Create a new Credentials instance.
static Client
makeHttpClient(FetchAuthTokenInterface $fetcher, array $httpClientOptions = [], callable $httpHandler = null, callable $tokenCallback = null)
Create an authorized HTTP Client from an instance of FetchAuthTokenInterface.
static InsecureCredentials
makeInsecureCredentials()
Create a new instance of InsecureCredentials.
array
getUpdateMetadataFunc()
export a callback function which updates runtime metadata.
array
updateMetadata(array $metadata, string $authUri = null, callable $httpHandler = null)
Updates metadata with the authorization token.
__construct(Iam $iam = null, string|array $scope = null, string $targetAudience = null)
No description
static string
getTokenUri()
The full uri for accessing the default token.
static string
getClientNameUri()
The full uri for accessing the default service account.
static true
onAppEngineFlexible()
Determines if this an App Engine Flexible instance, by accessing the GAE_INSTANCE environment variable.
static true
onGce(callable $httpHandler = null)
Determines if this a GCE instance, by accessing the expected metadata host.
If $httpHandler is not specified a the default HttpHandler is used.
array
fetchAuthToken(callable $httpHandler = null)
Implements FetchAuthTokenInterface#fetchAuthToken.
Fetches the auth tokens from the GCE metadata host if it is available. If $httpHandler is not specified a the default HttpHandler is used.
string
getCacheKey()
No description
null|array
getLastReceivedToken()
No description
string
getClientName(callable $httpHandler = null)
Get the client name from GCE metadata.
Subsequent calls will return a cached value.
string
signBlob(string $stringToSign, bool $forceOpenSsl = false)
Sign a string using the default service account private key.
This implementation uses IAM's signBlob API.