Class: Mongo::Crypt::KMS::GCP::CredentialsRetriever Private
- Inherits:
-
Object
- Object
- Mongo::Crypt::KMS::GCP::CredentialsRetriever
- Defined in:
- build/ruby-driver-v2.19/lib/mongo/crypt/kms/gcp/credentials_retriever.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
This class retrieves GPC credentials using Google Compute Engine metadata host. This should be used when the driver is used on the Google Compute Engine instance.
Constant Summary collapse
- METADATA_HOST_ENV =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
'GCE_METADATA_HOST'- DEFAULT_HOST =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
'metadata.google.internal'
Class Method Summary collapse
- .fetch_access_token ⇒ Object private
Class Method Details
.fetch_access_token ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'build/ruby-driver-v2.19/lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 32 def self.fetch_access_token host = ENV.fetch(METADATA_HOST_ENV) { DEFAULT_HOST } uri = URI("http://#{host}/computeMetadata/v1/instance/service-accounts/default/token") req = Net::HTTP::Get.new(uri) req['Metadata-Flavor'] = 'Google' resp = Net::HTTP.start(uri.hostname, uri.port, use_ssl: false) do |http| http.request(req) end if resp.code != '200' raise KMS::CredentialsNotFound, "GCE metadata host responded with code #{resp.code}" end parsed_resp = JSON.parse(resp.body) parsed_resp.fetch('access_token') rescue JSON::ParserError, KeyError => e raise KMS::CredentialsNotFound, "GCE metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.}" rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e raise KMS::CredentialsNotFound, "Could not receive GCP metadata response; #{e.class}: #{e.}" end |