Class: Mongo::Crypt::KMS::GCP::Credentials Private
| Relationships & Source Files | |
| Super Chains via Extension / Inclusion / Inheritance | |
|
Class Chain:
self,
Forwardable
|
|
|
Instance Chain:
|
|
| Inherits: | Object |
| Defined in: | lib/mongo/crypt/kms/gcp/credentials.rb |
Overview
::Mongo::Crypt::KMS::GCP Cloud Key Management Credentials object contains credentials for
using ::Mongo::Crypt::KMS::GCP KMS provider.
Constant Summary
-
FORMAT_HINT =
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 44'GCP KMS provider options must be in the format: ' + "{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"
Class Method Summary
-
.new(opts) ⇒ Credentials
constructor
Internal use only
Creates an
::Mongo::Crypt::KMS::GCPKMS credentials object form a parameters hash.
Instance Attribute Summary
- #access_token ⇒ String | nil readonly Internal use only
- #email ⇒ String readonly Internal use only
- #endpoint ⇒ String | nil readonly Internal use only
- #private_key ⇒ String readonly Internal use only
Instance Method Summary
-
#to_document ⇒ BSON::Document
Internal use only
Convert credentials object to a BSON document in libmongocrypt format.
::Mongo::Crypt::KMS::Validations - Included
| #validate_param | Validate if a |
| #validate_tls_options | Validate KMS TLS options. |
Constructor Details
.new(opts) ⇒ Credentials
Creates an ::Mongo::Crypt::KMS::GCP KMS credentials object form a parameters hash.
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 60
def initialize(opts) @opts = opts return if empty? if opts[:access_token] @access_token = opts[:access_token] else @email = validate_param(:email, opts, FORMAT_HINT) @private_key = begin private_key_opt = validate_param(:private_key, opts, FORMAT_HINT) if BSON::Environment.jruby? # We cannot really validate private key on JRuby, so we assume # it is in base64 encoded DER format. private_key_opt else # Check if private key is in PEM format. pkey = OpenSSL::PKey::RSA.new(private_key_opt) # PEM it is, need to be converted to base64 encoded DER. der = if pkey.respond_to?(:private_to_der) pkey.private_to_der else pkey.to_der end Base64.encode64(der) end rescue OpenSSL::PKey::RSAError # Check if private key is in DER. begin OpenSSL::PKey.read(Base64.decode64(private_key_opt)) # Private key is fine, use it. private_key_opt rescue OpenSSL::PKey::PKeyError raise ArgumentError.new( 'The private_key option must be either either base64 encoded DER format, or PEM format.' ) end end @endpoint = validate_param( :endpoint, opts, FORMAT_HINT, required: false ) end end
Instance Attribute Details
#access_token ⇒ String | nil (readonly)
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 39
attr_reader :access_token
#email ⇒ String (readonly)
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 30
attr_reader :email
#endpoint ⇒ String | nil (readonly)
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 36
attr_reader :endpoint
#private_key ⇒ String (readonly)
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 33
attr_reader :private_key
Instance Method Details
#to_document ⇒ BSON::Document
Convert credentials object to a BSON document in libmongocrypt format.
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 107
def to_document return BSON::Document.new if empty? if access_token BSON::Document.new({ accessToken: access_token }) else BSON::Document.new({ email: email, privateKey: BSON::Binary.new(private_key, :generic), }).tap do |bson| bson.update({ endpoint: endpoint }) unless endpoint.nil? end end end