Class: Mongo::Crypt::KMS::GCP::CredentialsRetriever Private
Do not use. This class is for internal use only.
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | lib/mongo/crypt/kms/gcp/credentials_retriever.rb |
Overview
This class retrieves ::Mongo::Crypt::KMS::GCP credentials using Google Compute Engine
metadata host. This should be used when the driver is used on the
Google Compute Engine instance.
Constant Summary
-
DEFAULT_HOST =
# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 29'metadata.google.internal' -
METADATA_HOST_ENV =
# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 27'GCE_METADATA_HOST'
Class Method Summary
-
.fetch_access_token(timeout_holder = nil) ⇒ String
Internal use only
Fetch GCP access token.
- .do_fetch(uri, req) private Internal use only
- .fetch_response(uri, req, timeout_holder) private Internal use only
Class Method Details
.do_fetch(uri, req) (private)
[ GitHub ]# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 71
def self.do_fetch(uri, req) Net::HTTP.start(uri.hostname, uri.port, use_ssl: false) do |http| http.request(req) end end
.fetch_access_token(timeout_holder = nil) ⇒ String
Fetch GCP access token.
# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 39
def self.fetch_access_token(timeout_holder = nil) host = ENV.fetch(METADATA_HOST_ENV) { DEFAULT_HOST } uri = URI("http://#{host}/computeMetadata/v1/instance/service-accounts/default/token") req = Net::HTTP::Get.new(uri) req['Metadata-Flavor'] = 'Google' resp = fetch_response(uri, req, timeout_holder) if resp.code != '200' raise KMS::CredentialsNotFound, "GCE metadata host responded with code #{resp.code}" end parsed_resp = JSON.parse(resp.body) parsed_resp.fetch('access_token') rescue JSON::ParserError, KeyError => e raise KMS::CredentialsNotFound, "GCE metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.}" rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e raise KMS::CredentialsNotFound, "Could not receive GCP metadata response; #{e.class}: #{e.}" end
.fetch_response(uri, req, timeout_holder) (private)
[ GitHub ]# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 59
def self.fetch_response(uri, req, timeout_holder) timeout_holder&.check_timeout! if timeout_holder&.timeout? ::Timeout.timeout(timeout_holder.remaining_timeout_sec, Error: TimeoutError) do do_fetch(uri, req) end else do_fetch(uri, req) end end