Class: Mongo::Crypt::KMS::GCP::CredentialsRetriever Private

Do not use. This class is for internal use only.

Relationships & Source Files
Inherits:	Object
Defined in:	lib/mongo/crypt/kms/gcp/credentials_retriever.rb

Overview

This class retrieves GPC credentials using Google Compute Engine metadata host. This should be used when the driver is used on the Google Compute Engine instance.

Constant Summary

DEFAULT_HOST =
# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 30
```
'metadata.google.internal'
```
METADATA_HOST_ENV =
# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 28
```
'GCE_METADATA_HOST'
```

Class Method Summary

.fetch_access_token Internal use only

Class Method Details

.fetch_access_token

[ GitHub ]

# File 'lib/mongo/crypt/kms/gcp/credentials_retriever.rb', line 32


def self.fetch_access_token
  host = ENV.fetch(METADATA_HOST_ENV) { DEFAULT_HOST }
  uri = URI("http://#{host}/computeMetadata/v1/instance/service-accounts/default/token")
  req = Net::HTTP::Get.new(uri)
  req['Metadata-Flavor'] = 'Google'
  resp = Net::HTTP.start(uri.hostname, uri.port, use_ssl: false) do |http|
    http.request(req)
  end
  if resp.code != '200'
    raise KMS::CredentialsNotFound,
      "GCE metadata host responded with code #{resp.code}"
  end
  parsed_resp = JSON.parse(resp.body)
  parsed_resp.fetch('access_token')
rescue JSON::ParserError, KeyError => e
  raise KMS::CredentialsNotFound,
    "GCE metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.message}"
  rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e
    raise KMS::CredentialsNotFound,
          "Could not receive GCP metadata response; #{e.class}: #{e.message}"
end