Wrapper class for Google OAuth 2.0 GCE instance service account credentials.
Takes a service account email address or alias (e.g. "default") and uses the Google Compute Engine instance's metadata server to obtain service account metadata and OAuth 2.0 access tokens as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.
An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.
See Also
https://cloud.google.com/compute/docs/authentication#using for details on how to get started with Compute Engine service account credentials.
Constructors
ComputeEngineCredentials()
ComputeEngineCredentials(std::string)
Parameter | |
---|---|
Name | Description |
service_account_email |
std::string
|
Functions
virtual AuthorizationHeader()
Attempts to obtain a value for the Authorization HTTP header.
If unable to obtain a value for the Authorization header, which could happen for Credentials
that need to be periodically refreshed, the underlying Status
will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.
Returns | |
---|---|
Type | Description |
StatusOr< std::string > |
virtual AccountEmail() const
Return the account's email associated with these credentials, if any.
Returns | |
---|---|
Type | Description |
std::string |
service_account_email() const
Returns the email or alias of this credential's service account.
Returns | |
---|---|
Type | Description |
std::string |
scopes() const
Returns the set of scopes granted to this credential's service account.
Returns | |
---|---|
Type | Description |
std::set< std::string > |
virtual SignBlob(SigningAccount const &, std::string const &) const
Try to sign string_to_sign
using service_account
.
Some Credentials types can locally sign a blob, most often just on behalf of an specific service account. This function returns an error if the credentials cannot sign the blob at all, or if the service account is a mismatch.
Parameters | |
---|---|
Name | Description |
service_account |
SigningAccount const &
|
string_to_sign |
std::string const &
|
Returns | |
---|---|
Type | Description |
StatusOr< std::vector< std::uint8_t > > |
virtual KeyId() const
Return the account's key_id associated with these credentials, if any.
Returns | |
---|---|
Type | Description |
std::string |