Google_Auth_ComputeEngine

Authentication via built-in Compute Engine service accounts.

Defined (1)

The class is defined in the following location(s).

/vendor/google/apiclient/src/Google/Auth/ComputeEngine.php  
  1. class Google_Auth_ComputeEngine extends Google_Auth_Abstract 
  2. const METADATA_AUTH_URL = 
  3. 'http://metadata/computeMetadata/v1/instance/service-accounts/default/token'; 
  4. private $client; 
  5. private $token; 
  6.  
  7. public function __construct(Google_Client $client, $config = null) 
  8. $this->client = $client; 
  9.  
  10. /** 
  11. * Perform an authenticated / signed apiHttpRequest. 
  12. * This function takes the apiHttpRequest, calls apiAuth->sign on it 
  13. * (which can modify the request in what ever way fits the auth mechanism) 
  14. * and then calls apiCurlIO::makeRequest on the signed request 
  15. * @param Google_Http_Request $request 
  16. * @return Google_Http_Request The resulting HTTP response including the 
  17. * responseHttpCode, responseHeaders and responseBody. 
  18. */ 
  19. public function authenticatedRequest(Google_Http_Request $request) 
  20. $request = $this->sign($request); 
  21. return $this->client->getIo()->makeRequest($request); 
  22.  
  23. /** 
  24. * @param string $token 
  25. * @throws Google_Auth_Exception 
  26. */ 
  27. public function setAccessToken($token) 
  28. $token = json_decode($token, true); 
  29. if ($token == null) { 
  30. throw new Google_Auth_Exception('Could not json decode the token'); 
  31. if (! isset($token['access_token'])) { 
  32. throw new Google_Auth_Exception("Invalid token format"); 
  33. $token['created'] = time(); 
  34. $this->token = $token; 
  35.  
  36. public function getAccessToken() 
  37. return json_encode($this->token); 
  38.  
  39. /** 
  40. * Acquires a new access token from the compute engine metadata server. 
  41. * @throws Google_Auth_Exception 
  42. */ 
  43. public function acquireAccessToken() 
  44. $request = new Google_Http_Request( 
  45. self::METADATA_AUTH_URL,  
  46. 'GET',  
  47. array( 
  48. 'Metadata-Flavor' => 'Google' 
  49. ); 
  50. $request->disableGzip(); 
  51. $response = $this->client->getIo()->makeRequest($request); 
  52.  
  53. if ($response->getResponseHttpCode() == 200) { 
  54. $this->setAccessToken($response->getResponseBody()); 
  55. $this->token['created'] = time(); 
  56. return $this->getAccessToken(); 
  57. } else { 
  58. throw new Google_Auth_Exception( 
  59. sprintf( 
  60. "Error fetching service account access token, message: '%s'",  
  61. $response->getResponseBody() 
  62. ),  
  63. $response->getResponseHttpCode() 
  64. ); 
  65.  
  66. /** 
  67. * Include an accessToken in a given apiHttpRequest. 
  68. * @param Google_Http_Request $request 
  69. * @return Google_Http_Request 
  70. * @throws Google_Auth_Exception 
  71. */ 
  72. public function sign(Google_Http_Request $request) 
  73. if ($this->isAccessTokenExpired()) { 
  74. $this->acquireAccessToken(); 
  75.  
  76. $this->client->getLogger()->debug('Compute engine service account authentication'); 
  77.  
  78. $request->setRequestHeaders( 
  79. array('Authorization' => 'Bearer ' . $this->token['access_token']) 
  80. ); 
  81.  
  82. return $request; 
  83.  
  84. /** 
  85. * Returns if the access_token is expired. 
  86. * @return bool Returns True if the access_token is expired. 
  87. */ 
  88. public function isAccessTokenExpired() 
  89. if (!$this->token || !isset($this->token['created'])) { 
  90. return true; 
  91.  
  92. // If the token is set to expire in the next 30 seconds. 
  93. $expired = ($this->token['created'] 
  94. + ($this->token['expires_in'] - 30)) < time(); 
  95.  
  96. return $expired;