Credentials — Documentation by YARD 0.9.37 (original) (raw)
Class: Mongo::Crypt::KMS::GCP::CredentialsPrivate
Inherits:
Object
- Object
- Mongo::Crypt::KMS::GCP::Credentials show all
Extended by:
Forwardable
Includes:
Defined in:
lib/mongo/crypt/kms/gcp/credentials.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
GCP Cloud Key Management Credentials object contains credentials for using GCP KMS provider.
Constant Summarycollapse
FORMAT_HINT =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"GCP KMS provider options must be in the format: " + "{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"
Instance Attribute Summary collapse
- #access_token ⇒ String | nil readonly private
GCP access token. - #email ⇒ String readonly private
GCP email to authenticate with. - #endpoint ⇒ String | nil readonly private
GCP KMS endpoint. - #private_key ⇒ String readonly private
GCP private key, base64 encoded DER format.
Instance Method Summarycollapse
- #initialize(opts) ⇒ Credentials constructor private
Creates an GCP KMS credentials object form a parameters hash. - #to_document ⇒ BSON::Document private
Convert credentials object to a BSON document in libmongocrypt format.
Methods included from Validations
#validate_param, validate_tls_options
Constructor Details
#initialize(opts) ⇒ Credentials
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Creates an GCP KMS credentials object form a parameters hash.
| 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 61 def initialize(opts) @opts = opts return if empty? if opts[:access_token] @access_token = opts[:access_token] else @email = validate_param(:email, opts, FORMAT_HINT) @private_key = begin private_key_opt = validate_param(:private_key, opts, FORMAT_HINT) if BSON::Environment.jruby? private_key_opt else pkey = OpenSSL::PKey::RSA.new(private_key_opt) der = if pkey.respond_to?(:private_to_der) pkey.private_to_der else pkey.to_der end Base64.encode64(der) end rescue OpenSSL::PKey::RSAError begin OpenSSL::PKey.read(Base64.decode64(private_key_opt)) private_key_opt rescue OpenSSL::PKey::PKeyError raise ArgumentError.new( "The private_key option must be either either base64 encoded DER format, or PEM format." ) end end @endpoint = validate_param( :endpoint, opts, FORMAT_HINT, required: false ) end end |
|---|
Instance Attribute Details
#access_token ⇒ String | nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP access token.
| 40 41 42 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 40 def access_token @access_token end |
|---|
#email ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP email to authenticate with.
| 31 32 33 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 31 def email @email end |
|---|
#endpoint ⇒ String | nil
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP KMS endpoint.
| 37 38 39 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 37 def endpoint @endpoint end |
|---|
#private_key ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP private key, base64 encoded DER format.
| 34 35 36 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 34 def private_key @private_key end |
|---|
Instance Method Details
#to_document ⇒ BSON::Document
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Convert credentials object to a BSON document in libmongocrypt format.
| 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 | # File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 108 def to_document return BSON::Document.new if empty? if access_token BSON::Document.new({ accessToken: access_token }) else BSON::Document.new({ email: email, privateKey: BSON::Binary.new(private_key, :generic), }).tap do |bson| unless endpoint.nil? bson.update({ endpoint: endpoint }) end end end end | | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |