public class ComputeEngineCredentials extends GoogleCredentials implements ServiceAccountSigner, IdTokenProvider
OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
Fetches access tokens from the Google Compute Engine metadata server.
These credentials use the IAM API to sign data. See #sign(byte[]) for more details.
Static Methods
create()
public static ComputeEngineCredentials create()
Create a new ComputeEngineCredentials instance with default behavior.
Returns | |
---|---|
Type | Description |
ComputeEngineCredentials |
new ComputeEngineCredentials |
getIdentityDocumentUrl()
public static String getIdentityDocumentUrl()
Returns | |
---|---|
Type | Description |
String |
getMetadataServerUrl()
public static String getMetadataServerUrl()
Returns | |
---|---|
Type | Description |
String |
getMetadataServerUrl(DefaultCredentialsProvider provider)
public static String getMetadataServerUrl(DefaultCredentialsProvider provider)
Parameter | |
---|---|
Name | Description |
provider |
com.google.auth.oauth2.DefaultCredentialsProvider |
Returns | |
---|---|
Type | Description |
String |
getServiceAccountsUrl()
public static String getServiceAccountsUrl()
Returns | |
---|---|
Type | Description |
String |
getTokenServerEncodedUrl()
public static String getTokenServerEncodedUrl()
Returns | |
---|---|
Type | Description |
String |
getTokenServerEncodedUrl(DefaultCredentialsProvider provider)
public static String getTokenServerEncodedUrl(DefaultCredentialsProvider provider)
Parameter | |
---|---|
Name | Description |
provider |
com.google.auth.oauth2.DefaultCredentialsProvider |
Returns | |
---|---|
Type | Description |
String |
getUniverseDomainUrl()
public static String getUniverseDomainUrl()
Returns | |
---|---|
Type | Description |
String |
newBuilder()
public static ComputeEngineCredentials.Builder newBuilder()
Returns | |
---|---|
Type | Description |
ComputeEngineCredentials.Builder |
Methods
createScoped(Collection<String> newScopes)
public GoogleCredentials createScoped(Collection<String> newScopes)
Clones the compute engine account with the specified scopes.
Parameter | |
---|---|
Name | Description |
newScopes |
Collection<String> |
Returns | |
---|---|
Type | Description |
GoogleCredentials |
createScoped(Collection<String> newScopes, Collection<String> newDefaultScopes)
public GoogleCredentials createScoped(Collection<String> newScopes, Collection<String> newDefaultScopes)
Clones the compute engine account with the specified scopes and default scopes.
Parameters | |
---|---|
Name | Description |
newScopes |
Collection<String> |
newDefaultScopes |
Collection<String> |
Returns | |
---|---|
Type | Description |
GoogleCredentials |
equals(Object obj)
public boolean equals(Object obj)
Parameter | |
---|---|
Name | Description |
obj |
Object |
Returns | |
---|---|
Type | Description |
boolean |
getAccount()
public String getAccount()
Returns the email address associated with the GCE default service account.
Returns | |
---|---|
Type | Description |
String |
getMetricsCredentialType()
public CredentialTypeForMetrics getMetricsCredentialType()
Gets the credential type used for internal metrics header.
The default is CredentialTypeForMetrics.DO_NOT_SEND
. For a credential that is
established to track for metrics, this default should be overridden.
Returns | |
---|---|
Type | Description |
CredentialTypeForMetrics |
getScopes()
public final Collection<String> getScopes()
Returns | |
---|---|
Type | Description |
Collection<String> |
getUniverseDomain()
public String getUniverseDomain()
Gets the universe domain from the GCE metadata server.
Returns an explicit universe domain if it was provided during credential initialization.
Returns the Credentials#GOOGLE_DEFAULT_UNIVERSE if universe domain endpoint is not found (404) or returns an empty string.
Otherwise, returns universe domain from GCE metadata service.
Any above value is cached for the credential lifetime.
Returns | |
---|---|
Type | Description |
String |
string representing a universe domain in the format some-domain.xyz |
Exceptions | |
---|---|
Type | Description |
IOException |
if a call to GCE metadata service was unsuccessful. Check if exception
implements the Retryable and |
hashCode()
public int hashCode()
Returns | |
---|---|
Type | Description |
int |
idTokenWithAudience(String targetAudience, List<IdTokenProvider.Option> options)
public IdToken idTokenWithAudience(String targetAudience, List<IdTokenProvider.Option> options)
Returns a Google ID Token from the metadata server on ComputeEngine
Parameters | |
---|---|
Name | Description |
targetAudience |
String the aud: field the IdToken should include |
options |
List<Option> list of Credential specific options for the token. For example, an IDToken for a
ComputeEngineCredential could have the full formatted claims returned if
IdTokenProvider.Option.FORMAT_FULL) is provided as a list option. Valid option values are:
|
Returns | |
---|---|
Type | Description |
IdToken |
IdToken object which includes the raw id_token, JsonWebSignature |
Exceptions | |
---|---|
Type | Description |
IOException |
if the attempt to get an IdToken failed |
refreshAccessToken()
public AccessToken refreshAccessToken()
Refresh the access token by getting it from the GCE metadata server
Returns | |
---|---|
Type | Description |
AccessToken |
Exceptions | |
---|---|
Type | Description |
IOException |
sign(byte[] toSign)
public byte[] sign(byte[] toSign)
Signs the provided bytes using the private key associated with the service account.
The Compute Engine's project must enable the Identity and Access Management (IAM) API and the instance's service account must have the iam.serviceAccounts.signBlob permission. See Also: Blob Signing
Parameter | |
---|---|
Name | Description |
toSign |
byte[] bytes to sign |
Returns | |
---|---|
Type | Description |
byte[] |
signed bytes |
toBuilder()
public ComputeEngineCredentials.Builder toBuilder()
Returns | |
---|---|
Type | Description |
ComputeEngineCredentials.Builder |
toStringHelper()
protected MoreObjects.ToStringHelper toStringHelper()
A helper for overriding the toString() method. This allows inheritance of super class fields. Extending classes can override this implementation and call super implementation and add more fields. Same cannot be done with overriding the toString() directly.
Returns | |
---|---|
Type | Description |
com.google.common.base.MoreObjects.ToStringHelper |