source: vendor/google/auth/src/Credentials/ImpersonatedServiceAccountCredentials.php

Last change on this file was e3d4e0a, checked in by Vlado 222039 <vlado.popovski@…>, 8 days ago

Upload project files

  • Property mode set to 100644
File size: 4.9 KB
Line 
1<?php
2
3/*
4 * Copyright 2022 Google Inc.
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19namespace Google\Auth\Credentials;
20
21use Google\Auth\CredentialsLoader;
22use Google\Auth\IamSignerTrait;
23use Google\Auth\SignBlobInterface;
24
25class ImpersonatedServiceAccountCredentials extends CredentialsLoader implements SignBlobInterface
26{
27 use IamSignerTrait;
28
29 private const CRED_TYPE = 'imp';
30
31 /**
32 * @var string
33 */
34 protected $impersonatedServiceAccountName;
35
36 /**
37 * @var UserRefreshCredentials
38 */
39 protected $sourceCredentials;
40
41 /**
42 * Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that
43 * has be created with the --impersonated-service-account flag.
44 *
45 * @param string|string[] $scope The scope of the access request, expressed either as an
46 * array or as a space-delimited string.
47 * @param string|array<mixed> $jsonKey JSON credential file path or JSON credentials
48 * as an associative array.
49 */
50 public function __construct(
51 $scope,
52 $jsonKey
53 ) {
54 if (is_string($jsonKey)) {
55 if (!file_exists($jsonKey)) {
56 throw new \InvalidArgumentException('file does not exist');
57 }
58 $json = file_get_contents($jsonKey);
59 if (!$jsonKey = json_decode((string) $json, true)) {
60 throw new \LogicException('invalid json for auth config');
61 }
62 }
63 if (!array_key_exists('service_account_impersonation_url', $jsonKey)) {
64 throw new \LogicException(
65 'json key is missing the service_account_impersonation_url field'
66 );
67 }
68 if (!array_key_exists('source_credentials', $jsonKey)) {
69 throw new \LogicException('json key is missing the source_credentials field');
70 }
71
72 $this->impersonatedServiceAccountName = $this->getImpersonatedServiceAccountNameFromUrl(
73 $jsonKey['service_account_impersonation_url']
74 );
75
76 $this->sourceCredentials = new UserRefreshCredentials(
77 $scope,
78 $jsonKey['source_credentials']
79 );
80 }
81
82 /**
83 * Helper function for extracting the Server Account Name from the URL saved in the account
84 * credentials file.
85 *
86 * @param $serviceAccountImpersonationUrl string URL from "service_account_impersonation_url"
87 * @return string Service account email or ID.
88 */
89 private function getImpersonatedServiceAccountNameFromUrl(
90 string $serviceAccountImpersonationUrl
91 ): string {
92 $fields = explode('/', $serviceAccountImpersonationUrl);
93 $lastField = end($fields);
94 $splitter = explode(':', $lastField);
95 return $splitter[0];
96 }
97
98 /**
99 * Get the client name from the keyfile
100 *
101 * In this implementation, it will return the issuers email from the oauth token.
102 *
103 * @param callable|null $unusedHttpHandler not used by this credentials type.
104 * @return string Token issuer email
105 */
106 public function getClientName(?callable $unusedHttpHandler = null)
107 {
108 return $this->impersonatedServiceAccountName;
109 }
110
111 /**
112 * @param callable|null $httpHandler
113 *
114 * @return array<mixed> {
115 * A set of auth related metadata, containing the following
116 *
117 * @type string $access_token
118 * @type int $expires_in
119 * @type string $scope
120 * @type string $token_type
121 * @type string $id_token
122 * }
123 */
124 public function fetchAuthToken(?callable $httpHandler = null)
125 {
126 // We don't support id token endpoint requests as of now for Impersonated Cred
127 return $this->sourceCredentials->fetchAuthToken(
128 $httpHandler,
129 $this->applyTokenEndpointMetrics([], 'at')
130 );
131 }
132
133 /**
134 * Returns the Cache Key for the credentials
135 * The cache key is the same as the UserRefreshCredentials class
136 *
137 * @return string
138 */
139 public function getCacheKey()
140 {
141 return $this->sourceCredentials->getCacheKey();
142 }
143
144 /**
145 * @return array<mixed>
146 */
147 public function getLastReceivedToken()
148 {
149 return $this->sourceCredentials->getLastReceivedToken();
150 }
151
152 protected function getCredType(): string
153 {
154 return self::CRED_TYPE;
155 }
156}
Note: See TracBrowser for help on using the repository browser.