Class: Mongo::Crypt::KMS::GCP::Credentials Private

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Validations
Defined in:
build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

GCP Cloud Key Management Credentials object contains credentials for using GCP KMS provider.

Constant Summary collapse

FORMAT_HINT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

"GCP KMS provider options must be in the format: " +
"{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Validations

#validate_param, validate_tls_options

Constructor Details

#initialize(opts) ⇒ Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates an GCP KMS credentials object form a parameters hash.

Parameters:

  • opts (Hash)

    A hash that contains credentials for GCP KMS provider

Options Hash (opts):

  • :email (String)

    GCP email.

  • :private_key (String)

    GCP private key. This method accepts private key in either base64 encoded DER format, or PEM format.

  • :endpoint (String | nil)

    GCP endpoint, optional.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# File 'build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb', line 56

def initialize(opts)
  @opts = opts
  return if empty?

  @email = validate_param(:email, opts, FORMAT_HINT)
  @private_key = begin
    private_key_opt = validate_param(:private_key, opts, FORMAT_HINT)
    if BSON::Environment.jruby?
      # We cannot really validate private key on JRuby, so we assume
      # it is in base64 encoded DER format.
      private_key_opt
    else
      # Check if private key is in PEM format.
      pkey = OpenSSL::PKey::RSA.new(private_key_opt)
      # PEM it is, need to be converted to base64 encoded DER.
      der = if pkey.respond_to?(:private_to_der)
        pkey.private_to_der
      else
        pkey.to_der
      end
      Base64.encode64(der)
    end
  rescue OpenSSL::PKey::RSAError
    # Check if private key is in DER.
    begin
      OpenSSL::PKey.read(Base64.decode64(private_key_opt))
      # Private key is fine, use it.
      private_key_opt
    rescue OpenSSL::PKey::PKeyError
      raise ArgumentError.new(
        "The private_key option must be either either base64 encoded DER format, or PEM format."
      )
    end
  end

  @endpoint = validate_param(
    :endpoint, opts, FORMAT_HINT, required: false
  )
end

Instance Attribute Details

#emailString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP email to authenticate with.

Returns:

  • (String)

    GCP email to authenticate with.



31
32
33
# File 'build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb', line 31

def email
  @email
end

#endpointString | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP KMS endpoint.

Returns:

  • (String | nil)

    GCP KMS endpoint.



37
38
39
# File 'build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb', line 37

def endpoint
  @endpoint
end

#private_keyString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP private key, base64 encoded DER format.

Returns:

  • (String)

    GCP private key, base64 encoded DER format.



34
35
36
# File 'build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb', line 34

def private_key
  @private_key
end

Instance Method Details

#to_documentBSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

  • (BSON::Document)

    Azure KMS credentials in libmongocrypt format.



99
100
101
102
103
104
105
106
107
108
109
# File 'build/ruby-driver-v2.18/lib/mongo/crypt/kms/gcp.rb', line 99

def to_document
  return BSON::Document.new if empty?
  BSON::Document.new({
    email: email,
    privateKey: BSON::Binary.new(private_key, :generic),
  }).tap do |bson|
    unless endpoint.nil?
      bson.update({ endpoint: endpoint })
    end
  end
end