Class: Mongo::Crypt::KMS::GCP::Credentials Private
- Inherits:
-
Object
- Object
- Mongo::Crypt::KMS::GCP::Credentials
- Includes:
- Validations
- Defined in:
- build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
GCP Cloud Key Management Credentials object contains credentials for using GCP KMS provider.
Constant Summary collapse
- FORMAT_HINT =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"GCP KMS provider options must be in the format: " + "{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"
Instance Attribute Summary collapse
-
#email ⇒ String
readonly
private
GCP email to authenticate with.
-
#endpoint ⇒ String | nil
readonly
private
GCP KMS endpoint.
-
#private_key ⇒ String
readonly
private
GCP private key, base64 encoded DER format.
Instance Method Summary collapse
-
#initialize(opts) ⇒ Credentials
constructor
private
Creates an GCP KMS credentials object form a parameters hash.
-
#to_document ⇒ BSON::Document
private
Convert credentials object to a BSON document in libmongocrypt format.
Methods included from Validations
#validate_param, validate_tls_options
Constructor Details
#initialize(opts) ⇒ Credentials
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Creates an GCP KMS credentials object form a parameters hash.
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 52 def initialize(opts) @email = validate_param(:email, opts, FORMAT_HINT) @private_key = begin private_key_opt = validate_param(:private_key, opts, FORMAT_HINT) if BSON::Environment.jruby? # We cannot really validate private key on JRuby, so we assume # it is in base64 encoded DER format. private_key_opt else # Check if private key is in PEM format. pkey = OpenSSL::PKey::RSA.new(private_key_opt) # PEM it is, need to be converted to base64 encoded DER. der = if pkey.respond_to?(:private_to_der) pkey.private_to_der else pkey.to_der end Base64.encode64(der) end rescue OpenSSL::PKey::RSAError # Check if private key is in DER. begin OpenSSL::PKey.read(Base64.decode64(private_key_opt)) # Private key is fine, use it. private_key_opt rescue OpenSSL::PKey::PKeyError raise ArgumentError.new( "The private_key option must be either either base64 encoded DER format, or PEM format." ) end end @endpoint = validate_param( :endpoint, opts, FORMAT_HINT, required: false ) end |
Instance Attribute Details
#email ⇒ String (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP email to authenticate with.
30 31 32 |
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 30 def email @email end |
#endpoint ⇒ String | nil (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP KMS endpoint.
36 37 38 |
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 36 def endpoint @endpoint end |
#private_key ⇒ String (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns GCP private key, base64 encoded DER format.
33 34 35 |
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 33 def private_key @private_key end |
Instance Method Details
#to_document ⇒ BSON::Document
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Convert credentials object to a BSON document in libmongocrypt format.
93 94 95 96 97 98 99 100 101 102 |
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 93 def to_document BSON::Document.new({ email: email, privateKey: BSON::Binary.new(private_key, :generic), }).tap do |bson| unless endpoint.nil? bson.update({ endpoint: endpoint }) end end end |