Class: Mongo::Crypt::KMS::GCP::Credentials Private

Inherits:
Object
  • Object
show all
Includes:
Validations
Defined in:
build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

GCP Cloud Key Management Credentials object contains credentials for using GCP KMS provider.

Constant Summary collapse

FORMAT_HINT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

"GCP KMS provider options must be in the format: " +
"{ email: 'EMAIL', private_key: 'PRIVATE-KEY' }"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Validations

#validate_param, validate_tls_options

Constructor Details

#initialize(opts) ⇒ Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates an GCP KMS credentials object form a parameters hash.

Parameters:

  • opts (Hash)

    A hash that contains credentials for GCP KMS provider

Options Hash (opts):

  • :email (String)

    GCP email.

  • :private_key (String)

    GCP private key. This method accepts private key in either base64 encoded DER format, or PEM format.

  • :endpoint (String | nil)

    GCP endpoint, optional.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 52

def initialize(opts)
  @email = validate_param(:email, opts, FORMAT_HINT)

  @private_key = begin
    private_key_opt = validate_param(:private_key, opts, FORMAT_HINT)
    if BSON::Environment.jruby?
      # We cannot really validate private key on JRuby, so we assume
      # it is in base64 encoded DER format.
      private_key_opt
    else
      # Check if private key is in PEM format.
      pkey = OpenSSL::PKey::RSA.new(private_key_opt)
      # PEM it is, need to be converted to base64 encoded DER.
      der = if pkey.respond_to?(:private_to_der)
        pkey.private_to_der
      else
        pkey.to_der
      end
      Base64.encode64(der)
    end
  rescue OpenSSL::PKey::RSAError
    # Check if private key is in DER.
    begin
      OpenSSL::PKey.read(Base64.decode64(private_key_opt))
      # Private key is fine, use it.
      private_key_opt
    rescue OpenSSL::PKey::PKeyError
      raise ArgumentError.new(
        "The private_key option must be either either base64 encoded DER format, or PEM format."
      )
    end
  end

  @endpoint = validate_param(
    :endpoint, opts, FORMAT_HINT, required: false
  )
end

Instance Attribute Details

#emailString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP email to authenticate with.

Returns:

  • (String)

    GCP email to authenticate with.



30
31
32
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 30

def email
  @email
end

#endpointString | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP KMS endpoint.

Returns:

  • (String | nil)

    GCP KMS endpoint.



36
37
38
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 36

def endpoint
  @endpoint
end

#private_keyString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns GCP private key, base64 encoded DER format.

Returns:

  • (String)

    GCP private key, base64 encoded DER format.



33
34
35
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 33

def private_key
  @private_key
end

Instance Method Details

#to_documentBSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

  • (BSON::Document)

    Azure KMS credentials in libmongocrypt format.



93
94
95
96
97
98
99
100
101
102
# File 'build/ruby-driver-master/lib/mongo/crypt/kms/gcp.rb', line 93

def to_document
  BSON::Document.new({
    email: email,
    privateKey: BSON::Binary.new(private_key, :generic),
  }).tap do |bson|
    unless endpoint.nil?
      bson.update({ endpoint: endpoint })
    end
  end
end