Copyright | (c) 2015-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | provisional |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Application Default Credentials are suited for cases when access to a Google service needs to have the same identity and authorization level for the application independent of the user. This is Google's the recommended approach to authorize calls to Google Cloud APIs, particularly when you're building an application that is deployed to Google App Engine or Google Compute Engine virtual machines.
Synopsis
- cloudSDKConfigDir :: String
- cloudSDKConfigPath :: MonadIO m => m FilePath
- defaultCredentialsFile :: String
- defaultCredentialsPath :: MonadIO m => m (Maybe FilePath)
- getApplicationDefault :: (MonadIO m, MonadCatch m) => Manager -> m (Credentials s)
- fromWellKnownPath :: (MonadIO m, MonadCatch m) => m (Credentials s)
- fromFilePath :: (MonadIO m, MonadCatch m) => FilePath -> m (Credentials s)
- saveAuthorizedUserToWellKnownPath :: (MonadIO m, MonadCatch m) => Bool -> AuthorizedUser -> m ()
- saveAuthorizedUser :: (MonadIO m, MonadCatch m) => FilePath -> Bool -> AuthorizedUser -> m ()
- fromJSONCredentials :: ByteString -> Either String (Credentials s)
- getConfigDirectory :: MonadIO m => m FilePath
Documentation
cloudSDKConfigDir :: String Source #
The environment variable name which is used to specify the directory
containing the application_default_credentials.json
generated by gcloud init
.
cloudSDKConfigPath :: MonadIO m => m FilePath Source #
Return the filepath to the Cloud SDK well known file location such as
~/.config/gcloud/application_default_credentials.json
.
defaultCredentialsFile :: String Source #
The environment variable pointing the file with local Application Default Credentials.
defaultCredentialsPath :: MonadIO m => m (Maybe FilePath) Source #
Lookup the GOOGLE_APPLICATION_CREDENTIALS
environment variable for the
default application credentials filepath.
getApplicationDefault :: (MonadIO m, MonadCatch m) => Manager -> m (Credentials s) Source #
Performs credentials discovery in the following order:
- Read the default credentials from a file specified by
the environment variable
GOOGLE_APPLICATION_CREDENTIALS
if it exists. - Read the platform equivalent of
~/.config/gcloud/application_default_credentials.json
if it exists. The~/.config
component of the path can be overriden by the environment variableCLOUDSDK_CONFIG
if it exists. - Retrieve the default service account application credentials if
running on GCE. The environment variable
NO_GCE_CHECK
can be used to skip this check if set to a truthy value such as1
ortrue
.
The specified Scope
s are used to authorize any service_account
that is
found with the appropriate OAuth2 scopes, otherwise they are not used. See the
top-level module of each individual gogol-*
library for a list of available
scopes, such as Network.Google.Compute.computeScope
.
fromWellKnownPath :: (MonadIO m, MonadCatch m) => m (Credentials s) Source #
Attempt to load either a service_account
or authorized_user
formatted
file to obtain the credentials neccessary to perform a token refresh.
The specified Scope
s are used to authorize any service_account
that is
found with the appropriate scopes, otherwise they are not used. See the
top-level module of each individual gogol-*
library for a list of available
scopes, such as Network.Google.Compute.computeScope
.
fromFilePath :: (MonadIO m, MonadCatch m) => FilePath -> m (Credentials s) Source #
Attempt to load either a service_account
or authorized_user
formatted
file to obtain the credentials neccessary to perform a token refresh from
the specified file.
The specified Scope
s are used to authorize any service_account
that is
found with the appropriate scopes, otherwise they are not used. See the
top-level module of each individual gogol-*
library for a list of available
scopes, such as Network.Google.Compute.computeScope
.
saveAuthorizedUserToWellKnownPath Source #
:: (MonadIO m, MonadCatch m) | |
=> Bool | Force to save if True |
-> AuthorizedUser | |
-> m () |
Save AuthorizedUser
See: cloudSDKConfigPath
, defaultCredentialsPath
.
:: (MonadIO m, MonadCatch m) | |
=> FilePath | |
-> Bool | Force to save if True |
-> AuthorizedUser | |
-> m () |
Save AuthorizedUser
fromJSONCredentials :: ByteString -> Either String (Credentials s) Source #
Attempt to parse either a service_account
or authorized_user
formatted
JSON value to obtain credentials.
getConfigDirectory :: MonadIO m => m FilePath Source #