From 390aca925d89aa919946e6ef6c2958e0cf96c938 Mon Sep 17 00:00:00 2001
From: Mike Moore <mike@blowmage.com>
Date: Tue, 24 Mar 2015 11:54:07 -0600
Subject: [PATCH] Support Google Cloud Engine credentials

The googleauth library is now used by google_api_client, and it supports
resolving the application default settings from ENV and from GCE.
---
 lib/gcloud/credentials.rb | 60 ++++++++++++++++++++++++---------------
 1 file changed, 37 insertions(+), 23 deletions(-)

diff --git a/lib/gcloud/credentials.rb b/lib/gcloud/credentials.rb
index 22d6e0dfeecf..18bf9bf4d491 100644
--- a/lib/gcloud/credentials.rb
+++ b/lib/gcloud/credentials.rb
@@ -15,6 +15,7 @@
 require "json"
 require "signet/oauth_2/client"
 require "forwardable"
+require "googleauth"
 
 module Gcloud
   ##
@@ -37,19 +38,12 @@ class Credentials #:nodoc:
                    :scope, :issuer, :signing_key
 
     def initialize keyfile, options = {}
-      if keyfile.nil?
-        fail "You must provide a keyfile to connect with."
-      elsif !::File.file?(keyfile)
-        fail "The keyfile '#{keyfile}' is not a valid file."
+      if keyfile.is_a? Signet::OAuth2::Client
+        @client = keyfile
+      else
+        @client = init_client keyfile, options
       end
-
-      # Turn keys to strings
-      options = stringify_hash_keys options
-      # Constructor options override default options
-      options = default_options.merge options
-      # Keyfile options override everything
-      options = options.merge JSON.parse(::File.read(keyfile))
-      init_signet_client! options
+      @client.fetch_access_token!
     end
 
     ##
@@ -61,7 +55,8 @@ def self.default
         return new keyfile if ::File.file? keyfile
       end
       return new sdk_default_creds if ::File.file? sdk_default_creds
-      nil
+      client = Google::Auth.get_application_default self::SCOPE
+      new client
     end
 
     ##
@@ -78,6 +73,24 @@ def self.sdk_default_creds #:nodoc:
 
     protected
 
+    ##
+    # Initializes the Signet client.
+    def init_client keyfile, options
+      verify_keyfile! keyfile
+      client_opts = client_options keyfile, options
+      Signet::OAuth2::Client.new client_opts
+    end
+
+    ##
+    # Initializes the Signet client.
+    def verify_keyfile! keyfile
+      if keyfile.nil?
+        fail "You must provide a keyfile to connect with."
+      elsif !::File.file?(keyfile)
+        fail "The keyfile '#{keyfile}' is not a valid file."
+      end
+    end
+
     ##
     # returns a new Hash with string keys instead of symbol keys.
     def stringify_hash_keys hash
@@ -92,19 +105,20 @@ def default_options
         "scope"                => self.class::SCOPE }
     end
 
-    ##
-    # Initializes the Signet client.
-    def init_signet_client! options
-      client_opts = {
-        token_credential_uri: options["token_credential_uri"],
+    def client_options keyfile, options
+      # Turn keys to strings
+      options = stringify_hash_keys options
+      # Constructor options override default options
+      options = default_options.merge options
+      # Keyfile options override everything
+      options = options.merge JSON.parse(::File.read(keyfile))
+
+      # client options for initializing signet client
+      { token_credential_uri: options["token_credential_uri"],
         audience: options["audience"],
         scope: options["scope"],
         issuer: options["client_email"],
-        signing_key: OpenSSL::PKey::RSA.new(options["private_key"])
-      }
-
-      @client = Signet::OAuth2::Client.new client_opts
-      @client.fetch_access_token!
+        signing_key: OpenSSL::PKey::RSA.new(options["private_key"]) }
     end
   end
 end