require 'google/api_client/service_account'
require 'google/api_client/batch'
require 'google/api_client/gzip'
+require 'google/api_client/charset'
require 'google/api_client/client_secrets'
require 'google/api_client/railtie' if defined?(Rails)
# This class manages APIs communication.
class APIClient
include Google::APIClient::Logging
-
+
##
# Creates a new Google API client.
#
# <li><code>:two_legged_oauth_1</code></li>
# <li><code>:oauth_1</code></li>
# <li><code>:oauth_2</code></li>
+ # <li><code>:google_app_default</code></li>
# </ul>
# @option options [Boolean] :auto_refresh_token (true)
# The setting that controls whether or not the api client attempts to
- # refresh authorization when a 401 is hit in #execute. If the token does
+ # refresh authorization when a 401 is hit in #execute. If the token does
# not support it, this option is ignored.
# @option options [String] :application_name
# The name of the application using the client.
+ # @option options [String | Array | nil] :scope
+ # The scope(s) used when using google application default credentials
# @option options [String] :application_version
# The version number of the application using the client.
# @option options [String] :user_agent
# @option options [String] :ca_file
# Optional set of root certificates to use when validating SSL connections.
# By default, a bundled set of trusted roots will be used.
+ # @options options[Hash] :force_encoding
+ # Experimental option. True if response body should be force encoded into the charset
+ # specified in the Content-Type header. Mostly intended for compressed content.
+ # @options options[Hash] :faraday_options
+ # Pass through of options to set on the Faraday connection
def initialize(options={})
logger.debug { "#{self.class} - Initializing client with options #{options}" }
-
+
# Normalize key to String to allow indifferent access.
options = options.inject({}) do |accu, (key, value)|
accu[key.to_sym] = value
else
logger.warn { "#{self.class} - Please provide :application_name and :application_version when initializing the client" }
end
+
+ proxy = options[:proxy] || Object::ENV["http_proxy"]
+
self.user_agent = options[:user_agent] || (
"#{application_string} " +
- "google-api-ruby-client/#{Google::APIClient::VERSION::STRING} #{ENV::OS_VERSION} (gzip)"
+ "google-api-ruby-client/#{Google::APIClient::VERSION::STRING} #{ENV::OS_VERSION}".strip + " (gzip)"
).strip
# The writer method understands a few Symbols and will generate useful
# default authentication mechanisms.
self.authorization =
options.key?(:authorization) ? options[:authorization] : :oauth_2
+ if !options['scope'].nil? and self.authorization.respond_to?(:scope=)
+ self.authorization.scope = options['scope']
+ end
self.auto_refresh_token = options.fetch(:auto_refresh_token) { true }
self.key = options[:key]
self.user_ip = options[:user_ip]
self.retries = options.fetch(:retries) { 0 }
+ self.expired_auth_retry = options.fetch(:expired_auth_retry) { true }
@discovery_uris = {}
@discovery_documents = {}
@discovered_apis = {}
ca_file = options[:ca_file] || File.expand_path('../../cacerts.pem', __FILE__)
self.connection = Faraday.new do |faraday|
+ faraday.response :charset if options[:force_encoding]
faraday.response :gzip
faraday.options.params_encoder = Faraday::FlatParamsEncoder
faraday.ssl.ca_file = ca_file
faraday.ssl.verify = true
+ if faraday.respond_to?(:proxy=)
+ # faraday >= 0.6.2
+ faraday.proxy = proxy
+ else
+ # older versions of faraday
+ faraday.proxy proxy
+ end
faraday.adapter Faraday.default_adapter
+ if options[:faraday_option].is_a?(Hash)
+ options[:faraday_option].each_pair do |option, value|
+ faraday.options.send("#{option}=", value)
+ end
+ end
end
return self
end
:client_credential_secret => nil,
:two_legged => true
)
+ when :google_app_default
+ require 'googleauth'
+ new_authorization = Google::Auth.get_application_default
+
when :oauth_2
require 'signet/oauth_2/client'
# NOTE: Do not rely on this default value, as it may change
##
# The setting that controls whether or not the api client attempts to
- # refresh authorization when a 401 is hit in #execute.
+ # refresh authorization when a 401 is hit in #execute.
#
# @return [Boolean]
attr_accessor :auto_refresh_token
##
# Number of times to retry on recoverable errors
- #
+ #
# @return [FixNum]
# Number of retries
attr_accessor :retries
+ ##
+ # Whether or not an expired auth token should be re-acquired
+ # (and the operation retried) regardless of retries setting
+ # @return [Boolean]
+ # Auto retry on auth expiry
+ attr_accessor :expired_auth_retry
+
##
# Returns the URI for the directory document.
#
# @param [String, Symbol] api The API name.
# @param [String] version The desired version of the API.
# @param [Addressable::URI] uri The URI of the discovery document.
+ # @return [Google::APIClient::API] The service object.
def register_discovery_uri(api, version, uri)
api = api.to_s
version = version || 'v1'
@discovery_uris["#{api}:#{version}"] = uri
+ discovered_api(api, version)
end
##
# @param [String] version The desired version of the API.
# @param [String, StringIO] discovery_document
# The contents of the discovery document.
+ # @return [Google::APIClient::API] The service object.
def register_discovery_document(api, version, discovery_document)
api = api.to_s
version = version || 'v1'
end
@discovery_documents["#{api}:#{version}"] =
MultiJson.load(discovery_document)
+ discovered_api(api, version)
end
##
# Verifies an ID token against a server certificate. Used to ensure that
# an ID token supplied by an untrusted client-side mechanism is valid.
# Raises an error if the token is invalid or missing.
- #
+ #
# @deprecated Use the google-id-token gem for verifying JWTs
def verify_id_token!
require 'jwt'
else
check_cached_certs = lambda do
valid = false
- for key, cert in @certificates
+ for _key, cert in @certificates
begin
self.authorization.decoded_id_token(cert.public_key)
valid = true
# - (TrueClass, FalseClass) :authenticated (default: true) -
# `true` if the request must be signed or somehow
# authenticated, `false` otherwise.
- # - (TrueClass, FalseClass) :gzip (default: true) -
+ # - (TrueClass, FalseClass) :gzip (default: true) -
# `true` if gzip enabled, `false` otherwise.
# - (FixNum) :retries -
# # of times to retry on recoverable errors
options.update(params.shift) if params.size > 0
request = self.generate_request(options)
end
-
+
request.headers['User-Agent'] ||= '' + self.user_agent unless self.user_agent.nil?
request.headers['Accept-Encoding'] ||= 'gzip' unless options[:gzip] == false
request.headers['Content-Type'] ||= ''
connection = options[:connection] || self.connection
request.authorization = options[:authorization] || self.authorization unless options[:authenticated] == false
-
+
tries = 1 + (options[:retries] || self.retries)
+ attempt = 0
- Retriable.retriable :tries => tries,
+ Retriable.retriable :tries => tries,
:on => [TransmissionError],
- :on_retry => client_error_handler(request.authorization),
+ :on_retry => client_error_handler,
:interval => lambda {|attempts| (2 ** attempts) + rand} do
- result = request.send(connection, true)
-
- case result.status
- when 200...300
- result
- when 301, 302, 303, 307
- request = generate_request(request.to_hash.merge({
- :uri => result.headers['location'],
- :api_method => nil
- }))
- raise RedirectError.new(result.headers['location'], result)
- when 400...500
- raise ClientError.new(result.error_message || "A client error has occurred", result)
- when 500...600
- raise ServerError.new(result.error_message || "A server error has occurred", result)
- else
- raise TransmissionError.new(result.error_message || "A transmission error has occurred", result)
+ attempt += 1
+
+ # This 2nd level retriable only catches auth errors, and supports 1 retry, which allows
+ # auth to be re-attempted without having to retry all sorts of other failures like
+ # NotFound, etc
+ Retriable.retriable :tries => ((expired_auth_retry || tries > 1) && attempt == 1) ? 2 : 1,
+ :on => [AuthorizationError],
+ :on_retry => authorization_error_handler(request.authorization) do
+ result = request.send(connection, true)
+
+ case result.status
+ when 200...300
+ result
+ when 301, 302, 303, 307
+ request = generate_request(request.to_hash.merge({
+ :uri => result.headers['location'],
+ :api_method => nil
+ }))
+ raise RedirectError.new(result.headers['location'], result)
+ when 401
+ raise AuthorizationError.new(result.error_message || 'Invalid/Expired Authentication', result)
+ when 400, 402...500
+ raise ClientError.new(result.error_message || "A client error has occurred", result)
+ when 500...600
+ raise ServerError.new(result.error_message || "A server error has occurred", result)
+ else
+ raise TransmissionError.new(result.error_message || "A transmission error has occurred", result)
+ end
end
end
end
end
return Addressable::Template.new(@base_uri + template).expand(mapping)
end
-
+
##
- # Returns on proc for special processing of retries as not all client errors
- # are recoverable. Only 401s should be retried and only if the credentials
- # are refreshable
+ # Returns on proc for special processing of retries for authorization errors
+ # Only 401s should be retried and only if the credentials are refreshable
#
# @param [#fetch_access_token!] authorization
# OAuth 2 credentials
- # @return [Proc]
- def client_error_handler(authorization)
- can_refresh = authorization.respond_to?(:refresh_token) && auto_refresh_token
+ # @return [Proc]
+ def authorization_error_handler(authorization)
+ can_refresh = authorization.respond_to?(:refresh_token) && auto_refresh_token
Proc.new do |exception, tries|
- next unless exception.kind_of?(ClientError)
- if exception.result.status == 401 && can_refresh && tries == 1
+ next unless exception.kind_of?(AuthorizationError)
+ if can_refresh
begin
logger.debug("Attempting refresh of access token & retry of request")
authorization.fetch_access_token!
end
end
+ ##
+ # Returns on proc for special processing of retries as not all client errors
+ # are recoverable. Only 401s should be retried (via authorization_error_handler)
+ #
+ # @return [Proc]
+ def client_error_handler
+ Proc.new do |exception, tries|
+ raise exception if exception.kind_of?(ClientError)
+ end
+ end
+
end
-end
\ No newline at end of file
+end
projects / arvados.git / blobdiff