X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f63bf8199f61a2dd3509cd68eca412770eb56885..5326f5c2a7fcd37e1e8d7da19406f81b881e1c99:/lib/google/api_client.rb diff --git a/lib/google/api_client.rb b/lib/google/api_client.rb index 32da5f9ebd..dd8be6ab02 100644 --- a/lib/google/api_client.rb +++ b/lib/google/api_client.rb @@ -12,56 +12,134 @@ # See the License for the specific language governing permissions and # limitations under the License. -require 'httpadapter' -require 'json' + +require 'faraday' +require 'multi_json' +require 'compat/multi_json' require 'stringio' +require 'retriable' +require 'google/api_client/version' +require 'google/api_client/logging' +require 'google/api_client/errors' +require 'google/api_client/environment' require 'google/api_client/discovery' +require 'google/api_client/request' +require 'google/api_client/reference' +require 'google/api_client/result' +require 'google/api_client/media' +require 'google/api_client/service_account' +require 'google/api_client/batch' +require 'google/api_client/gzip' +require 'google/api_client/client_secrets' +require 'google/api_client/railtie' if defined?(Rails::Railtie) module Google - # TODO(bobaman): Document all this stuff. ## - # This class manages communication with a single API. + # This class manages APIs communication. class APIClient + include Google::APIClient::Logging + ## - # An error which is raised when there is an unexpected response or other - # transport error that prevents an operation from succeeding. - class TransmissionError < StandardError - end - + # Creates a new Google API client. + # + # @param [Hash] options The configuration parameters for the client. + # @option options [Symbol, #generate_authenticated_request] :authorization + # (:oauth_1) + # The authorization mechanism used by the client. The following + # mechanisms are supported out-of-the-box: + #
:two_legged_oauth_1
:oauth_1
:oauth_2
Google::APIClient::Service
objects.
- def discovered_services
- return @discovered_services ||= (begin
- service_names = self.discovery_document['data'].keys()
- services = []
- for service_name in service_names
- versions = self.discovery_document['data'][service_name]
- for service_version in versions.keys()
- service_description =
- self.discovery_document['data'][service_name][service_version]
- services << ::Google::APIClient::Service.new(
- service_name,
- service_version,
- service_description
+ # Returns all APIs published in the directory document.
+ #
+ # @return [Array] The list of available APIs.
+ def discovered_apis
+ @directory_apis ||= (begin
+ document_base = self.directory_uri
+ if self.directory_document && self.directory_document['items']
+ self.directory_document['items'].map do |discovery_document|
+ Google::APIClient::API.new(
+ document_base,
+ discovery_document
)
end
+ else
+ []
end
- services
end)
end
##
# Returns the service object for a given service name and service version.
#
- # @param [String, Symbol] service_name The service name.
- # @param [String] service_version The desired version of the service.
+ # @param [String, Symbol] api The API name.
+ # @param [String] version The desired version of the API.
#
- # @return [Google::APIClient::Service] The service object.
- def discovered_service(service_name, service_version='v1')
- if !service_name.kind_of?(String) && !service_name.kind_of?(Symbol)
+ # @return [Google::APIClient::API] The service object.
+ def discovered_api(api, version=nil)
+ if !api.kind_of?(String) && !api.kind_of?(Symbol)
raise TypeError,
- "Expected String or Symbol, got #{service_name.class}."
+ "Expected String or Symbol, got #{api.class}."
end
- service_name = service_name.to_s
- for service in self.discovered_services
- if service.name == service_name &&
- service.version.to_s == service_version.to_s
- return service
+ api = api.to_s
+ version = version || 'v1'
+ return @discovered_apis["#{api}:#{version}"] ||= begin
+ document_base = self.discovery_uri(api, version)
+ discovery_document = self.discovery_document(api, version)
+ if document_base && discovery_document
+ Google::APIClient::API.new(
+ document_base,
+ discovery_document
+ )
+ else
+ nil
end
end
- return nil
end
##
# Returns the method object for a given RPC name and service version.
#
# @param [String, Symbol] rpc_name The RPC name of the desired method.
- # @param [String] service_version The desired version of the service.
+ # @param [String, Symbol] api The API the method is within.
+ # @param [String] version The desired version of the API.
#
# @return [Google::APIClient::Method] The method object.
- def discovered_method(rpc_name, service_version='v1')
+ def discovered_method(rpc_name, api, version=nil)
if !rpc_name.kind_of?(String) && !rpc_name.kind_of?(Symbol)
raise TypeError,
"Expected String or Symbol, got #{rpc_name.class}."
end
rpc_name = rpc_name.to_s
- for service in self.discovered_services
- # This looks kinda weird, but is not a real problem because there's
- # almost always only one service, and this is memoized anyhow.
- if service.version.to_s == service_version.to_s
- return service.to_h[rpc_name] if service.to_h[rpc_name]
- end
+ api = api.to_s
+ version = version || 'v1'
+ service = self.discovered_api(api, version)
+ if service.to_h[rpc_name]
+ return service.to_h[rpc_name]
+ else
+ return nil
end
- return nil
end
##
# Returns the service object with the highest version number.
#
- # Warning: This method should be used with great care. As APIs
- # are updated, minor differences between versions may cause
+ # @note Warning: This method should be used with great care.
+ # As APIs are updated, minor differences between versions may cause
# incompatibilities. Requesting a specific version will avoid this issue.
#
- # @param [String, Symbol] service_name The name of the service.
+ # @param [String, Symbol] api The name of the service.
#
- # @return [Google::APIClient::Service] The service object.
- def latest_service_version(service_name)
- if !service_name.kind_of?(String) && !service_name.kind_of?(Symbol)
+ # @return [Google::APIClient::API] The service object.
+ def preferred_version(api)
+ if !api.kind_of?(String) && !api.kind_of?(Symbol)
raise TypeError,
- "Expected String or Symbol, got #{service_name.class}."
+ "Expected String or Symbol, got #{api.class}."
+ end
+ api = api.to_s
+ return self.discovered_apis.detect do |a|
+ a.name == api && a.preferred == true
+ end
+ end
+
+ ##
+ # Verifies an ID token against a server certificate. Used to ensure that
+ # an ID token supplied by an untrusted client-side mechanism is valid.
+ # Raises an error if the token is invalid or missing.
+ #
+ # @deprecated Use the google-id-token gem for verifying JWTs
+ def verify_id_token!
+ require 'jwt'
+ require 'openssl'
+ @certificates ||= {}
+ if !self.authorization.respond_to?(:id_token)
+ raise ArgumentError, (
+ "Current authorization mechanism does not support ID tokens: " +
+ "#{self.authorization.class.to_s}"
+ )
+ elsif !self.authorization.id_token
+ raise ArgumentError, (
+ "Could not verify ID token, ID token missing. " +
+ "Scopes were: #{self.authorization.scope.inspect}"
+ )
+ else
+ check_cached_certs = lambda do
+ valid = false
+ for key, cert in @certificates
+ begin
+ self.authorization.decoded_id_token(cert.public_key)
+ valid = true
+ rescue JWT::DecodeError, Signet::UnsafeOperationError
+ # Expected exception. Ignore, ID token has not been validated.
+ end
+ end
+ valid
+ end
+ if check_cached_certs.call()
+ return true
+ end
+ response = self.execute!(
+ :http_method => :get,
+ :uri => 'https://www.googleapis.com/oauth2/v1/certs',
+ :authenticated => false
+ )
+ @certificates.merge!(
+ Hash[MultiJson.load(response.body).map do |key, cert|
+ [key, OpenSSL::X509::Certificate.new(cert)]
+ end]
+ )
+ if check_cached_certs.call()
+ return true
+ else
+ raise InvalidIDTokenError,
+ "Could not verify ID token against any available certificate."
+ end
end
- service_name = service_name.to_s
- return (self.discovered_services.select do |service|
- service.name == service_name
- end).sort.last
+ return nil
end
##
# Generates a request.
#
- # @param [Google::APIClient::Method, String] api_method
+ # @option options [Google::APIClient::Method] :api_method
# The method object or the RPC name of the method being executed.
- # @param [Hash, Array] parameters
+ # @option options [Hash, Array] :parameters
# The parameters to send to the method.
- # @param [String] body The body of the request.
- # @param [Hash, Array] headers The HTTP headers for the request.
- # @param [Hash] options
- # The configuration parameters for the request.
- # - :service_version
â
- # The service version. Only used if api_method
is a
- # String
. Defaults to 'v1'
.
- # - :parser
â
- # The parser for the response.
- # - :authorization
â
- # The authorization mechanism for the response. Used only if
- # :signed
is true
.
- # - :signed
â
- # true
if the request must be signed, false
- # otherwise. Defaults to true
if an authorization
- # mechanism has been set, false
otherwise.
- #
- # @return [Array] The generated request.
+ # @option options [Hash, Array] :headers The HTTP headers for the request.
+ # @option options [String] :body The body of the request.
+ # @option options [String] :version ("v1")
+ # The service version. Only used if `api_method` is a `String`.
+ # @option options [#generate_authenticated_request] :authorization
+ # The authorization mechanism for the response. Used only if
+ # `:authenticated` is `true`.
+ # @option options [TrueClass, FalseClass] :authenticated (true)
+ # `true` if the request must be signed or somehow
+ # authenticated, `false` otherwise.
+ #
+ # @return [Google::APIClient::Reference] The generated request.
#
# @example
# request = client.generate_request(
- # 'chili.activities.list',
- # {'scope' => '@self', 'userId' => '@me', 'alt' => 'json'}
+ # :api_method => 'plus.activities.list',
+ # :parameters =>
+ # {'collection' => 'public', 'userId' => 'me'}
# )
- # method, uri, headers, body = request
- def generate_request(
- api_method, parameters={}, body='', headers=[], options={})
- options={
- :parser => self.parser,
- :service_version => 'v1',
- :authorization => self.authorization
+ def generate_request(options={})
+ options = {
+ :api_client => self
}.merge(options)
- # The default value for the :signed option depends on whether an
- # authorization mechanism has been set.
- if options[:authorization]
- options = {:signed => true}.merge(options)
- else
- options = {:signed => false}.merge(options)
- end
- if api_method.kind_of?(String) || api_method.kind_of?(Symbol)
- api_method = self.discovered_method(
- api_method.to_s, options[:service_version]
- )
- elsif !api_method.kind_of?(::Google::APIClient::Method)
- raise TypeError,
- "Expected String, Symbol, or Google::APIClient::Method, " +
- "got #{api_method.class}."
- end
- unless api_method
- raise ArgumentError, "API method could not be found."
- end
- request = api_method.generate_request(parameters, body, headers)
- if options[:signed]
- request = self.sign_request(request, options[:authorization])
- end
- return request
+ return Google::APIClient::Request.new(options)
end
##
- # Generates a request and transmits it.
+ # Executes a request, wrapping it in a Result object.
#
- # @param [Google::APIClient::Method, String] api_method
- # The method object or the RPC name of the method being executed.
- # @param [Hash, Array] parameters
- # The parameters to send to the method.
- # @param [String] body The body of the request.
- # @param [Hash, Array] headers The HTTP headers for the request.
- # @param [Hash] options
- # The configuration parameters for the request.
- # - :service_version
â
- # The service version. Only used if api_method
is a
- # String
. Defaults to 'v1'
.
- # - :adapter
â
- # The HTTP adapter.
- # - :parser
â
- # The parser for the response.
- # - :authorization
â
- # The authorization mechanism for the response. Used only if
- # :signed
is true
.
- # - :signed
â
- # true
if the request must be signed, false
- # otherwise. Defaults to true
.
- #
- # @return [Array] The response from the API.
+ # @param [Google::APIClient::Request, Hash, Array] params
+ # Either a Google::APIClient::Request, a Hash, or an Array.
+ #
+ # If a Google::APIClient::Request, no other parameters are expected.
+ #
+ # If a Hash, the below parameters are handled. If an Array, the
+ # parameters are assumed to be in the below order:
+ #
+ # - (Google::APIClient::Method) api_method:
+ # The method object or the RPC name of the method being executed.
+ # - (Hash, Array) parameters:
+ # The parameters to send to the method.
+ # - (String) body: The body of the request.
+ # - (Hash, Array) headers: The HTTP headers for the request.
+ # - (Hash) options: A set of options for the request, of which:
+ # - (#generate_authenticated_request) :authorization (default: true) -
+ # The authorization mechanism for the response. Used only if
+ # `:authenticated` is `true`.
+ # - (TrueClass, FalseClass) :authenticated (default: true) -
+ # `true` if the request must be signed or somehow
+ # authenticated, `false` otherwise.
+ # - (TrueClass, FalseClass) :gzip (default: true) -
+ # `true` if gzip enabled, `false` otherwise.
+ # - (FixNum) :retries -
+ # # of times to retry on recoverable errors
+ #
+ # @return [Google::APIClient::Result] The result from the API, nil if batch.
+ #
+ # @example
+ # result = client.execute(batch_request)
#
# @example
- # response = client.execute(
- # 'chili.activities.list',
- # {'scope' => '@self', 'userId' => '@me', 'alt' => 'json'}
+ # plus = client.discovered_api('plus')
+ # result = client.execute(
+ # :api_method => plus.activities.list,
+ # :parameters => {'collection' => 'public', 'userId' => 'me'}
# )
- # status, headers, body = response
- def execute(api_method, parameters={}, body='', headers=[], options={})
- request = self.generate_request(
- api_method, parameters, body, headers, options
- )
- return self.transmit_request(
- request,
- options[:adapter] || self.http_adapter
- )
+ #
+ # @see Google::APIClient#generate_request
+ def execute!(*params)
+ if params.first.kind_of?(Google::APIClient::Request)
+ request = params.shift
+ options = params.shift || {}
+ else
+ # This block of code allows us to accept multiple parameter passing
+ # styles, and maintaining some backwards compatibility.
+ #
+ # Note: I'm extremely tempted to deprecate this style of execute call.
+ if params.last.respond_to?(:to_hash) && params.size == 1
+ options = params.pop
+ else
+ options = {}
+ end
+
+ options[:api_method] = params.shift if params.size > 0
+ options[:parameters] = params.shift if params.size > 0
+ options[:body] = params.shift if params.size > 0
+ options[:headers] = params.shift if params.size > 0
+ options.update(params.shift) if params.size > 0
+ request = self.generate_request(options)
+ end
+
+ request.headers['User-Agent'] ||= '' + self.user_agent unless self.user_agent.nil?
+ request.headers['Accept-Encoding'] ||= 'gzip' unless options[:gzip] == false
+ request.headers['Content-Type'] ||= ''
+ request.parameters['key'] ||= self.key unless self.key.nil?
+ request.parameters['userIp'] ||= self.user_ip unless self.user_ip.nil?
+
+ connection = options[:connection] || self.connection
+ request.authorization = options[:authorization] || self.authorization unless options[:authenticated] == false
+ tries = 1 + (options[:retries] || self.retries)
+ Retriable.retriable :tries => tries,
+ :on => [TransmissionError],
+ :interval => lambda {|attempts| (2 ** attempts) + rand} do
+ result = request.send(connection, true)
+
+ case result.status
+ when 200...300
+ result
+ when 301, 302, 303, 307
+ request = generate_request(request.to_hash.merge({
+ :uri => result.headers['location'],
+ :api_method => nil
+ }))
+ raise RedirectError.new(result.headers['location'], result)
+ when 400...500
+ if result.status == 401 && request.authorization.respond_to?(:refresh_token) && auto_refresh_token
+ begin
+ logger.debug("Attempting refresh of access token & retry of request")
+ request.authorization.fetch_access_token!
+ rescue Signet::AuthorizationError
+ # Ignore since we want the original error
+ end
+ end
+ raise ClientError.new(result.error_message || "A client error has occurred", result)
+ when 500...600
+ raise ServerError.new(result.error_message || "A server error has occurred", result)
+ else
+ raise TransmissionError.new(result.error_message || "A transmission error has occurred", result)
+ end
+ end
end
##
- # Transmits the request using the current HTTP adapter.
- #
- # @param [Array] request The request to transmit.
- # @param [#transmit] adapter The HTTP adapter.
+ # Same as Google::APIClient#execute!, but does not raise an exception for
+ # normal API errros.
#
- # @return [Array] The response from the server.
- def transmit_request(request, adapter=self.http_adapter)
- ::HTTPAdapter.transmit(request, adapter)
+ # @see Google::APIClient#execute
+ def execute(*params)
+ begin
+ return self.execute!(*params)
+ rescue TransmissionError => e
+ return e.result
+ end
end
+ protected
+
##
- # Signs a request using the current authorization mechanism.
+ # Resolves a URI template against the client's configured base.
#
- # @param [Array] request The request to sign.
- # @param [#generate_authenticated_request] authorization
- # The authorization mechanism.
- #
- # @return [Array] The signed request.
- def sign_request(request, authorization=self.authorization)
- return authorization.generate_authenticated_request(
- :request => request
- )
+ # @api private
+ # @param [String, Addressable::URI, Addressable::Template] template
+ # The template to resolve.
+ # @param [Hash] mapping The mapping that corresponds to the template.
+ # @return [Addressable::URI] The expanded URI.
+ def resolve_uri(template, mapping={})
+ @base_uri ||= Addressable::URI.new(
+ :scheme => 'https',
+ :host => self.host,
+ :port => self.port
+ ).normalize
+ template = if template.kind_of?(Addressable::Template)
+ template.pattern
+ elsif template.respond_to?(:to_str)
+ template.to_str
+ else
+ raise TypeError,
+ "Expected String, Addressable::URI, or Addressable::Template, " +
+ "got #{template.class}."
+ end
+ return Addressable::Template.new(@base_uri + template).expand(mapping)
end
+
end
+
end
require 'google/api_client/version'