aws-google 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/aws/google.rb +46 -13
- data/lib/aws/google/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 03312ea0556bae7f422a1b33b26200316b1367c49c3953ee980595b8252417b3
|
4
|
+
data.tar.gz: e2df7bb3a34014e0d8ff13157b53d6834a39cc0c0fc15933245f56b09ecfcd1e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce872352fc5b0c54fe89cfceb87b94222e134cc8369d504302d8c0aa55a790cb03c9ffd281e7e70800ebba3bc18147f5ce39e856e3800c5969587170637ad156
|
7
|
+
data.tar.gz: b349a3bfd15fff12184eb70ba32082238f792532d7cf49bae7de33e47039a818d1d7dad2fd19f360d52fae5bc654dfc095021992d891b4cf4bb9f373072a334f
|
data/README.md
CHANGED
@@ -52,6 +52,8 @@ by your Google Client ID and a specific set of Google Account IDs:
|
|
52
52
|
|
53
53
|
- In your Ruby code, construct an `Aws::Google` object by passing in the AWS role, client id and client secret:
|
54
54
|
```ruby
|
55
|
+
require 'aws/google'
|
56
|
+
|
55
57
|
aws_role = 'arn:aws:iam::[AccountID]:role/[Role]'
|
56
58
|
client_id = '123456789012-abcdefghijklmnopqrstuvwzyz0123456.apps.googleusercontent.com'
|
57
59
|
client_secret = '01234567890abcdefghijklmn'
|
data/lib/aws/google.rb
CHANGED
@@ -38,6 +38,8 @@ module Aws
|
|
38
38
|
# @option options [String] :domain G Suite domain for account-selection hint
|
39
39
|
# @option options [String] :online if `true` only a temporary access token will be provided,
|
40
40
|
# a long-lived refresh token will not be created and stored on the filesystem.
|
41
|
+
# @option options [String] :port port for local server to listen on to capture oauth browser redirect.
|
42
|
+
# Defaults to an out-of-band authentication process.
|
41
43
|
# @option options [::Google::Auth::ClientId] :google_id
|
42
44
|
def initialize(options = {})
|
43
45
|
@oauth_attempted = false
|
@@ -54,6 +56,7 @@ module Aws
|
|
54
56
|
@client = options[:client] || Aws::STS::Client.new(credentials: nil)
|
55
57
|
@domain = options[:domain]
|
56
58
|
@online = options[:online]
|
59
|
+
@port = options[:port]
|
57
60
|
|
58
61
|
# Use existing AWS credentials stored in the shared config if available.
|
59
62
|
# If this is `nil` or expired, #refresh will be called on the first AWS API service call
|
@@ -96,20 +99,50 @@ module Aws
|
|
96
99
|
uri_options[:hd] = @domain if @domain
|
97
100
|
uri_options[:access_type] = 'online' if @online
|
98
101
|
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
102
|
+
credentials = ::Google::Auth::UserRefreshCredentials.new(options)
|
103
|
+
credentials.code = get_oauth_code(credentials, uri_options)
|
104
|
+
credentials.fetch_access_token!
|
105
|
+
credentials.tap(&storage.method(:write_credentials))
|
106
|
+
end
|
107
|
+
|
108
|
+
def get_oauth_code(client, options)
|
109
|
+
raise 'fallback' unless @port
|
110
|
+
require 'launchy'
|
111
|
+
require 'webrick'
|
112
|
+
code = nil
|
113
|
+
server = WEBrick::HTTPServer.new(
|
114
|
+
Port: @port,
|
115
|
+
Logger: WEBrick::Log.new(STDOUT, 0),
|
116
|
+
AccessLog: []
|
117
|
+
)
|
118
|
+
server.mount_proc '/' do |req, res|
|
119
|
+
code = req.query['code']
|
120
|
+
res.status = 202
|
121
|
+
res.body = 'Login successful, you may close this browser window.'
|
122
|
+
server.stop
|
112
123
|
end
|
124
|
+
trap('INT') { server.shutdown }
|
125
|
+
client.redirect_uri = "http://localhost:#{@port}"
|
126
|
+
launchy = Launchy.open(client.authorization_uri(options).to_s)
|
127
|
+
server_thread = Thread.new do
|
128
|
+
begin
|
129
|
+
server.start
|
130
|
+
ensure server.shutdown
|
131
|
+
end
|
132
|
+
end
|
133
|
+
while server_thread.alive?
|
134
|
+
raise 'fallback' if !launchy.alive? && !launchy.value.success?
|
135
|
+
sleep 0.1
|
136
|
+
end
|
137
|
+
code || raise('fallback')
|
138
|
+
rescue StandardError
|
139
|
+
trap('INT', 'DEFAULT')
|
140
|
+
# Fallback to out-of-band authentication if browser launch failed.
|
141
|
+
client.redirect_uri = 'oob'
|
142
|
+
url = client.authorization_uri(options)
|
143
|
+
print "\nOpen the following URL in a browser and enter the " \
|
144
|
+
"resulting code after authorization:\n#{url}\n> "
|
145
|
+
gets
|
113
146
|
end
|
114
147
|
|
115
148
|
def refresh
|
data/lib/aws/google/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Will Jordan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-02-
|
11
|
+
date: 2019-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|