aws-google 0.1.6 → 0.1.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 00e6b5cf021f6b08503bc04f4359fa58028ebd227d0e12e66308af77f5613ba4
4
- data.tar.gz: 971a4987281b9e2971574b590edba32a8522f061997cc20098ffa83e42216dac
3
+ metadata.gz: 25371a240ad0f397fa6b6d1c08d571727a175b85c71acae57c82b2d0b73051b9
4
+ data.tar.gz: ecd47df8e628731cbea7bf73a7f9f3f345b9c0e1cfc57240a8f3a4207661f19a
5
5
  SHA512:
6
- metadata.gz: 71812e0486feddadacbff23840630334a9fb29466427542c0da9d2fd36184e3694bea4681ac708c2822fcf43c2ce1829adc530311ede86523359a96c78519205
7
- data.tar.gz: d14acf9b9493d55e4ef4b10465a17f6e9cda6fd0bdaef5886a757e078a434ccac9f3faef51689bdc037cb8b5828a947788f0f24640e18039f4365597d1a2805a
6
+ metadata.gz: '095dcb8792f238c989aa38b904bbd334f16797c0665c6676d37e8e2d1cdaae607ae62084234269a6d0c8218815c1e2bc002b54f80c665c5063f2ee8bb2bc378c'
7
+ data.tar.gz: f232a36de7e36b7b846a5c5b0f3950bcfdb57e7b5e50705829beb976e76e557fb453831649a66ec73004fe525ecdcbf6e57cf604e679a445ba6edd6dfb5ad28b
data/README.md CHANGED
@@ -20,8 +20,11 @@ Or install it yourself as:
20
20
 
21
21
  ## Usage
22
22
 
23
- - Visit the [Google API Console](https://console.developers.google.com/) to create/obtain OAuth 2.0 Client ID credentials (client ID and client secret) for an application in your Google account.
24
- - Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy) ([`AssumeRolePolicyDocument`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html)) allowing the [`sts:AssumeRoleWithWebIdentity`](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) action with [Web Identity Federation condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif) authorizing
23
+ ### Create a Google Client ID
24
+ Visit the [Google API Console](https://console.developers.google.com/) to create/obtain [OAuth 2.0 Client ID credentials](https://support.google.com/cloud/answer/6158849) (client ID and client secret) for an application in your Google account.
25
+
26
+ ### Create an AWS IAM Role
27
+ Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy) ([`AssumeRolePolicyDocument`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html)) allowing the [`sts:AssumeRoleWithWebIdentity`](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) action with [Web Identity Federation condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif) authorizing
25
28
  your Google Client ID (`accounts.google.com:aud`) and a specific set of Google Account IDs (`accounts.google.com:sub`):
26
29
 
27
30
  ```json
@@ -48,7 +51,8 @@ your Google Client ID (`accounts.google.com:aud`) and a specific set of Google A
48
51
  }
49
52
  ```
50
53
 
51
- - In your Ruby code, construct an `Aws::Google` object by passing the AWS `role_arn`, Google `client_id` and `client_secret`, either as constructor arguments or via the `Aws::Google.config` global defaults:
54
+ ### Method 1: `Aws::Google`
55
+ In your Ruby code, construct an `Aws::Google` object by passing the AWS `role_arn`, Google `client_id` and `client_secret`, either as constructor arguments or via the `Aws::Google.config` global defaults:
52
56
  ```ruby
53
57
  require 'aws/google'
54
58
 
@@ -67,6 +71,7 @@ Aws::Google.config = options
67
71
  puts Aws::STS::Client.new.get_caller_identity
68
72
  ```
69
73
 
74
+ ### Method 2: AWS Shared Config
70
75
  - Or, add the properties to your AWS config profile ([`~/.aws/config`](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where)) to use Google as the AWS credential provider without any changes to your application code:
71
76
 
72
77
  ```ini
@@ -78,7 +83,7 @@ google =
78
83
  credential_process = aws-google
79
84
  ```
80
85
 
81
- The extra `credential_process` config line tells AWS to [Source Credentials with an External Process](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html), in this case the `aws-google` script, which allows you to seamlessly use the same Google login configuration from non-Ruby SDKs (like the CLI).
86
+ The extra `credential_process` config line tells AWS to [Source Credentials with an External Process](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html), in this case the `aws-google` executable script installed by this gem, which allows you to seamlessly use the same Google login configuration from non-Ruby SDKs (like the CLI).
82
87
 
83
88
  ## Development
84
89
 
data/aws-google.gemspec CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
22
  spec.require_paths = ['lib']
23
23
 
24
- spec.add_dependency 'aws-sdk-core', '~> 3'
24
+ spec.add_dependency 'aws-sdk-core', '~> 3.130'
25
25
  spec.add_dependency 'google-api-client', '~> 0.23'
26
26
  spec.add_dependency 'launchy', '~> 2'
27
27
 
@@ -23,9 +23,9 @@ module Aws
23
23
  end
24
24
 
25
25
  def refresh_if_near_expiration
26
- if near_expiration?
26
+ if near_expiration?(SYNC_EXPIRATION_LENGTH)
27
27
  @mutex.synchronize do
28
- if near_expiration?
28
+ if near_expiration?(SYNC_EXPIRATION_LENGTH)
29
29
  refresh
30
30
  write_credentials
31
31
  end
@@ -22,14 +22,17 @@ module Aws
22
22
 
23
23
  module GoogleSharedCredentials
24
24
  def google_credentials_from_config(opts = {})
25
- p = opts[:profile] || @profile_name
25
+ google_opts = {}
26
26
  if @config_enabled && @parsed_config
27
- google_opts = @parsed_config.
27
+ p = opts[:profile] || @profile_name
28
+ google_opts.merge!(@parsed_config.
28
29
  fetch(p, {}).fetch('google', {}).
29
30
  transform_keys(&:to_sym)
30
- if google_opts.merge(::Aws::Google.config).has_key?(:role_arn)
31
- Google.new(google_opts)
32
- end
31
+ )
32
+ end
33
+ google_opts.merge!(::Aws::Google.config)
34
+ if google_opts.has_key?(:role_arn)
35
+ Google.new(google_opts)
33
36
  end
34
37
  end
35
38
  end
@@ -1,5 +1,5 @@
1
1
  module Aws
2
2
  class Google
3
- VERSION = '0.1.6'.freeze
3
+ VERSION = '0.1.8'.freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.6
4
+ version: 0.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Will Jordan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-08 00:00:00.000000000 Z
11
+ date: 2022-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '3'
19
+ version: '3.130'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '3'
26
+ version: '3.130'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: google-api-client
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -178,7 +178,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
178
178
  - !ruby/object:Gem::Version
179
179
  version: '0'
180
180
  requirements: []
181
- rubygems_version: 3.1.2
181
+ rubygems_version: 3.1.6
182
182
  signing_key:
183
183
  specification_version: 4
184
184
  summary: Use Google OAuth as an AWS credential provider