fog-google 1.8.2 → 1.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.fog.example +1 -3
- data/.rubocop.yml +3 -3
- data/.travis.yml +5 -3
- data/CHANGELOG.md +126 -2
- data/CONTRIBUTING.md +0 -1
- data/README.md +59 -8
- data/SECURITY.md +16 -0
- data/ci/README.md +8 -8
- data/ci/build-head-pipeline.yml +173 -0
- data/ci/credentials.yml.template +0 -2
- data/ci/docker-image/Dockerfile +3 -3
- data/ci/{pipeline.yml → integration-pipeline.yml} +0 -33
- data/ci/pipeline-dev.yml +58 -0
- data/ci/tasks/run-int.sh +20 -3
- data/ci/tasks/run-int.yml +3 -1
- data/examples/sql/flags.rb +10 -6
- data/examples/sql/instances.rb +38 -34
- data/examples/sql/operations.rb +20 -16
- data/examples/sql/ssl_certs.rb +32 -28
- data/examples/sql/tiers.rb +10 -6
- data/fog-google.gemspec +3 -3
- data/lib/fog/compute/google.rb +5 -5
- data/lib/fog/compute/google/mock.rb +2 -1
- data/lib/fog/compute/google/models/address.rb +15 -2
- data/lib/fog/compute/google/models/disk.rb +6 -2
- data/lib/fog/compute/google/models/images.rb +6 -1
- data/lib/fog/compute/google/models/instance_groups.rb +2 -2
- data/lib/fog/compute/google/models/server.rb +33 -9
- data/lib/fog/compute/google/real.rb +2 -1
- data/lib/fog/compute/google/requests/abandon_instances.rb +2 -0
- data/lib/fog/compute/google/requests/add_backend_service_backends.rb +2 -0
- data/lib/fog/compute/google/requests/add_instance_group_instances.rb +2 -0
- data/lib/fog/compute/google/requests/add_server_access_config.rb +2 -0
- data/lib/fog/compute/google/requests/add_target_pool_health_checks.rb +2 -0
- data/lib/fog/compute/google/requests/add_target_pool_instances.rb +2 -0
- data/lib/fog/compute/google/requests/attach_disk.rb +2 -0
- data/lib/fog/compute/google/requests/create_disk_snapshot.rb +2 -0
- data/lib/fog/compute/google/requests/delete_address.rb +2 -0
- data/lib/fog/compute/google/requests/delete_backend_service.rb +2 -0
- data/lib/fog/compute/google/requests/delete_disk.rb +2 -0
- data/lib/fog/compute/google/requests/delete_firewall.rb +2 -0
- data/lib/fog/compute/google/requests/delete_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/delete_global_address.rb +2 -0
- data/lib/fog/compute/google/requests/delete_global_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/delete_global_operation.rb +2 -0
- data/lib/fog/compute/google/requests/delete_http_health_check.rb +2 -0
- data/lib/fog/compute/google/requests/delete_image.rb +2 -0
- data/lib/fog/compute/google/requests/delete_instance_group.rb +2 -0
- data/lib/fog/compute/google/requests/delete_instance_group_manager.rb +2 -0
- data/lib/fog/compute/google/requests/delete_instance_template.rb +2 -0
- data/lib/fog/compute/google/requests/delete_network.rb +2 -0
- data/lib/fog/compute/google/requests/delete_region_operation.rb +2 -0
- data/lib/fog/compute/google/requests/delete_route.rb +2 -0
- data/lib/fog/compute/google/requests/delete_server.rb +2 -0
- data/lib/fog/compute/google/requests/delete_server_access_config.rb +2 -0
- data/lib/fog/compute/google/requests/delete_snapshot.rb +2 -0
- data/lib/fog/compute/google/requests/delete_ssl_certificate.rb +2 -0
- data/lib/fog/compute/google/requests/delete_subnetwork.rb +2 -0
- data/lib/fog/compute/google/requests/delete_target_http_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/delete_target_https_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/delete_target_instance.rb +2 -0
- data/lib/fog/compute/google/requests/delete_target_pool.rb +2 -0
- data/lib/fog/compute/google/requests/delete_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/delete_zone_operation.rb +2 -0
- data/lib/fog/compute/google/requests/deprecate_image.rb +2 -0
- data/lib/fog/compute/google/requests/detach_disk.rb +2 -0
- data/lib/fog/compute/google/requests/expand_subnetwork_ip_cidr_range.rb +2 -0
- data/lib/fog/compute/google/requests/get_address.rb +2 -0
- data/lib/fog/compute/google/requests/get_backend_service_health.rb +2 -0
- data/lib/fog/compute/google/requests/get_disk.rb +2 -0
- data/lib/fog/compute/google/requests/get_disk_type.rb +2 -0
- data/lib/fog/compute/google/requests/get_firewall.rb +2 -0
- data/lib/fog/compute/google/requests/get_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/get_global_address.rb +2 -0
- data/lib/fog/compute/google/requests/get_global_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/get_global_operation.rb +2 -0
- data/lib/fog/compute/google/requests/get_http_health_check.rb +2 -0
- data/lib/fog/compute/google/requests/get_image.rb +2 -0
- data/lib/fog/compute/google/requests/get_image_from_family.rb +2 -0
- data/lib/fog/compute/google/requests/get_instance_group.rb +2 -0
- data/lib/fog/compute/google/requests/get_instance_group_manager.rb +2 -0
- data/lib/fog/compute/google/requests/get_instance_template.rb +2 -0
- data/lib/fog/compute/google/requests/get_machine_type.rb +2 -0
- data/lib/fog/compute/google/requests/get_network.rb +2 -0
- data/lib/fog/compute/google/requests/get_project.rb +2 -0
- data/lib/fog/compute/google/requests/get_region.rb +2 -0
- data/lib/fog/compute/google/requests/get_route.rb +2 -0
- data/lib/fog/compute/google/requests/get_server.rb +2 -0
- data/lib/fog/compute/google/requests/get_server_serial_port_output.rb +2 -0
- data/lib/fog/compute/google/requests/get_snapshot.rb +2 -0
- data/lib/fog/compute/google/requests/get_ssl_certificate.rb +2 -0
- data/lib/fog/compute/google/requests/get_subnetwork.rb +2 -0
- data/lib/fog/compute/google/requests/get_target_http_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/get_target_https_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/get_target_instance.rb +2 -0
- data/lib/fog/compute/google/requests/get_target_pool.rb +2 -0
- data/lib/fog/compute/google/requests/get_target_pool_health.rb +2 -0
- data/lib/fog/compute/google/requests/get_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/get_zone.rb +2 -0
- data/lib/fog/compute/google/requests/get_zone_operation.rb +2 -0
- data/lib/fog/compute/google/requests/insert_address.rb +2 -0
- data/lib/fog/compute/google/requests/insert_backend_service.rb +2 -0
- data/lib/fog/compute/google/requests/insert_disk.rb +8 -5
- data/lib/fog/compute/google/requests/insert_firewall.rb +2 -0
- data/lib/fog/compute/google/requests/insert_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/insert_global_address.rb +2 -0
- data/lib/fog/compute/google/requests/insert_global_forwarding_rule.rb +2 -0
- data/lib/fog/compute/google/requests/insert_http_health_check.rb +2 -0
- data/lib/fog/compute/google/requests/insert_image.rb +2 -0
- data/lib/fog/compute/google/requests/insert_instance_group.rb +2 -0
- data/lib/fog/compute/google/requests/insert_instance_group_manager.rb +2 -0
- data/lib/fog/compute/google/requests/insert_instance_template.rb +2 -0
- data/lib/fog/compute/google/requests/insert_network.rb +2 -0
- data/lib/fog/compute/google/requests/insert_route.rb +2 -0
- data/lib/fog/compute/google/requests/insert_server.rb +6 -0
- data/lib/fog/compute/google/requests/insert_ssl_certificate.rb +2 -0
- data/lib/fog/compute/google/requests/insert_subnetwork.rb +2 -0
- data/lib/fog/compute/google/requests/insert_target_http_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/insert_target_https_proxy.rb +2 -0
- data/lib/fog/compute/google/requests/insert_target_instance.rb +2 -0
- data/lib/fog/compute/google/requests/insert_target_pool.rb +2 -0
- data/lib/fog/compute/google/requests/insert_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/invalidate_url_map_cache.rb +2 -0
- data/lib/fog/compute/google/requests/list_addresses.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_addresses.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_disk_types.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_disks.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_forwarding_rules.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_instance_group_managers.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_instance_groups.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_machine_types.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_servers.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_subnetworks.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_target_instances.rb +2 -0
- data/lib/fog/compute/google/requests/list_aggregated_target_pools.rb +2 -0
- data/lib/fog/compute/google/requests/list_disk_types.rb +2 -0
- data/lib/fog/compute/google/requests/list_disks.rb +2 -0
- data/lib/fog/compute/google/requests/list_firewalls.rb +2 -0
- data/lib/fog/compute/google/requests/list_forwarding_rules.rb +2 -0
- data/lib/fog/compute/google/requests/list_global_addresses.rb +2 -0
- data/lib/fog/compute/google/requests/list_global_forwarding_rules.rb +2 -0
- data/lib/fog/compute/google/requests/list_global_operations.rb +2 -0
- data/lib/fog/compute/google/requests/list_http_health_checks.rb +2 -0
- data/lib/fog/compute/google/requests/list_images.rb +2 -0
- data/lib/fog/compute/google/requests/list_instance_group_instances.rb +2 -0
- data/lib/fog/compute/google/requests/list_instance_group_managers.rb +2 -0
- data/lib/fog/compute/google/requests/list_instance_groups.rb +2 -0
- data/lib/fog/compute/google/requests/list_instance_templates.rb +2 -0
- data/lib/fog/compute/google/requests/list_machine_types.rb +2 -0
- data/lib/fog/compute/google/requests/list_networks.rb +2 -0
- data/lib/fog/compute/google/requests/list_region_operations.rb +2 -0
- data/lib/fog/compute/google/requests/list_regions.rb +2 -0
- data/lib/fog/compute/google/requests/list_routes.rb +2 -0
- data/lib/fog/compute/google/requests/list_servers.rb +2 -0
- data/lib/fog/compute/google/requests/list_snapshots.rb +2 -0
- data/lib/fog/compute/google/requests/list_ssl_certificates.rb +2 -0
- data/lib/fog/compute/google/requests/list_subnetworks.rb +2 -0
- data/lib/fog/compute/google/requests/list_target_http_proxies.rb +2 -0
- data/lib/fog/compute/google/requests/list_target_https_proxies.rb +2 -0
- data/lib/fog/compute/google/requests/list_target_instances.rb +2 -0
- data/lib/fog/compute/google/requests/list_target_pools.rb +2 -0
- data/lib/fog/compute/google/requests/list_url_maps.rb +2 -0
- data/lib/fog/compute/google/requests/list_zone_operations.rb +2 -0
- data/lib/fog/compute/google/requests/list_zones.rb +2 -0
- data/lib/fog/compute/google/requests/patch_firewall.rb +2 -0
- data/lib/fog/compute/google/requests/patch_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/recreate_instances.rb +2 -0
- data/lib/fog/compute/google/requests/remove_instance_group_instances.rb +2 -0
- data/lib/fog/compute/google/requests/remove_target_pool_health_checks.rb +2 -0
- data/lib/fog/compute/google/requests/remove_target_pool_instance.rb +2 -0
- data/lib/fog/compute/google/requests/remove_target_pool_instances.rb +2 -0
- data/lib/fog/compute/google/requests/reset_server.rb +2 -0
- data/lib/fog/compute/google/requests/reset_windows_password.rb +154 -0
- data/lib/fog/compute/google/requests/set_common_instance_metadata.rb +2 -0
- data/lib/fog/compute/google/requests/set_forwarding_rule_target.rb +2 -0
- data/lib/fog/compute/google/requests/set_global_forwarding_rule_target.rb +2 -0
- data/lib/fog/compute/google/requests/set_instance_template.rb +2 -0
- data/lib/fog/compute/google/requests/set_server_disk_auto_delete.rb +2 -0
- data/lib/fog/compute/google/requests/set_server_machine_type.rb +23 -0
- data/lib/fog/compute/google/requests/set_server_metadata.rb +3 -1
- data/lib/fog/compute/google/requests/set_server_scheduling.rb +2 -0
- data/lib/fog/compute/google/requests/set_server_tags.rb +2 -0
- data/lib/fog/compute/google/requests/set_snapshot_labels.rb +2 -0
- data/lib/fog/compute/google/requests/set_subnetwork_private_ip_google_access.rb +2 -0
- data/lib/fog/compute/google/requests/set_target_http_proxy_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/set_target_https_proxy_ssl_certificates.rb +2 -0
- data/lib/fog/compute/google/requests/set_target_https_proxy_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/set_target_pool_backup.rb +2 -0
- data/lib/fog/compute/google/requests/start_server.rb +2 -0
- data/lib/fog/compute/google/requests/stop_server.rb +2 -0
- data/lib/fog/compute/google/requests/update_firewall.rb +2 -0
- data/lib/fog/compute/google/requests/update_http_health_check.rb +2 -0
- data/lib/fog/compute/google/requests/update_url_map.rb +2 -0
- data/lib/fog/compute/google/requests/validate_url_map.rb +2 -0
- data/lib/fog/dns/google.rb +1 -1
- data/lib/fog/dns/google/requests/create_change.rb +2 -0
- data/lib/fog/dns/google/requests/create_managed_zone.rb +2 -0
- data/lib/fog/dns/google/requests/delete_managed_zone.rb +2 -0
- data/lib/fog/dns/google/requests/get_change.rb +2 -0
- data/lib/fog/dns/google/requests/get_managed_zone.rb +2 -0
- data/lib/fog/dns/google/requests/get_project.rb +2 -0
- data/lib/fog/dns/google/requests/list_changes.rb +2 -0
- data/lib/fog/dns/google/requests/list_managed_zones.rb +2 -0
- data/lib/fog/dns/google/requests/list_resource_record_sets.rb +2 -0
- data/lib/fog/google/models/sql/ssl_cert.rb +7 -1
- data/lib/fog/google/models/sql/user.rb +2 -0
- data/lib/fog/google/monitoring.rb +2 -1
- data/lib/fog/google/pubsub.rb +1 -1
- data/lib/fog/google/requests/monitoring/create_metric_descriptor.rb +2 -0
- data/lib/fog/google/requests/monitoring/create_timeseries.rb +3 -1
- data/lib/fog/google/requests/monitoring/delete_metric_descriptor.rb +2 -0
- data/lib/fog/google/requests/monitoring/get_metric_descriptor.rb +2 -0
- data/lib/fog/google/requests/monitoring/list_monitored_resource_descriptors.rb +2 -0
- data/lib/fog/google/requests/monitoring/list_timeseries.rb +2 -0
- data/lib/fog/google/requests/pubsub/pull_subscription.rb +5 -1
- data/lib/fog/google/requests/sql/clone_instance.rb +2 -0
- data/lib/fog/google/requests/sql/delete_backup_run.rb +2 -0
- data/lib/fog/google/requests/sql/delete_instance.rb +2 -0
- data/lib/fog/google/requests/sql/delete_ssl_cert.rb +2 -0
- data/lib/fog/google/requests/sql/delete_user.rb +3 -1
- data/lib/fog/google/requests/sql/export_instance.rb +2 -0
- data/lib/fog/google/requests/sql/get_backup_run.rb +2 -0
- data/lib/fog/google/requests/sql/get_instance.rb +2 -0
- data/lib/fog/google/requests/sql/get_operation.rb +2 -0
- data/lib/fog/google/requests/sql/get_ssl_cert.rb +2 -0
- data/lib/fog/google/requests/sql/import_instance.rb +2 -0
- data/lib/fog/google/requests/sql/insert_backup_run.rb +2 -0
- data/lib/fog/google/requests/sql/insert_instance.rb +2 -0
- data/lib/fog/google/requests/sql/insert_ssl_cert.rb +2 -0
- data/lib/fog/google/requests/sql/insert_user.rb +2 -0
- data/lib/fog/google/requests/sql/list_backup_runs.rb +2 -0
- data/lib/fog/google/requests/sql/list_flags.rb +2 -0
- data/lib/fog/google/requests/sql/list_instances.rb +2 -0
- data/lib/fog/google/requests/sql/list_operations.rb +2 -0
- data/lib/fog/google/requests/sql/list_ssl_certs.rb +2 -0
- data/lib/fog/google/requests/sql/list_tiers.rb +2 -0
- data/lib/fog/google/requests/sql/list_users.rb +2 -0
- data/lib/fog/google/requests/sql/reset_instance_ssl_config.rb +2 -0
- data/lib/fog/google/requests/sql/restart_instance.rb +2 -0
- data/lib/fog/google/requests/sql/restore_instance_backup.rb +2 -0
- data/lib/fog/google/requests/sql/update_instance.rb +2 -0
- data/lib/fog/google/requests/sql/update_user.rb +2 -0
- data/lib/fog/google/shared.rb +115 -55
- data/lib/fog/google/sql.rb +1 -1
- data/lib/fog/google/version.rb +1 -1
- data/lib/fog/storage/google_json.rb +5 -1
- data/lib/fog/storage/google_json/mock.rb +6 -0
- data/lib/fog/storage/google_json/real.rb +106 -3
- data/lib/fog/storage/google_json/requests/copy_object.rb +2 -0
- data/lib/fog/storage/google_json/requests/delete_bucket.rb +2 -0
- data/lib/fog/storage/google_json/requests/delete_object.rb +2 -0
- data/lib/fog/storage/google_json/requests/get_bucket.rb +2 -0
- data/lib/fog/storage/google_json/requests/get_bucket_acl.rb +2 -0
- data/lib/fog/storage/google_json/requests/get_object.rb +2 -0
- data/lib/fog/storage/google_json/requests/get_object_acl.rb +2 -0
- data/lib/fog/storage/google_json/requests/get_object_metadata.rb +2 -0
- data/lib/fog/storage/google_json/requests/list_bucket_acl.rb +2 -0
- data/lib/fog/storage/google_json/requests/list_buckets.rb +2 -0
- data/lib/fog/storage/google_json/requests/list_object_acl.rb +2 -0
- data/lib/fog/storage/google_json/requests/list_objects.rb +2 -0
- data/lib/fog/storage/google_json/requests/put_bucket.rb +2 -0
- data/lib/fog/storage/google_json/requests/put_bucket_acl.rb +2 -0
- data/lib/fog/storage/google_json/requests/put_object.rb +2 -0
- data/lib/fog/storage/google_json/requests/put_object_acl.rb +2 -0
- data/lib/fog/storage/google_json/utils.rb +1 -1
- data/lib/fog/storage/google_xml/models/file.rb +1 -1
- data/lib/fog/storage/google_xml/requests/get_bucket.rb +0 -1
- data/lib/fog/storage/google_xml/requests/head_object.rb +7 -6
- data/lib/fog/storage/google_xml/requests/put_bucket_acl.rb +2 -0
- data/tasks/changelog.rake +37 -0
- data/tasks/test.rake +6 -2
- data/test/helpers/integration_test_helper.rb +17 -6
- data/test/helpers/test_helper.rb +1 -0
- data/test/integration/compute/core_compute/test_servers.rb +40 -0
- data/test/integration/compute/core_compute/test_zones.rb +1 -1
- data/test/integration/compute/core_networking/test_addresses.rb +23 -0
- data/test/integration/factories/{sql_v1_certs_factory.rb → sql_certs_factory.rb} +3 -3
- data/test/integration/factories/{sql_v1_instances_factory.rb → sql_instances_factory.rb} +3 -3
- data/test/integration/factories/{sql_v1_users_factory.rb → sql_users_factory.rb} +6 -3
- data/test/integration/monitoring/test_metric_descriptors.rb +2 -0
- data/test/integration/monitoring/test_timeseries.rb +14 -26
- data/test/integration/pubsub/test_pubsub_models.rb +3 -3
- data/test/integration/pubsub/test_pubsub_requests.rb +2 -2
- data/test/integration/sql/{sqlv1/test_v1_certs.rb → test_certs.rb} +3 -3
- data/test/integration/sql/{sqlv1/test_common_flags.rb → test_common_flags.rb} +0 -0
- data/test/integration/sql/{sqlv1/test_common_tiers.rb → test_common_tiers.rb} +0 -0
- data/test/integration/sql/{sqlv1/test_coverage.rb → test_coverage.rb} +1 -1
- data/test/integration/sql/{sqlv2/test_v2_instances.rb → test_instances.rb} +22 -2
- data/test/integration/sql/{sqlv1/test_v1_users.rb → test_users.rb} +4 -4
- data/test/integration/test_authentication.rb +0 -7
- data/test/unit/storage/test_common_xml_collections.rb +11 -0
- data/test/unit/storage/test_json_requests.rb +0 -1
- metadata +50 -31
- data/test/integration/factories/sql_v2_instances_factory.rb +0 -19
- data/test/integration/sql/sqlv1/test_v1_instances.rb +0 -31
- data/test/integration/sql/sqlv2/test_coverage.rb +0 -6
data/lib/fog/google/shared.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require "google-cloud-env"
|
|
2
|
+
|
|
1
3
|
module Fog
|
|
2
4
|
module Google
|
|
3
5
|
module Shared
|
|
@@ -14,61 +16,43 @@ module Fog
|
|
|
14
16
|
@project = project
|
|
15
17
|
@api_version = api_version
|
|
16
18
|
@api_url = base_url + api_version + "/projects/"
|
|
19
|
+
# google-cloud-env allows us to figure out which GCP runtime we're running in and query metadata
|
|
20
|
+
# e.g. whether we're running in GCE/GKE/AppEngine or what region the instance is running in
|
|
21
|
+
@google_cloud_env = ::Google::Cloud::Env.get
|
|
17
22
|
end
|
|
18
23
|
|
|
19
24
|
##
|
|
20
25
|
# Initializes the Google API Client
|
|
21
26
|
#
|
|
22
27
|
# @param [Hash] options Google API options
|
|
28
|
+
# @option options [Bool] :google_application_default Explicitly use application default credentials
|
|
23
29
|
# @option options [Google::Auth|Signet] :google_auth Manually created authorization to use
|
|
24
|
-
# @option options [String] :google_client_email A @developer.gserviceaccount.com email address to use
|
|
25
|
-
# @option options [String] :google_key_location The location of a pkcs12 key file
|
|
26
|
-
# @option options [String] :google_key_string The content of the pkcs12 key file
|
|
27
30
|
# @option options [String] :google_json_key_location The location of a JSON key file
|
|
28
31
|
# @option options [String] :google_json_key_string The content of the JSON key file
|
|
29
32
|
# @option options [String] :google_api_scope_url The access scope URLs
|
|
30
33
|
# @option options [String] :app_name The app name to set in the user agent
|
|
31
34
|
# @option options [String] :app_version The app version to set in the user agent
|
|
32
|
-
# @option options [Google::APIClient] :google_client Existing Google API Client
|
|
33
35
|
# @option options [Hash] :google_client_options A hash to send additional options to Google API Client
|
|
34
36
|
# @return [Google::APIClient] Google API Client
|
|
35
37
|
# @raises [ArgumentError] If there is any missing argument
|
|
36
38
|
def initialize_google_client(options)
|
|
37
39
|
# NOTE: loaded here to avoid requiring this as a core Fog dependency
|
|
38
40
|
begin
|
|
39
|
-
#
|
|
40
|
-
# of funky things, like this nonsense.
|
|
41
|
+
# TODO: google-api-client is in gemspec now, re-assess if this initialization logic is still needed
|
|
41
42
|
require "google/apis/monitoring_#{Fog::Google::Monitoring::GOOGLE_MONITORING_API_VERSION}"
|
|
42
43
|
require "google/apis/compute_#{Fog::Compute::Google::GOOGLE_COMPUTE_API_VERSION}"
|
|
43
44
|
require "google/apis/dns_#{Fog::DNS::Google::GOOGLE_DNS_API_VERSION}"
|
|
44
45
|
require "google/apis/pubsub_#{Fog::Google::Pubsub::GOOGLE_PUBSUB_API_VERSION}"
|
|
45
46
|
require "google/apis/sqladmin_#{Fog::Google::SQL::GOOGLE_SQL_API_VERSION}"
|
|
46
47
|
require "google/apis/storage_#{Fog::Storage::GoogleJSON::GOOGLE_STORAGE_JSON_API_VERSION}"
|
|
48
|
+
require "google/apis/iamcredentials_#{Fog::Storage::GoogleJSON::GOOGLE_STORAGE_JSON_IAM_API_VERSION}"
|
|
47
49
|
require "googleauth"
|
|
48
50
|
rescue LoadError => error
|
|
49
51
|
Fog::Errors::Error.new("Please install the google-api-client (>= 0.9) gem before using this provider")
|
|
50
52
|
raise error
|
|
51
53
|
end
|
|
52
54
|
|
|
53
|
-
|
|
54
|
-
# in https://github.com/google/google-api-ruby-client/ version 0.9.
|
|
55
|
-
if options[:google_client]
|
|
56
|
-
raise ArgumentError.new("Deprecated argument no longer works: google_client")
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
# They can also no longer use pkcs12 files, because Google's new auth
|
|
60
|
-
# library doesn't support them either.
|
|
61
|
-
if options[:google_key_location]
|
|
62
|
-
raise ArgumentError.new("Deprecated argument no longer works: google_key_location")
|
|
63
|
-
end
|
|
64
|
-
if options[:google_key_string]
|
|
65
|
-
raise ArgumentError.new("Deprecated argument no longer works: google_key_string")
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
# Validate required arguments
|
|
69
|
-
unless options[:google_api_scope_url]
|
|
70
|
-
raise ArgumentError.new("Missing required arguments: google_api_scope_url")
|
|
71
|
-
end
|
|
55
|
+
validate_client_options(options)
|
|
72
56
|
|
|
73
57
|
application_name = "fog"
|
|
74
58
|
unless options[:app_name].nil?
|
|
@@ -78,41 +62,21 @@ module Fog
|
|
|
78
62
|
::Google::Apis::ClientOptions.default.application_name = application_name
|
|
79
63
|
::Google::Apis::ClientOptions.default.application_version = Fog::Google::VERSION
|
|
80
64
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
json_key = File.open(json_key_location, "r", &:read)
|
|
86
|
-
else
|
|
87
|
-
json_key = options[:google_json_key_string]
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
json_key_hash = Fog::JSON.decode(json_key)
|
|
91
|
-
unless json_key_hash.key?("client_email") || json_key_hash.key?("private_key")
|
|
92
|
-
raise ArgumentError.new("Invalid Google JSON key")
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
options[:google_client_email] = json_key_hash["client_email"]
|
|
96
|
-
unless options[:google_client_email]
|
|
97
|
-
raise ArgumentError.new("Missing required arguments: google_client_email")
|
|
98
|
-
end
|
|
65
|
+
if ENV["DEBUG"]
|
|
66
|
+
::Google::Apis.logger = ::Logger.new(::STDERR)
|
|
67
|
+
::Google::Apis.logger.level = ::Logger::DEBUG
|
|
68
|
+
end
|
|
99
69
|
|
|
100
|
-
|
|
101
|
-
::Google::Apis.logger = ::Logger.new(::STDERR)
|
|
102
|
-
::Google::Apis.logger.level = ::Logger::DEBUG
|
|
103
|
-
end
|
|
70
|
+
auth = nil
|
|
104
71
|
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
:scope => options[:google_api_scope_url]
|
|
108
|
-
)
|
|
72
|
+
if options[:google_json_key_location] || options[:google_json_key_string]
|
|
73
|
+
auth = process_key_auth(options)
|
|
109
74
|
elsif options[:google_auth]
|
|
110
75
|
auth = options[:google_auth]
|
|
76
|
+
elsif options[:google_application_default]
|
|
77
|
+
auth = process_application_default_auth(options)
|
|
111
78
|
else
|
|
112
|
-
|
|
113
|
-
"Missing required arguments: google_json_key_location, "\
|
|
114
|
-
"google_json_key_string or google_auth"
|
|
115
|
-
)
|
|
79
|
+
auth = process_fallback_auth(options)
|
|
116
80
|
end
|
|
117
81
|
|
|
118
82
|
::Google::Apis::RequestOptions.default.authorization = auth
|
|
@@ -188,6 +152,102 @@ module Fog
|
|
|
188
152
|
|
|
189
153
|
response
|
|
190
154
|
end
|
|
155
|
+
|
|
156
|
+
private
|
|
157
|
+
|
|
158
|
+
# Helper method to process application default authentication
|
|
159
|
+
#
|
|
160
|
+
# @param [Hash] options - client options hash
|
|
161
|
+
# @return [Google::Auth::DefaultCredentials] - google auth object
|
|
162
|
+
def process_application_default_auth(options)
|
|
163
|
+
::Google::Auth.get_application_default(options[:google_api_scope_url])
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
# Helper method to process fallback authentication
|
|
167
|
+
# Current fallback is application default authentication
|
|
168
|
+
#
|
|
169
|
+
# @param [Hash] options - client options hash
|
|
170
|
+
# @return [Google::Auth::DefaultCredentials] - google auth object
|
|
171
|
+
def process_fallback_auth(options)
|
|
172
|
+
Fog::Logger.warning(
|
|
173
|
+
"Didn't detect any client auth settings, " \
|
|
174
|
+
"trying to fall back to application default credentials..."
|
|
175
|
+
)
|
|
176
|
+
begin
|
|
177
|
+
return process_application_default_auth(options)
|
|
178
|
+
rescue
|
|
179
|
+
raise Fog::Errors::Error.new(
|
|
180
|
+
"Fallback auth failed, could not configure authentication for Fog client.\n" \
|
|
181
|
+
"Check your auth options, must be one of:\n" \
|
|
182
|
+
"- :google_json_key_location,\n" \
|
|
183
|
+
"- :google_json_key_string,\n" \
|
|
184
|
+
"- :google_auth,\n" \
|
|
185
|
+
"- :google_application_default,\n" \
|
|
186
|
+
"If credentials are valid - please, file a bug to fog-google." \
|
|
187
|
+
)
|
|
188
|
+
end
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
# Helper method to process key authentication
|
|
192
|
+
#
|
|
193
|
+
# @param [Hash] options - client options hash
|
|
194
|
+
# @return [Google::Auth::ServiceAccountCredentials] - google auth object
|
|
195
|
+
def process_key_auth(options)
|
|
196
|
+
if options[:google_json_key_location]
|
|
197
|
+
json_key = File.read(File.expand_path(options[:google_json_key_location]))
|
|
198
|
+
elsif options[:google_json_key_string]
|
|
199
|
+
json_key = options[:google_json_key_string]
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
validate_json_credentials(json_key)
|
|
203
|
+
|
|
204
|
+
::Google::Auth::ServiceAccountCredentials.make_creds(
|
|
205
|
+
:json_key_io => StringIO.new(json_key),
|
|
206
|
+
:scope => options[:google_api_scope_url]
|
|
207
|
+
)
|
|
208
|
+
end
|
|
209
|
+
|
|
210
|
+
# Helper method to sort out deprecated and missing auth options
|
|
211
|
+
#
|
|
212
|
+
# @param [Hash] options - client options hash
|
|
213
|
+
def validate_client_options(options)
|
|
214
|
+
# Users can no longer provide their own clients due to rewrite of auth
|
|
215
|
+
# in https://github.com/google/google-api-ruby-client/ version 0.9.
|
|
216
|
+
if options[:google_client]
|
|
217
|
+
raise ArgumentError.new("Deprecated argument no longer works: google_client")
|
|
218
|
+
end
|
|
219
|
+
|
|
220
|
+
# They can also no longer use pkcs12 files, because Google's new auth
|
|
221
|
+
# library doesn't support them either.
|
|
222
|
+
if options[:google_key_location]
|
|
223
|
+
raise ArgumentError.new("Deprecated auth method no longer works: google_key_location")
|
|
224
|
+
end
|
|
225
|
+
if options[:google_key_string]
|
|
226
|
+
raise ArgumentError.new("Deprecated auth method no longer works: google_key_string")
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
# Google client email option is no longer needed
|
|
230
|
+
if options[:google_client_email]
|
|
231
|
+
Fog::Logger.deprecation("Argument no longer needed for auth: google_client_email")
|
|
232
|
+
end
|
|
233
|
+
|
|
234
|
+
# Validate required arguments
|
|
235
|
+
unless options[:google_api_scope_url]
|
|
236
|
+
raise ArgumentError.new("Missing required arguments: google_api_scope_url")
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
|
|
240
|
+
# Helper method to checks whether the necessary fields are present in
|
|
241
|
+
# JSON key credentials
|
|
242
|
+
#
|
|
243
|
+
# @param [String] json_key - Google json auth key string
|
|
244
|
+
def validate_json_credentials(json_key)
|
|
245
|
+
json_key_hash = Fog::JSON.decode(json_key)
|
|
246
|
+
|
|
247
|
+
unless json_key_hash.key?("client_email") || json_key_hash.key?("private_key")
|
|
248
|
+
raise ArgumentError.new("Invalid Google JSON key")
|
|
249
|
+
end
|
|
250
|
+
end
|
|
191
251
|
end
|
|
192
252
|
end
|
|
193
253
|
end
|
data/lib/fog/google/sql.rb
CHANGED
data/lib/fog/google/version.rb
CHANGED
|
@@ -9,9 +9,9 @@ module Fog
|
|
|
9
9
|
recognizes(
|
|
10
10
|
:app_name,
|
|
11
11
|
:app_version,
|
|
12
|
+
:google_application_default,
|
|
12
13
|
:google_auth,
|
|
13
14
|
:google_client,
|
|
14
|
-
:google_client_email,
|
|
15
15
|
:google_client_options,
|
|
16
16
|
:google_key_location,
|
|
17
17
|
:google_key_string,
|
|
@@ -27,6 +27,10 @@ module Fog
|
|
|
27
27
|
GOOGLE_STORAGE_JSON_BASE_URL = "https://www.googleapis.com/storage/".freeze
|
|
28
28
|
GOOGLE_STORAGE_BUCKET_BASE_URL = "https://storage.googleapis.com/".freeze
|
|
29
29
|
|
|
30
|
+
# Version of IAM API used for blob signing, see Fog::Storage::GoogleJSON::Real#iam_signer
|
|
31
|
+
GOOGLE_STORAGE_JSON_IAM_API_VERSION = "v1".freeze
|
|
32
|
+
GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS = %w(https://www.googleapis.com/auth/devstorage.full_control).freeze
|
|
33
|
+
|
|
30
34
|
# TODO: Come up with a way to only request a subset of permissions.
|
|
31
35
|
# https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing
|
|
32
36
|
GOOGLE_STORAGE_JSON_API_SCOPE_URLS = %w(https://www.googleapis.com/auth/devstorage.full_control).freeze
|
|
@@ -10,11 +10,17 @@ module Fog
|
|
|
10
10
|
def initialize(options = {})
|
|
11
11
|
shared_initialize(options[:google_project], GOOGLE_STORAGE_JSON_API_VERSION, GOOGLE_STORAGE_JSON_BASE_URL)
|
|
12
12
|
@client = MockClient.new('test')
|
|
13
|
+
@storage_json = MockClient.new('test')
|
|
14
|
+
@iam_service = MockClient.new('test')
|
|
13
15
|
end
|
|
14
16
|
|
|
15
17
|
def signature(_params)
|
|
16
18
|
"foo"
|
|
17
19
|
end
|
|
20
|
+
|
|
21
|
+
def google_access_id
|
|
22
|
+
"my-account@project.iam.gserviceaccount"
|
|
23
|
+
end
|
|
18
24
|
end
|
|
19
25
|
end
|
|
20
26
|
end
|
|
@@ -13,7 +13,14 @@ module Fog
|
|
|
13
13
|
options[:google_api_scope_url] = GOOGLE_STORAGE_JSON_API_SCOPE_URLS.join(" ")
|
|
14
14
|
@host = options[:host] || "storage.googleapis.com"
|
|
15
15
|
|
|
16
|
+
# TODO(temikus): Do we even need this client?
|
|
16
17
|
@client = initialize_google_client(options)
|
|
18
|
+
# IAM client used for SignBlob API
|
|
19
|
+
@iam_service = ::Google::Apis::IamcredentialsV1::IAMCredentialsService.new
|
|
20
|
+
apply_client_options(@iam_service, {
|
|
21
|
+
google_api_scope_url: GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS.join(" ")
|
|
22
|
+
})
|
|
23
|
+
|
|
17
24
|
@storage_json = ::Google::Apis::StorageV1::StorageService.new
|
|
18
25
|
apply_client_options(@storage_json, options)
|
|
19
26
|
|
|
@@ -56,12 +63,108 @@ DATA
|
|
|
56
63
|
canonical_resource.chop!
|
|
57
64
|
string_to_sign << canonical_resource.to_s
|
|
58
65
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
66
|
+
# TODO(temikus): make signer configurable or add ability to supply your own via lambda
|
|
67
|
+
if !@storage_json.authorization.signing_key.nil?
|
|
68
|
+
signed_string = default_signer(string_to_sign)
|
|
69
|
+
else
|
|
70
|
+
# If client doesn't contain signing key attempt to auth via IAM SignBlob API
|
|
71
|
+
signed_string = iam_signer(string_to_sign)
|
|
72
|
+
end
|
|
62
73
|
|
|
63
74
|
Base64.encode64(signed_string).chomp!
|
|
64
75
|
end
|
|
76
|
+
|
|
77
|
+
private
|
|
78
|
+
|
|
79
|
+
def google_access_id
|
|
80
|
+
@google_access_id ||= get_google_access_id
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
##
|
|
84
|
+
# Fetches the google service account name
|
|
85
|
+
#
|
|
86
|
+
# @return [String] Service account name, typically needed for GoogleAccessId, e.g.
|
|
87
|
+
# my-account@project.iam.gserviceaccount
|
|
88
|
+
# @raises [Fog::Errors::Error] If authorisation is incorrect or inapplicable for current action
|
|
89
|
+
def get_google_access_id
|
|
90
|
+
if @storage_json.authorization.is_a?(::Google::Auth::UserRefreshCredentials)
|
|
91
|
+
raise Fog::Errors::Error.new("User / Application Default Credentials are not supported for storage"\
|
|
92
|
+
"url signing, please use a service account or metadata authentication.")
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
if !@storage_json.authorization.issuer.nil?
|
|
96
|
+
return @storage_json.authorization.issuer
|
|
97
|
+
else
|
|
98
|
+
get_access_id_from_metadata
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
##
|
|
103
|
+
# Attempts to fetch the google service account name from metadata using Google::Cloud::Env
|
|
104
|
+
#
|
|
105
|
+
# @return [String] Service account name, typically needed for GoogleAccessId, e.g.
|
|
106
|
+
# my-account@project.iam.gserviceaccount
|
|
107
|
+
# @raises [Fog::Errors::Error] If Metadata service is not available or returns an invalid response
|
|
108
|
+
def get_access_id_from_metadata
|
|
109
|
+
if @google_cloud_env.metadata?
|
|
110
|
+
access_id = @google_cloud_env.lookup_metadata("instance", "service-accounts/default/email")
|
|
111
|
+
else
|
|
112
|
+
raise Fog::Errors::Error.new("Metadata service not available, unable to retrieve service account info.")
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
if access_id.nil?
|
|
116
|
+
raise Fog::Errors::Error.new("Metadata service found but didn't return data." \
|
|
117
|
+
"Please file a bug: https://github.com/fog/fog-google")
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
return access_id
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
##
|
|
124
|
+
# Default url signer using service account keys
|
|
125
|
+
#
|
|
126
|
+
# @param [String] string_to_sign Special collection of headers and options for V2 storage signing, e.g.:
|
|
127
|
+
#
|
|
128
|
+
# StringToSign = HTTP_Verb + "\n" +
|
|
129
|
+
# Content_MD5 + "\n" +
|
|
130
|
+
# Content_Type + "\n" +
|
|
131
|
+
# Expires + "\n" +
|
|
132
|
+
# Canonicalized_Extension_Headers +
|
|
133
|
+
# Canonicalized_Resource
|
|
134
|
+
#
|
|
135
|
+
# See https://cloud.google.com/storage/docs/access-control/signed-urls-v2
|
|
136
|
+
# @return [String] Signature binary blob
|
|
137
|
+
def default_signer(string_to_sign)
|
|
138
|
+
key = OpenSSL::PKey::RSA.new(@storage_json.authorization.signing_key)
|
|
139
|
+
digest = OpenSSL::Digest::SHA256.new
|
|
140
|
+
return key.sign(digest, string_to_sign)
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
##
|
|
144
|
+
# Fallback URL signer using the IAM SignServiceAccountBlob API, see
|
|
145
|
+
# Google::Apis::IamcredentialsV1::IAMCredentialsService#sign_service_account_blob
|
|
146
|
+
#
|
|
147
|
+
# @param [String] string_to_sign Special collection of headers and options for V2 storage signing, e.g.:
|
|
148
|
+
#
|
|
149
|
+
# StringToSign = HTTP_Verb + "\n" +
|
|
150
|
+
# Content_MD5 + "\n" +
|
|
151
|
+
# Content_Type + "\n" +
|
|
152
|
+
# Expires + "\n" +
|
|
153
|
+
# Canonicalized_Extension_Headers +
|
|
154
|
+
# Canonicalized_Resource
|
|
155
|
+
#
|
|
156
|
+
# See https://cloud.google.com/storage/docs/access-control/signed-urls-v2
|
|
157
|
+
# @return [String] Signature binary blob
|
|
158
|
+
def iam_signer(string_to_sign)
|
|
159
|
+
request = {
|
|
160
|
+
"payload": string_to_sign
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
resource = "projects/-/serviceAccounts/#{google_access_id}"
|
|
164
|
+
response = @iam_service.sign_service_account_blob resource, request, {}
|
|
165
|
+
|
|
166
|
+
return response.signed_blob
|
|
167
|
+
end
|
|
65
168
|
end
|
|
66
169
|
end
|
|
67
170
|
end
|