fog-google 1.24.0 → 1.24.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/lib/fog/google/shared.rb +9 -8
- data/lib/fog/google/version.rb +1 -1
- data/lib/fog/storage/google_json/real.rb +14 -6
- data/lib/fog/storage/google_json.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 32fba42f750f2248b67a52b9c90e4ad74afeee359c7b8eec325de6e61e958e3d
|
4
|
+
data.tar.gz: 6b34cbc9704516e06f9dbff7a6cb37eb403acaefd06e5be5361bcad5e065ebc3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06b4ca2279ada450d5036ed62e54187bdb82172fb48873446929dd409b8c45ab1e2fb59f63bfdd1498e1d8917e7276ebc69a718ae7a6c188c8279fffe4eb36a1
|
7
|
+
data.tar.gz: 3f2201ff0d673c300b89d69ee228301afd660bc59bfdde91dcc1da48894798f9c64a6e9847c0818c8c32dcca1097ad33646966d484988c0959a7a0dd91b35678
|
data/CHANGELOG.md
CHANGED
@@ -7,6 +7,16 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
|
|
7
7
|
## Next
|
8
8
|
|
9
9
|
|
10
|
+
## 1.24.1
|
11
|
+
|
12
|
+
### User-facing
|
13
|
+
|
14
|
+
#### Fixed
|
15
|
+
|
16
|
+
- #629 Fix IAM scope for storage requests [stanhu]
|
17
|
+
|
18
|
+
## 1.24.0
|
19
|
+
|
10
20
|
### User-facing
|
11
21
|
|
12
22
|
#### Added
|
@@ -16,7 +26,7 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
|
|
16
26
|
|
17
27
|
### Development changes
|
18
28
|
|
19
|
-
|
29
|
+
#### Added
|
20
30
|
|
21
31
|
- #618 Deprecated Ruby-2.0 support [temikus]
|
22
32
|
- #624 Migrated the Integration tests to new ARC runners [temikus]
|
data/lib/fog/google/shared.rb
CHANGED
@@ -67,20 +67,21 @@ module Fog
|
|
67
67
|
::Google::Apis.logger.level = ::Logger::DEBUG
|
68
68
|
end
|
69
69
|
|
70
|
-
|
70
|
+
initialize_auth(options).tap do |auth|
|
71
|
+
::Google::Apis::RequestOptions.default.authorization = auth
|
72
|
+
end
|
73
|
+
end
|
71
74
|
|
75
|
+
def initialize_auth(options)
|
72
76
|
if options[:google_json_key_location] || options[:google_json_key_string]
|
73
|
-
|
77
|
+
process_key_auth(options)
|
74
78
|
elsif options[:google_auth]
|
75
|
-
|
79
|
+
options[:google_auth]
|
76
80
|
elsif options[:google_application_default]
|
77
|
-
|
81
|
+
process_application_default_auth(options)
|
78
82
|
else
|
79
|
-
|
83
|
+
process_fallback_auth(options)
|
80
84
|
end
|
81
|
-
|
82
|
-
::Google::Apis::RequestOptions.default.authorization = auth
|
83
|
-
auth
|
84
85
|
end
|
85
86
|
|
86
87
|
##
|
data/lib/fog/google/version.rb
CHANGED
@@ -10,16 +10,12 @@ module Fog
|
|
10
10
|
|
11
11
|
def initialize(options = {})
|
12
12
|
shared_initialize(options[:google_project], GOOGLE_STORAGE_JSON_API_VERSION, GOOGLE_STORAGE_JSON_BASE_URL)
|
13
|
+
@options = options.dup
|
13
14
|
options[:google_api_scope_url] = GOOGLE_STORAGE_JSON_API_SCOPE_URLS.join(" ")
|
14
15
|
@host = options[:host] || "storage.googleapis.com"
|
15
16
|
|
16
17
|
# TODO(temikus): Do we even need this client?
|
17
18
|
@client = initialize_google_client(options)
|
18
|
-
# IAM client used for SignBlob API
|
19
|
-
@iam_service = ::Google::Apis::IamcredentialsV1::IAMCredentialsService.new
|
20
|
-
apply_client_options(@iam_service, {
|
21
|
-
google_api_scope_url: GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS.join(" ")
|
22
|
-
})
|
23
19
|
|
24
20
|
@storage_json = ::Google::Apis::StorageV1::StorageService.new
|
25
21
|
apply_client_options(@storage_json, options)
|
@@ -141,6 +137,18 @@ DATA
|
|
141
137
|
return key.sign(digest, string_to_sign)
|
142
138
|
end
|
143
139
|
|
140
|
+
# IAM client used for SignBlob API.
|
141
|
+
# Lazily initialize this since it requires another authorization request.
|
142
|
+
def iam_service
|
143
|
+
return @iam_service if defined?(@iam_service)
|
144
|
+
|
145
|
+
@iam_service = ::Google::Apis::IamcredentialsV1::IAMCredentialsService.new
|
146
|
+
apply_client_options(@iam_service, @options)
|
147
|
+
iam_options = @options.merge(google_api_scope_url: GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS.join(" "))
|
148
|
+
@iam_service.authorization = initialize_auth(iam_options)
|
149
|
+
@iam_service
|
150
|
+
end
|
151
|
+
|
144
152
|
##
|
145
153
|
# Fallback URL signer using the IAM SignServiceAccountBlob API, see
|
146
154
|
# Google::Apis::IamcredentialsV1::IAMCredentialsService#sign_service_account_blob
|
@@ -162,7 +170,7 @@ DATA
|
|
162
170
|
)
|
163
171
|
|
164
172
|
resource = "projects/-/serviceAccounts/#{google_access_id}"
|
165
|
-
response =
|
173
|
+
response = iam_service.sign_service_account_blob(resource, request)
|
166
174
|
|
167
175
|
return response.signed_blob
|
168
176
|
end
|
@@ -29,7 +29,7 @@ module Fog
|
|
29
29
|
|
30
30
|
# Version of IAM API used for blob signing, see Fog::Storage::GoogleJSON::Real#iam_signer
|
31
31
|
GOOGLE_STORAGE_JSON_IAM_API_VERSION = "v1".freeze
|
32
|
-
GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS = %w(https://www.googleapis.com/auth/
|
32
|
+
GOOGLE_STORAGE_JSON_IAM_API_SCOPE_URLS = %w(https://www.googleapis.com/auth/iam).freeze
|
33
33
|
|
34
34
|
# TODO: Come up with a way to only request a subset of permissions.
|
35
35
|
# https://cloud.google.com/storage/docs/json_api/v1/how-tos/authorizing
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fog-google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.24.
|
4
|
+
version: 1.24.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nat Welch
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2024-04-
|
12
|
+
date: 2024-04-12 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fog-core
|