googleauth 0.1.0 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. checksums.yaml +5 -5
  2. data/.github/CODEOWNERS +7 -0
  3. data/.github/CONTRIBUTING.md +74 -0
  4. data/.github/ISSUE_TEMPLATE/bug_report.md +36 -0
  5. data/.github/ISSUE_TEMPLATE/feature_request.md +21 -0
  6. data/.github/ISSUE_TEMPLATE/support_request.md +7 -0
  7. data/.github/renovate.json +6 -0
  8. data/.github/sync-repo-settings.yaml +18 -0
  9. data/.github/workflows/ci.yml +55 -0
  10. data/.github/workflows/release-please.yml +39 -0
  11. data/.gitignore +3 -0
  12. data/.kokoro/populate-secrets.sh +76 -0
  13. data/.kokoro/release.cfg +52 -0
  14. data/.kokoro/release.sh +18 -0
  15. data/.kokoro/trampoline_v2.sh +489 -0
  16. data/.repo-metadata.json +5 -0
  17. data/.rubocop.yml +17 -0
  18. data/.toys/.toys.rb +45 -0
  19. data/.toys/ci.rb +43 -0
  20. data/.toys/kokoro/.toys.rb +66 -0
  21. data/.toys/kokoro/publish-docs.rb +67 -0
  22. data/.toys/kokoro/publish-gem.rb +53 -0
  23. data/.toys/linkinator.rb +43 -0
  24. data/.trampolinerc +48 -0
  25. data/CHANGELOG.md +199 -0
  26. data/CODE_OF_CONDUCT.md +43 -0
  27. data/Gemfile +22 -1
  28. data/{COPYING → LICENSE} +0 -0
  29. data/README.md +140 -17
  30. data/googleauth.gemspec +28 -28
  31. data/integration/helper.rb +31 -0
  32. data/integration/id_tokens/key_source_test.rb +74 -0
  33. data/lib/googleauth.rb +7 -37
  34. data/lib/googleauth/application_default.rb +81 -0
  35. data/lib/googleauth/client_id.rb +104 -0
  36. data/lib/googleauth/compute_engine.rb +73 -26
  37. data/lib/googleauth/credentials.rb +561 -0
  38. data/lib/googleauth/credentials_loader.rb +207 -0
  39. data/lib/googleauth/default_credentials.rb +93 -0
  40. data/lib/googleauth/iam.rb +75 -0
  41. data/lib/googleauth/id_tokens.rb +233 -0
  42. data/lib/googleauth/id_tokens/errors.rb +71 -0
  43. data/lib/googleauth/id_tokens/key_sources.rb +396 -0
  44. data/lib/googleauth/id_tokens/verifier.rb +142 -0
  45. data/lib/googleauth/json_key_reader.rb +50 -0
  46. data/lib/googleauth/scope_util.rb +61 -0
  47. data/lib/googleauth/service_account.rb +177 -67
  48. data/lib/googleauth/signet.rb +69 -8
  49. data/lib/googleauth/stores/file_token_store.rb +65 -0
  50. data/lib/googleauth/stores/redis_token_store.rb +96 -0
  51. data/lib/googleauth/token_store.rb +69 -0
  52. data/lib/googleauth/user_authorizer.rb +285 -0
  53. data/lib/googleauth/user_refresh.rb +129 -0
  54. data/lib/googleauth/version.rb +1 -1
  55. data/lib/googleauth/web_user_authorizer.rb +295 -0
  56. data/spec/googleauth/apply_auth_examples.rb +96 -94
  57. data/spec/googleauth/client_id_spec.rb +160 -0
  58. data/spec/googleauth/compute_engine_spec.rb +125 -55
  59. data/spec/googleauth/credentials_spec.rb +600 -0
  60. data/spec/googleauth/get_application_default_spec.rb +232 -80
  61. data/spec/googleauth/iam_spec.rb +80 -0
  62. data/spec/googleauth/scope_util_spec.rb +77 -0
  63. data/spec/googleauth/service_account_spec.rb +422 -68
  64. data/spec/googleauth/signet_spec.rb +101 -25
  65. data/spec/googleauth/stores/file_token_store_spec.rb +57 -0
  66. data/spec/googleauth/stores/redis_token_store_spec.rb +50 -0
  67. data/spec/googleauth/stores/store_examples.rb +58 -0
  68. data/spec/googleauth/user_authorizer_spec.rb +343 -0
  69. data/spec/googleauth/user_refresh_spec.rb +359 -0
  70. data/spec/googleauth/web_user_authorizer_spec.rb +172 -0
  71. data/spec/spec_helper.rb +51 -10
  72. data/test/helper.rb +33 -0
  73. data/test/id_tokens/key_sources_test.rb +240 -0
  74. data/test/id_tokens/verifier_test.rb +269 -0
  75. metadata +114 -75
  76. data/.travis.yml +0 -18
  77. data/CONTRIBUTING.md +0 -32
  78. data/Rakefile +0 -15
@@ -27,108 +27,260 @@
27
27
  # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
28
  # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
29
 
30
- spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
31
- $LOAD_PATH.unshift(spec_dir)
30
+ spec_dir = File.expand_path File.join(File.dirname(__FILE__))
31
+ $LOAD_PATH.unshift spec_dir
32
32
  $LOAD_PATH.uniq!
33
33
 
34
- require 'faraday'
35
- require 'googleauth'
36
- require 'spec_helper'
37
-
38
- describe '#get_application_default' do
39
- before(:example) do
40
- @key = OpenSSL::PKey::RSA.new(2048)
41
- @var_name = ServiceAccountCredentials::ENV_VAR
42
- @orig = ENV[@var_name]
43
- @home = ENV['HOME']
44
- @scope = 'https://www.googleapis.com/auth/userinfo.profile'
45
- end
34
+ require "faraday"
35
+ require "fakefs/safe"
36
+ require "googleauth"
37
+ require "spec_helper"
38
+ require "os"
39
+
40
+ describe "#get_application_default" do
41
+ # Pass unique options each time to bypass memoization
42
+ let(:options) { |example| { dememoize: example } }
46
43
 
47
- after(:example) do
48
- ENV[@var_name] = @orig unless @orig.nil?
49
- ENV['HOME'] = @home unless @home == ENV['HOME']
44
+ before :example do
45
+ @key = OpenSSL::PKey::RSA.new 2048
46
+ @var_name = ENV_VAR
47
+ @credential_vars = [
48
+ ENV_VAR, PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR, CLIENT_ID_VAR,
49
+ CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR
50
+ ]
51
+ @original_env_vals = {}
52
+ @credential_vars.each { |var| @original_env_vals[var] = ENV[var] }
53
+ @home = ENV["HOME"]
54
+ @app_data = ENV["APPDATA"]
55
+ @program_data = ENV["ProgramData"]
56
+ @scope = "https://www.googleapis.com/auth/userinfo.profile"
50
57
  end
51
58
 
52
- def cred_json_text
53
- cred_json = {
54
- private_key_id: 'a_private_key_id',
55
- private_key: @key.to_pem,
56
- client_email: 'app@developer.gserviceaccount.com',
57
- client_id: 'app.apps.googleusercontent.com',
58
- type: 'service_account'
59
- }
60
- MultiJson.dump(cred_json)
59
+ after :example do
60
+ @credential_vars.each { |var| ENV[var] = @original_env_vals[var] }
61
+ ENV["HOME"] = @home unless @home == ENV["HOME"]
62
+ ENV["APPDATA"] = @app_data unless @app_data == ENV["APPDATA"]
63
+ ENV["ProgramData"] = @program_data unless @program_data == ENV["ProgramData"]
61
64
  end
62
65
 
63
- it 'fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist' do
64
- Dir.mktmpdir do |dir|
65
- key_path = File.join(dir, 'does-not-exist')
66
- ENV[@var_name] = key_path
67
- expect { Google::Auth.get_application_default(@scope) }.to raise_error
66
+ shared_examples "it cannot load misconfigured credentials" do
67
+ it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do
68
+ Dir.mktmpdir do |dir|
69
+ key_path = File.join dir, "does-not-exist"
70
+ ENV[@var_name] = key_path
71
+ expect { Google::Auth.get_application_default @scope, options }
72
+ .to raise_error RuntimeError
73
+ end
68
74
  end
69
- end
70
75
 
71
- it 'succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid' do
72
- Dir.mktmpdir do |dir|
73
- key_path = File.join(dir, 'my_cert_file')
74
- FileUtils.mkdir_p(File.dirname(key_path))
75
- File.write(key_path, cred_json_text)
76
- ENV[@var_name] = key_path
77
- expect(Google::Auth.get_application_default(@scope)).to_not be_nil
76
+ it "fails without default file or env if not on compute engine" do
77
+ stub = stub_request(:get, "http://169.254.169.254")
78
+ .to_return(status: 404,
79
+ headers: { "Metadata-Flavor" => "NotGoogle" })
80
+ Dir.mktmpdir do |dir|
81
+ ENV.delete @var_name unless ENV[@var_name].nil? # no env var
82
+ ENV["HOME"] = dir # no config present in this tmp dir
83
+ expect do
84
+ Google::Auth.get_application_default @scope, options
85
+ end.to raise_error RuntimeError
86
+ end
87
+ expect(stub).to have_been_requested
78
88
  end
79
89
  end
80
90
 
81
- it 'succeeds with default file if GOOGLE_APPLICATION_CREDENTIALS is unset' do
82
- ENV.delete(@var_name) unless ENV[@var_name].nil?
83
- Dir.mktmpdir do |dir|
84
- key_path = File.join(dir, '.config',
85
- ServiceAccountCredentials::WELL_KNOWN_PATH)
86
- FileUtils.mkdir_p(File.dirname(key_path))
87
- File.write(key_path, cred_json_text)
88
- ENV['HOME'] = dir
89
- expect(Google::Auth.get_application_default(@scope)).to_not be_nil
91
+ shared_examples "it can successfully load credentials" do
92
+ it "succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid" do
93
+ Dir.mktmpdir do |dir|
94
+ key_path = File.join dir, "my_cert_file"
95
+ FileUtils.mkdir_p File.dirname(key_path)
96
+ File.write key_path, cred_json_text
97
+ ENV[@var_name] = key_path
98
+ expect(Google::Auth.get_application_default(@scope, options))
99
+ .to_not be_nil
100
+ end
90
101
  end
91
- end
92
102
 
93
- it 'fails without default file or env if not on compute engine' do
94
- stubs = Faraday::Adapter::Test::Stubs.new do |stub|
95
- stub.get('/') do |_env|
96
- [404,
97
- { 'Metadata-Flavor' => 'Google' },
98
- '']
103
+ it "propagates default_connection option" do
104
+ Dir.mktmpdir do |dir|
105
+ key_path = File.join dir, "my_cert_file"
106
+ FileUtils.mkdir_p File.dirname(key_path)
107
+ File.write key_path, cred_json_text
108
+ ENV[@var_name] = key_path
109
+ connection = Faraday.new headers: { "User-Agent" => "hello" }
110
+ opts = options.merge default_connection: connection
111
+ creds = Google::Auth.get_application_default @scope, opts
112
+ expect(creds.build_default_connection).to be connection
99
113
  end
100
- end # GCE not detected
101
- Dir.mktmpdir do |dir|
102
- ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
103
- ENV['HOME'] = dir # no config present in this tmp dir
104
- c = Faraday.new do |b|
105
- b.adapter(:test, stubs)
114
+ end
115
+
116
+ it "succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS" do
117
+ ENV.delete @var_name unless ENV[@var_name].nil?
118
+ Dir.mktmpdir do |dir|
119
+ key_path = File.join dir, ".config", WELL_KNOWN_PATH
120
+ key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
121
+ FileUtils.mkdir_p File.dirname(key_path)
122
+ File.write key_path, cred_json_text
123
+ ENV["HOME"] = dir
124
+ ENV["APPDATA"] = dir
125
+ expect(Google::Auth.get_application_default(@scope, options))
126
+ .to_not be_nil
106
127
  end
107
- blk = proc do
108
- Google::Auth.get_application_default(@scope, connection: c)
128
+ end
129
+
130
+ it "succeeds with default file without a scope" do
131
+ ENV.delete @var_name unless ENV[@var_name].nil?
132
+ Dir.mktmpdir do |dir|
133
+ key_path = File.join dir, ".config", WELL_KNOWN_PATH
134
+ key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
135
+ FileUtils.mkdir_p File.dirname(key_path)
136
+ File.write key_path, cred_json_text
137
+ ENV["HOME"] = dir
138
+ ENV["APPDATA"] = dir
139
+ expect(Google::Auth.get_application_default(nil, options)).to_not be_nil
109
140
  end
110
- expect(&blk).to raise_error
111
141
  end
112
- stubs.verify_stubbed_calls
142
+
143
+ it "succeeds without default file or env if on compute engine" do
144
+ stub = stub_request(:get, "http://169.254.169.254")
145
+ .to_return(status: 200,
146
+ headers: { "Metadata-Flavor" => "Google" })
147
+ Dir.mktmpdir do |dir|
148
+ ENV.delete @var_name unless ENV[@var_name].nil? # no env var
149
+ ENV["HOME"] = dir # no config present in this tmp dir
150
+ creds = Google::Auth.get_application_default @scope, options
151
+ expect(creds).to_not be_nil
152
+ end
153
+ expect(stub).to have_been_requested
154
+ end
155
+
156
+ it "succeeds with system default file" do
157
+ ENV.delete @var_name unless ENV[@var_name].nil?
158
+ FakeFS do
159
+ ENV["ProgramData"] = "/etc"
160
+ prefix = OS.windows? ? "/etc/Google/Auth/" : "/etc/google/auth/"
161
+ key_path = File.join prefix, CREDENTIALS_FILE_NAME
162
+ FileUtils.mkdir_p File.dirname(key_path)
163
+ File.write key_path, cred_json_text
164
+ expect(Google::Auth.get_application_default(@scope, options))
165
+ .to_not be_nil
166
+ File.delete key_path
167
+ end
168
+ end
169
+
170
+ it "succeeds if environment vars are valid" do
171
+ ENV.delete @var_name unless ENV[@var_name].nil? # no env var
172
+ ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
173
+ ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
174
+ ENV[CLIENT_ID_VAR] = cred_json[:client_id]
175
+ ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
176
+ ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
177
+ ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
178
+ expect(Google::Auth.get_application_default(@scope, options))
179
+ .to_not be_nil
180
+ end
181
+
182
+ it "warns when using cloud sdk credentials" do
183
+ ENV.delete @var_name unless ENV[@var_name].nil? # no env var
184
+ ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
185
+ ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
186
+ ENV[CLIENT_ID_VAR] = Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID
187
+ ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
188
+ ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
189
+ ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
190
+ ENV[PROJECT_ID_VAR] = "a_project_id"
191
+ expect { Google::Auth.get_application_default @scope, options }.to output(
192
+ Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
193
+ ).to_stderr
194
+ end
113
195
  end
114
196
 
115
- it 'succeeds without default file or env if on compute engine' do
116
- stubs = Faraday::Adapter::Test::Stubs.new do |stub|
117
- stub.get('/') do |_env|
118
- [200,
119
- { 'Metadata-Flavor' => 'Google' },
120
- '']
197
+ describe "when credential type is service account" do
198
+ let :cred_json do
199
+ {
200
+ private_key_id: "a_private_key_id",
201
+ private_key: @key.to_pem,
202
+ client_email: "app@developer.gserviceaccount.com",
203
+ client_id: "app.apps.googleusercontent.com",
204
+ type: "service_account"
205
+ }
206
+ end
207
+
208
+ def cred_json_text
209
+ MultiJson.dump cred_json
210
+ end
211
+
212
+ it_behaves_like "it can successfully load credentials"
213
+ it_behaves_like "it cannot load misconfigured credentials"
214
+ end
215
+
216
+ describe "when credential type is authorized_user" do
217
+ let :cred_json do
218
+ {
219
+ client_secret: "privatekey",
220
+ refresh_token: "refreshtoken",
221
+ client_id: "app.apps.googleusercontent.com",
222
+ type: "authorized_user"
223
+ }
224
+ end
225
+
226
+ def cred_json_text
227
+ MultiJson.dump cred_json
228
+ end
229
+
230
+ it_behaves_like "it can successfully load credentials"
231
+ it_behaves_like "it cannot load misconfigured credentials"
232
+ end
233
+
234
+ describe "when credential type is unknown" do
235
+ let :cred_json do
236
+ {
237
+ client_secret: "privatekey",
238
+ refresh_token: "refreshtoken",
239
+ client_id: "app.apps.googleusercontent.com",
240
+ private_key: @key.to_pem,
241
+ client_email: "app@developer.gserviceaccount.com",
242
+ type: "not_known_type"
243
+ }
244
+ end
245
+
246
+ def cred_json_text
247
+ MultiJson.dump cred_json
248
+ end
249
+
250
+ it "fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds" do
251
+ Dir.mktmpdir do |dir|
252
+ key_path = File.join dir, "my_cert_file"
253
+ FileUtils.mkdir_p File.dirname(key_path)
254
+ File.write key_path, cred_json_text
255
+ ENV[@var_name] = key_path
256
+ expect do
257
+ Google::Auth.get_application_default @scope, options
258
+ end.to raise_error RuntimeError
121
259
  end
122
- end # GCE detected
123
- Dir.mktmpdir do |dir|
124
- ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
125
- ENV['HOME'] = dir # no config present in this tmp dir
126
- c = Faraday.new do |b|
127
- b.adapter(:test, stubs)
260
+ end
261
+
262
+ it "fails if the well known file contains the creds" do
263
+ ENV.delete @var_name unless ENV[@var_name].nil?
264
+ Dir.mktmpdir do |dir|
265
+ key_path = File.join dir, ".config", WELL_KNOWN_PATH
266
+ key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
267
+ FileUtils.mkdir_p File.dirname(key_path)
268
+ File.write key_path, cred_json_text
269
+ ENV["HOME"] = dir
270
+ ENV["APPDATA"] = dir
271
+ expect do
272
+ Google::Auth.get_application_default @scope, options
273
+ end.to raise_error RuntimeError
128
274
  end
129
- expect(Google::Auth.get_application_default(@scope,
130
- connection: c)).to_not be_nil
131
275
  end
132
- stubs.verify_stubbed_calls
276
+
277
+ it "fails if env vars are set" do
278
+ ENV[ENV_VAR] = nil
279
+ ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
280
+ ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
281
+ expect do
282
+ Google::Auth.get_application_default @scope, options
283
+ end.to raise_error RuntimeError
284
+ end
133
285
  end
134
286
  end
@@ -0,0 +1,80 @@
1
+ # Copyright 2015, Google Inc.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are
6
+ # met:
7
+ #
8
+ # * Redistributions of source code must retain the above copyright
9
+ # notice, this list of conditions and the following disclaimer.
10
+ # * Redistributions in binary form must reproduce the above
11
+ # copyright notice, this list of conditions and the following disclaimer
12
+ # in the documentation and/or other materials provided with the
13
+ # distribution.
14
+ # * Neither the name of Google Inc. nor the names of its
15
+ # contributors may be used to endorse or promote products derived from
16
+ # this software without specific prior written permission.
17
+ #
18
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
+ # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
+ # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
+ # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
+ # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
+ # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
+ # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
+ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
+
30
+ spec_dir = File.expand_path File.join(File.dirname(__FILE__))
31
+ $LOAD_PATH.unshift spec_dir
32
+ $LOAD_PATH.uniq!
33
+
34
+ require "googleauth/iam"
35
+
36
+ describe Google::Auth::IAMCredentials do
37
+ IAMCredentials = Google::Auth::IAMCredentials
38
+ let(:test_selector) { "the-test-selector" }
39
+ let(:test_token) { "the-test-token" }
40
+ let(:test_creds) { IAMCredentials.new test_selector, test_token }
41
+
42
+ describe "#apply!" do
43
+ it "should update the target hash with the iam values" do
44
+ md = { foo: "bar" }
45
+ test_creds.apply! md
46
+ expect(md[IAMCredentials::SELECTOR_KEY]).to eq test_selector
47
+ expect(md[IAMCredentials::TOKEN_KEY]).to eq test_token
48
+ expect(md[:foo]).to eq "bar"
49
+ end
50
+ end
51
+
52
+ describe "updater_proc" do
53
+ it "should provide a proc that updates a hash with the iam values" do
54
+ md = { foo: "bar" }
55
+ the_proc = test_creds.updater_proc
56
+ got = the_proc.call md
57
+ expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
58
+ expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
59
+ expect(got[:foo]).to eq "bar"
60
+ end
61
+ end
62
+
63
+ describe "#apply" do
64
+ it "should not update the original hash with the iam values" do
65
+ md = { foo: "bar" }
66
+ test_creds.apply md
67
+ expect(md[IAMCredentials::SELECTOR_KEY]).to be_nil
68
+ expect(md[IAMCredentials::TOKEN_KEY]).to be_nil
69
+ expect(md[:foo]).to eq "bar"
70
+ end
71
+
72
+ it "should return a with the iam values" do
73
+ md = { foo: "bar" }
74
+ got = test_creds.apply md
75
+ expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
76
+ expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
77
+ expect(got[:foo]).to eq "bar"
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,77 @@
1
+ # Copyright 2015, Google Inc.
2
+ # All rights reserved.
3
+ #
4
+ # Redistribution and use in source and binary forms, with or without
5
+ # modification, are permitted provided that the following conditions are
6
+ # met:
7
+ #
8
+ # * Redistributions of source code must retain the above copyright
9
+ # notice, this list of conditions and the following disclaimer.
10
+ # * Redistributions in binary form must reproduce the above
11
+ # copyright notice, this list of conditions and the following disclaimer
12
+ # in the documentation and/or other materials provided with the
13
+ # distribution.
14
+ # * Neither the name of Google Inc. nor the names of its
15
+ # contributors may be used to endorse or promote products derived from
16
+ # this software without specific prior written permission.
17
+ #
18
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
+ # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
+ # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
+ # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
+ # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
+ # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
+ # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
+ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
+
30
+ spec_dir = File.expand_path File.join(File.dirname(__FILE__))
31
+ $LOAD_PATH.unshift spec_dir
32
+ $LOAD_PATH.uniq!
33
+
34
+ require "googleauth/scope_util"
35
+
36
+ describe Google::Auth::ScopeUtil do
37
+ shared_examples "normalizes scopes" do
38
+ let(:normalized) { Google::Auth::ScopeUtil.normalize source }
39
+
40
+ it "normalizes the email scope" do
41
+ expect(normalized).to include(
42
+ "https://www.googleapis.com/auth/userinfo.email"
43
+ )
44
+ expect(normalized).to_not include "email"
45
+ end
46
+
47
+ it "normalizes the profile scope" do
48
+ expect(normalized).to include(
49
+ "https://www.googleapis.com/auth/userinfo.profile"
50
+ )
51
+ expect(normalized).to_not include "profile"
52
+ end
53
+
54
+ it "normalizes the openid scope" do
55
+ expect(normalized).to include "https://www.googleapis.com/auth/plus.me"
56
+ expect(normalized).to_not include "openid"
57
+ end
58
+
59
+ it "leaves other other scopes as-is" do
60
+ expect(normalized).to include "https://www.googleapis.com/auth/drive"
61
+ end
62
+ end
63
+
64
+ context "with scope as string" do
65
+ let :source do
66
+ "email profile openid https://www.googleapis.com/auth/drive"
67
+ end
68
+ it_behaves_like "normalizes scopes"
69
+ end
70
+
71
+ context "with scope as Array" do
72
+ let :source do
73
+ %w[email profile openid https://www.googleapis.com/auth/drive]
74
+ end
75
+ it_behaves_like "normalizes scopes"
76
+ end
77
+ end