googleauth 0.13.1 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +7 -0
- data/CHANGELOG.md +5 -0
- data/{COPYING → LICENSE} +0 -0
- data/lib/googleauth/compute_engine.rb +24 -3
- data/lib/googleauth/version.rb +1 -1
- data/spec/googleauth/compute_engine_spec.rb +18 -4
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8846e57d325ff993c15ca691e299b9c2c4b7472b1b0a9e905b36cdb99216e061
|
|
4
|
+
data.tar.gz: 2fcee29e36a6fd57420b9cd0106cf3ab73bf447e94e2f6bdce61a973d256cd5e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dd54bce055240fc1db34ccfe2850ab49f23b17f55f5336dfeccf380c2f93b8b9e29100a1c53f360564e8387805a9c4bf74d09eb2ca58b5bda666cdab3b061f45
|
|
7
|
+
data.tar.gz: 27dae4439e8163194604e912918709d2cd623c61856f70f7c350b08dfac010fdff50ad703934b88631c2759dcf7e5aab5b315a884cb160790c153115ee88bdfe
|
data/.github/CODEOWNERS
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Code owners file.
|
|
2
|
+
# This file controls who is tagged for review for any given pull request.
|
|
3
|
+
#
|
|
4
|
+
# For syntax help see:
|
|
5
|
+
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
|
|
6
|
+
|
|
7
|
+
* @googleapis/yoshi-ruby
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
+
### 0.14.0 / 2020-10-09
|
|
4
|
+
|
|
5
|
+
* Honor GCE_METADATA_HOST environment variable
|
|
6
|
+
* Fix errors in some environments when requesting an access token for multiple scopes
|
|
7
|
+
|
|
3
8
|
### 0.13.1 / 2020-07-30
|
|
4
9
|
|
|
5
10
|
* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
|
data/{COPYING → LICENSE}
RENAMED
|
File without changes
|
|
@@ -51,22 +51,43 @@ module Google
|
|
|
51
51
|
class GCECredentials < Signet::OAuth2::Client
|
|
52
52
|
# The IP Address is used in the URIs to speed up failures on non-GCE
|
|
53
53
|
# systems.
|
|
54
|
+
DEFAULT_METADATA_HOST = "169.254.169.254".freeze
|
|
55
|
+
|
|
56
|
+
# @private Unused and deprecated
|
|
54
57
|
COMPUTE_AUTH_TOKEN_URI =
|
|
55
58
|
"http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token".freeze
|
|
59
|
+
# @private Unused and deprecated
|
|
56
60
|
COMPUTE_ID_TOKEN_URI =
|
|
57
61
|
"http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity".freeze
|
|
62
|
+
# @private Unused and deprecated
|
|
58
63
|
COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
|
|
59
64
|
|
|
60
65
|
class << self
|
|
61
66
|
extend Memoist
|
|
62
67
|
|
|
68
|
+
def metadata_host
|
|
69
|
+
ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def compute_check_uri
|
|
73
|
+
"http://#{metadata_host}".freeze
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def compute_auth_token_uri
|
|
77
|
+
"#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/token".freeze
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def compute_id_token_uri
|
|
81
|
+
"#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/identity".freeze
|
|
82
|
+
end
|
|
83
|
+
|
|
63
84
|
# Detect if this appear to be a GCE instance, by checking if metadata
|
|
64
85
|
# is available.
|
|
65
86
|
def on_gce? options = {}
|
|
66
87
|
# TODO: This should use google-cloud-env instead.
|
|
67
88
|
c = options[:connection] || Faraday.default_connection
|
|
68
89
|
headers = { "Metadata-Flavor" => "Google" }
|
|
69
|
-
resp = c.get
|
|
90
|
+
resp = c.get compute_check_uri, nil, headers do |req|
|
|
70
91
|
req.options.timeout = 1.0
|
|
71
92
|
req.options.open_timeout = 0.1
|
|
72
93
|
end
|
|
@@ -84,9 +105,9 @@ module Google
|
|
|
84
105
|
def fetch_access_token options = {}
|
|
85
106
|
c = options[:connection] || Faraday.default_connection
|
|
86
107
|
retry_with_error do
|
|
87
|
-
uri = target_audience ?
|
|
108
|
+
uri = target_audience ? GCECredentials.compute_id_token_uri : GCECredentials.compute_auth_token_uri
|
|
88
109
|
query = target_audience ? { "audience" => target_audience, "format" => "full" } : {}
|
|
89
|
-
query[:scopes] = Array(scope).join "
|
|
110
|
+
query[:scopes] = Array(scope).join "," if scope
|
|
90
111
|
headers = { "Metadata-Flavor" => "Google" }
|
|
91
112
|
resp = c.get uri, query, headers
|
|
92
113
|
case resp.status
|
data/lib/googleauth/version.rb
CHANGED
|
@@ -53,7 +53,7 @@ describe Google::Auth::GCECredentials do
|
|
|
53
53
|
"expires_in" => 3600)
|
|
54
54
|
|
|
55
55
|
uri = MD_ACCESS_URI
|
|
56
|
-
uri += "?scopes=#{opts[:scope]}" if opts[:scope]
|
|
56
|
+
uri += "?scopes=#{Array(opts[:scope]).join ','}" if opts[:scope]
|
|
57
57
|
|
|
58
58
|
stub_request(:get, uri)
|
|
59
59
|
.with(headers: { "Metadata-Flavor" => "Google" })
|
|
@@ -74,9 +74,9 @@ describe Google::Auth::GCECredentials do
|
|
|
74
74
|
context "metadata is unavailable" do
|
|
75
75
|
describe "#fetch_access_token" do
|
|
76
76
|
it "should pass scopes when requesting an access token" do
|
|
77
|
-
|
|
78
|
-
stub = make_auth_stubs access_token: "1/abcdef1234567890", scope:
|
|
79
|
-
@client = GCECredentials.new(scope:
|
|
77
|
+
scopes = ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/bigtable.data"]
|
|
78
|
+
stub = make_auth_stubs access_token: "1/abcdef1234567890", scope: scopes
|
|
79
|
+
@client = GCECredentials.new(scope: scopes)
|
|
80
80
|
@client.fetch_access_token!
|
|
81
81
|
expect(stub).to have_been_requested
|
|
82
82
|
end
|
|
@@ -142,5 +142,19 @@ describe Google::Auth::GCECredentials do
|
|
|
142
142
|
expect(GCECredentials.on_gce?({}, true)).to eq(false)
|
|
143
143
|
expect(stub).to have_been_requested
|
|
144
144
|
end
|
|
145
|
+
|
|
146
|
+
it "should honor GCE_METADATA_HOST environment variable" do
|
|
147
|
+
ENV["GCE_METADATA_HOST"] = "mymetadata.example.com"
|
|
148
|
+
begin
|
|
149
|
+
stub = stub_request(:get, "http://mymetadata.example.com")
|
|
150
|
+
.with(headers: { "Metadata-Flavor" => "Google" })
|
|
151
|
+
.to_return(status: 200,
|
|
152
|
+
headers: { "Metadata-Flavor" => "Google" })
|
|
153
|
+
expect(GCECredentials.on_gce?({}, true)).to eq(true)
|
|
154
|
+
expect(stub).to have_been_requested
|
|
155
|
+
ensure
|
|
156
|
+
ENV.delete "GCE_METADATA_HOST"
|
|
157
|
+
end
|
|
158
|
+
end
|
|
145
159
|
end
|
|
146
160
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -135,6 +135,7 @@ executables: []
|
|
|
135
135
|
extensions: []
|
|
136
136
|
extra_rdoc_files: []
|
|
137
137
|
files:
|
|
138
|
+
- ".github/CODEOWNERS"
|
|
138
139
|
- ".github/CONTRIBUTING.md"
|
|
139
140
|
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
|
140
141
|
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
|
@@ -160,8 +161,8 @@ files:
|
|
|
160
161
|
- ".rubocop.yml"
|
|
161
162
|
- CHANGELOG.md
|
|
162
163
|
- CODE_OF_CONDUCT.md
|
|
163
|
-
- COPYING
|
|
164
164
|
- Gemfile
|
|
165
|
+
- LICENSE
|
|
165
166
|
- README.md
|
|
166
167
|
- Rakefile
|
|
167
168
|
- googleauth.gemspec
|
|
@@ -231,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
231
232
|
- !ruby/object:Gem::Version
|
|
232
233
|
version: '0'
|
|
233
234
|
requirements: []
|
|
234
|
-
rubygems_version: 3.1.
|
|
235
|
+
rubygems_version: 3.1.4
|
|
235
236
|
signing_key:
|
|
236
237
|
specification_version: 4
|
|
237
238
|
summary: Google Auth Library for Ruby
|