googleauth 0.14.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +11 -0
- data/CHANGELOG.md +72 -10
- data/README.md +48 -13
- data/SECURITY.md +7 -0
- data/lib/googleauth/application_default.rb +10 -25
- data/lib/googleauth/client_id.rb +10 -25
- data/lib/googleauth/compute_engine.rb +16 -30
- data/lib/googleauth/credentials.rb +178 -74
- data/lib/googleauth/credentials_loader.rb +23 -44
- data/lib/googleauth/default_credentials.rb +10 -25
- data/lib/googleauth/iam.rb +11 -26
- data/lib/googleauth/id_tokens/errors.rb +9 -23
- data/lib/googleauth/id_tokens/key_sources.rb +26 -38
- data/lib/googleauth/id_tokens/verifier.rb +16 -32
- data/lib/googleauth/id_tokens.rb +9 -23
- data/lib/googleauth/json_key_reader.rb +10 -25
- data/lib/googleauth/scope_util.rb +11 -26
- data/lib/googleauth/service_account.rb +60 -59
- data/lib/googleauth/signet.rb +22 -28
- data/lib/googleauth/stores/file_token_store.rb +11 -25
- data/lib/googleauth/stores/redis_token_store.rb +11 -25
- data/lib/googleauth/token_store.rb +10 -25
- data/lib/googleauth/user_authorizer.rb +10 -25
- data/lib/googleauth/user_refresh.rb +15 -27
- data/lib/googleauth/version.rb +11 -26
- data/lib/googleauth/web_user_authorizer.rb +14 -32
- data/lib/googleauth.rb +10 -25
- metadata +26 -97
- data/.github/CODEOWNERS +0 -7
- data/.github/CONTRIBUTING.md +0 -74
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
- data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
- data/.gitignore +0 -36
- data/.kokoro/build.bat +0 -16
- data/.kokoro/build.sh +0 -4
- data/.kokoro/continuous/common.cfg +0 -24
- data/.kokoro/continuous/linux.cfg +0 -25
- data/.kokoro/continuous/osx.cfg +0 -8
- data/.kokoro/continuous/post.cfg +0 -30
- data/.kokoro/continuous/windows.cfg +0 -29
- data/.kokoro/osx.sh +0 -4
- data/.kokoro/presubmit/common.cfg +0 -24
- data/.kokoro/presubmit/linux.cfg +0 -24
- data/.kokoro/presubmit/osx.cfg +0 -8
- data/.kokoro/presubmit/windows.cfg +0 -29
- data/.kokoro/release.cfg +0 -94
- data/.kokoro/trampoline.bat +0 -10
- data/.kokoro/trampoline.sh +0 -4
- data/.repo-metadata.json +0 -5
- data/.rspec +0 -2
- data/.rubocop.yml +0 -19
- data/Gemfile +0 -30
- data/Rakefile +0 -132
- data/googleauth.gemspec +0 -38
- data/integration/helper.rb +0 -31
- data/integration/id_tokens/key_source_test.rb +0 -74
- data/rakelib/devsite_builder.rb +0 -45
- data/rakelib/link_checker.rb +0 -64
- data/rakelib/repo_metadata.rb +0 -59
- data/spec/googleauth/apply_auth_examples.rb +0 -171
- data/spec/googleauth/client_id_spec.rb +0 -160
- data/spec/googleauth/compute_engine_spec.rb +0 -160
- data/spec/googleauth/credentials_spec.rb +0 -478
- data/spec/googleauth/get_application_default_spec.rb +0 -286
- data/spec/googleauth/iam_spec.rb +0 -80
- data/spec/googleauth/scope_util_spec.rb +0 -77
- data/spec/googleauth/service_account_spec.rb +0 -489
- data/spec/googleauth/signet_spec.rb +0 -142
- data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
- data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
- data/spec/googleauth/stores/store_examples.rb +0 -58
- data/spec/googleauth/user_authorizer_spec.rb +0 -343
- data/spec/googleauth/user_refresh_spec.rb +0 -359
- data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
- data/spec/spec_helper.rb +0 -92
- data/test/helper.rb +0 -33
- data/test/id_tokens/key_sources_test.rb +0 -240
- data/test/id_tokens/verifier_test.rb +0 -269
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2017
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2017 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "forwardable"
|
31
16
|
require "json"
|
@@ -36,9 +21,46 @@ require "googleauth/credentials_loader"
|
|
36
21
|
module Google
|
37
22
|
module Auth
|
38
23
|
##
|
39
|
-
# Credentials is
|
40
|
-
#
|
41
|
-
|
24
|
+
# Credentials is a high-level base class used by Google's API client
|
25
|
+
# libraries to represent the authentication when connecting to an API.
|
26
|
+
# In most cases, it is subclassed by API-specific credential classes that
|
27
|
+
# can be instantiated by clients.
|
28
|
+
#
|
29
|
+
# ## Options
|
30
|
+
#
|
31
|
+
# Credentials classes are configured with options that dictate default
|
32
|
+
# values for parameters such as scope and audience. These defaults are
|
33
|
+
# expressed as class attributes, and may differ from endpoint to endpoint.
|
34
|
+
# Normally, an API client will provide subclasses specific to each
|
35
|
+
# endpoint, configured with appropriate values.
|
36
|
+
#
|
37
|
+
# Note that these options inherit up the class hierarchy. If a particular
|
38
|
+
# options is not set for a subclass, its superclass is queried.
|
39
|
+
#
|
40
|
+
# Some older users of this class set options via constants. This usage is
|
41
|
+
# deprecated. For example, instead of setting the `AUDIENCE` constant on
|
42
|
+
# your subclass, call the `audience=` method.
|
43
|
+
#
|
44
|
+
# ## Example
|
45
|
+
#
|
46
|
+
# class MyCredentials < Google::Auth::Credentials
|
47
|
+
# # Set the default scope for these credentials
|
48
|
+
# self.scope = "http://example.com/my_scope"
|
49
|
+
# end
|
50
|
+
#
|
51
|
+
# # creds is a credentials object suitable for Google API clients
|
52
|
+
# creds = MyCredentials.default
|
53
|
+
# creds.scope # => ["http://example.com/my_scope"]
|
54
|
+
#
|
55
|
+
# class SubCredentials < MyCredentials
|
56
|
+
# # Override the default scope for this subclass
|
57
|
+
# self.scope = "http://example.com/sub_scope"
|
58
|
+
# end
|
59
|
+
#
|
60
|
+
# creds2 = SubCredentials.default
|
61
|
+
# creds2.scope # => ["http://example.com/sub_scope"]
|
62
|
+
#
|
63
|
+
class Credentials # rubocop:disable Metrics/ClassLength
|
42
64
|
##
|
43
65
|
# The default token credential URI to be used when none is provided during initialization.
|
44
66
|
TOKEN_CREDENTIAL_URI = "https://oauth2.googleapis.com/token".freeze
|
@@ -47,7 +69,7 @@ module Google
|
|
47
69
|
# The default target audience ID to be used when none is provided during initialization.
|
48
70
|
AUDIENCE = "https://oauth2.googleapis.com/token".freeze
|
49
71
|
|
50
|
-
@audience = @scope = @target_audience = @env_vars = @paths = nil
|
72
|
+
@audience = @scope = @target_audience = @env_vars = @paths = @token_credential_uri = nil
|
51
73
|
|
52
74
|
##
|
53
75
|
# The default token credential URI to be used when none is provided during initialization.
|
@@ -57,16 +79,15 @@ module Google
|
|
57
79
|
# @return [String]
|
58
80
|
#
|
59
81
|
def self.token_credential_uri
|
60
|
-
|
61
|
-
|
62
|
-
|
82
|
+
lookup_auth_param :token_credential_uri do
|
83
|
+
lookup_local_constant :TOKEN_CREDENTIAL_URI
|
84
|
+
end
|
63
85
|
end
|
64
86
|
|
65
87
|
##
|
66
88
|
# Set the default token credential URI to be used when none is provided during initialization.
|
67
89
|
#
|
68
90
|
# @param [String] new_token_credential_uri
|
69
|
-
# @return [String]
|
70
91
|
#
|
71
92
|
def self.token_credential_uri= new_token_credential_uri
|
72
93
|
@token_credential_uri = new_token_credential_uri
|
@@ -79,16 +100,15 @@ module Google
|
|
79
100
|
# @return [String]
|
80
101
|
#
|
81
102
|
def self.audience
|
82
|
-
|
83
|
-
|
84
|
-
|
103
|
+
lookup_auth_param :audience do
|
104
|
+
lookup_local_constant :AUDIENCE
|
105
|
+
end
|
85
106
|
end
|
86
107
|
|
87
108
|
##
|
88
109
|
# Sets the default target audience ID to be used when none is provided during initialization.
|
89
110
|
#
|
90
111
|
# @param [String] new_audience
|
91
|
-
# @return [String]
|
92
112
|
#
|
93
113
|
def self.audience= new_audience
|
94
114
|
@audience = new_audience
|
@@ -103,12 +123,13 @@ module Google
|
|
103
123
|
# If {#scope} is set, this credential will produce access tokens.
|
104
124
|
# If {#target_audience} is set, this credential will produce ID tokens.
|
105
125
|
#
|
106
|
-
# @return [String, Array<String
|
126
|
+
# @return [String, Array<String>, nil]
|
107
127
|
#
|
108
128
|
def self.scope
|
109
|
-
|
110
|
-
|
111
|
-
|
129
|
+
lookup_auth_param :scope do
|
130
|
+
vals = lookup_local_constant :SCOPE
|
131
|
+
vals ? Array(vals).flatten.uniq : nil
|
132
|
+
end
|
112
133
|
end
|
113
134
|
|
114
135
|
##
|
@@ -118,8 +139,7 @@ module Google
|
|
118
139
|
# If {#scope} is set, this credential will produce access tokens.
|
119
140
|
# If {#target_audience} is set, this credential will produce ID tokens.
|
120
141
|
#
|
121
|
-
# @param [String, Array<String
|
122
|
-
# @return [String, Array<String>]
|
142
|
+
# @param [String, Array<String>, nil] new_scope
|
123
143
|
#
|
124
144
|
def self.scope= new_scope
|
125
145
|
new_scope = Array new_scope unless new_scope.nil?
|
@@ -134,10 +154,10 @@ module Google
|
|
134
154
|
# If {#scope} is set, this credential will produce access tokens.
|
135
155
|
# If {#target_audience} is set, this credential will produce ID tokens.
|
136
156
|
#
|
137
|
-
# @return [String]
|
157
|
+
# @return [String, nil]
|
138
158
|
#
|
139
159
|
def self.target_audience
|
140
|
-
|
160
|
+
lookup_auth_param :target_audience
|
141
161
|
end
|
142
162
|
|
143
163
|
##
|
@@ -148,7 +168,7 @@ module Google
|
|
148
168
|
# If {#scope} is set, this credential will produce access tokens.
|
149
169
|
# If {#target_audience} is set, this credential will produce ID tokens.
|
150
170
|
#
|
151
|
-
# @param [String] new_target_audience
|
171
|
+
# @param [String, nil] new_target_audience
|
152
172
|
#
|
153
173
|
def self.target_audience= new_target_audience
|
154
174
|
@target_audience = new_target_audience
|
@@ -157,24 +177,33 @@ module Google
|
|
157
177
|
##
|
158
178
|
# The environment variables to search for credentials. Values can either be a file path to the
|
159
179
|
# credentials file, or the JSON contents of the credentials file.
|
180
|
+
# The env_vars will never be nil. If there are no vars, the empty array is returned.
|
160
181
|
#
|
161
182
|
# @return [Array<String>]
|
162
183
|
#
|
163
184
|
def self.env_vars
|
164
|
-
|
185
|
+
env_vars_internal || []
|
186
|
+
end
|
165
187
|
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
188
|
+
##
|
189
|
+
# @private
|
190
|
+
# Internal recursive lookup for env_vars.
|
191
|
+
#
|
192
|
+
def self.env_vars_internal
|
193
|
+
lookup_auth_param :env_vars, :env_vars_internal do
|
194
|
+
# Pull values when PATH_ENV_VARS or JSON_ENV_VARS constants exists.
|
195
|
+
path_env_vars = lookup_local_constant :PATH_ENV_VARS
|
196
|
+
json_env_vars = lookup_local_constant :JSON_ENV_VARS
|
197
|
+
(Array(path_env_vars) + Array(json_env_vars)).flatten.uniq if path_env_vars || json_env_vars
|
198
|
+
end
|
171
199
|
end
|
172
200
|
|
173
201
|
##
|
174
202
|
# Sets the environment variables to search for credentials.
|
203
|
+
# Setting to `nil` "unsets" the value, and defaults to the superclass
|
204
|
+
# (or to the empty array if there is no superclass).
|
175
205
|
#
|
176
|
-
# @param [Array<String
|
177
|
-
# @return [Array<String>]
|
206
|
+
# @param [String, Array<String>, nil] new_env_vars
|
178
207
|
#
|
179
208
|
def self.env_vars= new_env_vars
|
180
209
|
new_env_vars = Array new_env_vars unless new_env_vars.nil?
|
@@ -183,29 +212,72 @@ module Google
|
|
183
212
|
|
184
213
|
##
|
185
214
|
# The file paths to search for credentials files.
|
215
|
+
# The paths will never be nil. If there are no paths, the empty array is returned.
|
186
216
|
#
|
187
217
|
# @return [Array<String>]
|
188
218
|
#
|
189
219
|
def self.paths
|
190
|
-
|
220
|
+
paths_internal || []
|
221
|
+
end
|
191
222
|
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
223
|
+
##
|
224
|
+
# @private
|
225
|
+
# Internal recursive lookup for paths.
|
226
|
+
#
|
227
|
+
def self.paths_internal
|
228
|
+
lookup_auth_param :paths, :paths_internal do
|
229
|
+
# Pull in values if the DEFAULT_PATHS constant exists.
|
230
|
+
vals = lookup_local_constant :DEFAULT_PATHS
|
231
|
+
vals ? Array(vals).flatten.uniq : nil
|
232
|
+
end
|
196
233
|
end
|
197
234
|
|
198
235
|
##
|
199
236
|
# Set the file paths to search for credentials files.
|
237
|
+
# Setting to `nil` "unsets" the value, and defaults to the superclass
|
238
|
+
# (or to the empty array if there is no superclass).
|
200
239
|
#
|
201
|
-
# @param [Array<String
|
202
|
-
# @return [Array<String>]
|
240
|
+
# @param [String, Array<String>, nil] new_paths
|
203
241
|
#
|
204
242
|
def self.paths= new_paths
|
205
243
|
new_paths = Array new_paths unless new_paths.nil?
|
206
244
|
@paths = new_paths
|
207
245
|
end
|
208
246
|
|
247
|
+
##
|
248
|
+
# @private
|
249
|
+
# Return the given parameter value, defaulting up the class hierarchy.
|
250
|
+
#
|
251
|
+
# First returns the value of the instance variable, if set.
|
252
|
+
# Next, calls the given block if provided. (This is generally used to
|
253
|
+
# look up legacy constant-based values.)
|
254
|
+
# Otherwise, calls the superclass method if present.
|
255
|
+
# Returns nil if all steps fail.
|
256
|
+
#
|
257
|
+
# @param name [Symbol] The parameter name
|
258
|
+
# @param method_name [Symbol] The lookup method name, if different
|
259
|
+
# @return [Object] The value
|
260
|
+
#
|
261
|
+
def self.lookup_auth_param name, method_name = name
|
262
|
+
val = instance_variable_get "@#{name}".to_sym
|
263
|
+
val = yield if val.nil? && block_given?
|
264
|
+
return val unless val.nil?
|
265
|
+
return superclass.send method_name if superclass.respond_to? method_name
|
266
|
+
nil
|
267
|
+
end
|
268
|
+
|
269
|
+
##
|
270
|
+
# @private
|
271
|
+
# Return the value of the given constant if it is defined directly in
|
272
|
+
# this class, or nil if not.
|
273
|
+
#
|
274
|
+
# @param [Symbol] Name of the constant
|
275
|
+
# @return [Object] The value
|
276
|
+
#
|
277
|
+
def self.lookup_local_constant name
|
278
|
+
const_defined?(name, false) ? const_get(name) : nil
|
279
|
+
end
|
280
|
+
|
209
281
|
##
|
210
282
|
# The Signet::OAuth2::Client object the Credentials instance is using.
|
211
283
|
#
|
@@ -282,16 +354,17 @@ module Google
|
|
282
354
|
verify_keyfile_provided! keyfile
|
283
355
|
@project_id = options["project_id"] || options["project"]
|
284
356
|
@quota_project_id = options["quota_project_id"]
|
285
|
-
|
357
|
+
case keyfile
|
358
|
+
when Signet::OAuth2::Client
|
286
359
|
update_from_signet keyfile
|
287
|
-
|
360
|
+
when Hash
|
288
361
|
update_from_hash keyfile, options
|
289
362
|
else
|
290
363
|
update_from_filepath keyfile, options
|
291
364
|
end
|
292
365
|
CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
|
293
366
|
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
294
|
-
@client.fetch_access_token!
|
367
|
+
@client.fetch_access_token! if @client.needs_access_token?
|
295
368
|
@env_vars = nil
|
296
369
|
@paths = nil
|
297
370
|
@scope = nil
|
@@ -336,8 +409,15 @@ module Google
|
|
336
409
|
env_vars.each do |env_var|
|
337
410
|
str = ENV[env_var]
|
338
411
|
next if str.nil?
|
339
|
-
|
340
|
-
|
412
|
+
io =
|
413
|
+
if ::File.file? str
|
414
|
+
::StringIO.new ::File.read str
|
415
|
+
else
|
416
|
+
json = ::JSON.parse str rescue nil
|
417
|
+
json ? ::StringIO.new(str) : nil
|
418
|
+
end
|
419
|
+
next if io.nil?
|
420
|
+
return from_io io, options
|
341
421
|
end
|
342
422
|
nil
|
343
423
|
end
|
@@ -345,11 +425,11 @@ module Google
|
|
345
425
|
##
|
346
426
|
# @private Lookup Credentials from default file paths.
|
347
427
|
def self.from_default_paths options
|
348
|
-
paths
|
349
|
-
|
350
|
-
.
|
351
|
-
|
352
|
-
|
428
|
+
paths.each do |path|
|
429
|
+
next unless path && ::File.file?(path)
|
430
|
+
io = ::StringIO.new ::File.read path
|
431
|
+
return from_io io, options
|
432
|
+
end
|
353
433
|
nil
|
354
434
|
end
|
355
435
|
|
@@ -357,14 +437,34 @@ module Google
|
|
357
437
|
# @private Lookup Credentials using Google::Auth.get_application_default.
|
358
438
|
def self.from_application_default options
|
359
439
|
scope = options[:scope] || self.scope
|
360
|
-
auth_opts = {
|
440
|
+
auth_opts = {
|
441
|
+
token_credential_uri: options[:token_credential_uri] || token_credential_uri,
|
442
|
+
audience: options[:audience] || audience,
|
443
|
+
target_audience: options[:target_audience] || target_audience,
|
444
|
+
enable_self_signed_jwt: options[:enable_self_signed_jwt] && options[:scope].nil?
|
445
|
+
}
|
361
446
|
client = Google::Auth.get_application_default scope, auth_opts
|
362
447
|
new client, options
|
363
448
|
end
|
364
449
|
|
450
|
+
# @private Read credentials from a JSON stream.
|
451
|
+
def self.from_io io, options
|
452
|
+
creds_input = {
|
453
|
+
json_key_io: io,
|
454
|
+
scope: options[:scope] || scope,
|
455
|
+
target_audience: options[:target_audience] || target_audience,
|
456
|
+
enable_self_signed_jwt: options[:enable_self_signed_jwt] && options[:scope].nil?,
|
457
|
+
token_credential_uri: options[:token_credential_uri] || token_credential_uri,
|
458
|
+
audience: options[:audience] || audience
|
459
|
+
}
|
460
|
+
client = Google::Auth::DefaultCredentials.make_creds creds_input
|
461
|
+
new client
|
462
|
+
end
|
463
|
+
|
365
464
|
private_class_method :from_env_vars,
|
366
465
|
:from_default_paths,
|
367
|
-
:from_application_default
|
466
|
+
:from_application_default,
|
467
|
+
:from_io
|
368
468
|
|
369
469
|
protected
|
370
470
|
|
@@ -389,9 +489,11 @@ module Google
|
|
389
489
|
|
390
490
|
# returns a new Hash with string keys instead of symbol keys.
|
391
491
|
def stringify_hash_keys hash
|
392
|
-
|
492
|
+
hash.to_h.transform_keys(&:to_s)
|
393
493
|
end
|
394
494
|
|
495
|
+
# rubocop:disable Metrics/AbcSize
|
496
|
+
|
395
497
|
def client_options options
|
396
498
|
# Keyfile options have higher priority over constructor defaults
|
397
499
|
options["token_credential_uri"] ||= self.class.token_credential_uri
|
@@ -413,6 +515,8 @@ module Google
|
|
413
515
|
signing_key: OpenSSL::PKey::RSA.new(options["private_key"]) }
|
414
516
|
end
|
415
517
|
|
518
|
+
# rubocop:enable Metrics/AbcSize
|
519
|
+
|
416
520
|
def update_from_signet client
|
417
521
|
@project_id ||= client.project_id if client.respond_to? :project_id
|
418
522
|
@quota_project_id ||= client.quota_project_id if client.respond_to? :quota_project_id
|
@@ -1,33 +1,17 @@
|
|
1
|
-
# Copyright 2015
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2015 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
-
|
30
|
-
require "memoist"
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
31
15
|
require "os"
|
32
16
|
require "rbconfig"
|
33
17
|
|
@@ -38,7 +22,6 @@ module Google
|
|
38
22
|
# CredentialsLoader contains the behaviour used to locate and find default
|
39
23
|
# credentials files on the file system.
|
40
24
|
module CredentialsLoader
|
41
|
-
extend Memoist
|
42
25
|
ENV_VAR = "GOOGLE_APPLICATION_CREDENTIALS".freeze
|
43
26
|
PRIVATE_KEY_VAR = "GOOGLE_PRIVATE_KEY".freeze
|
44
27
|
CLIENT_EMAIL_VAR = "GOOGLE_CLIENT_EMAIL".freeze
|
@@ -49,27 +32,23 @@ module Google
|
|
49
32
|
PROJECT_ID_VAR = "GOOGLE_PROJECT_ID".freeze
|
50
33
|
GCLOUD_POSIX_COMMAND = "gcloud".freeze
|
51
34
|
GCLOUD_WINDOWS_COMMAND = "gcloud.cmd".freeze
|
52
|
-
GCLOUD_CONFIG_COMMAND =
|
53
|
-
"config config-helper --format json --verbosity none".freeze
|
35
|
+
GCLOUD_CONFIG_COMMAND = "config config-helper --format json --verbosity none".freeze
|
54
36
|
|
55
37
|
CREDENTIALS_FILE_NAME = "application_default_credentials.json".freeze
|
56
|
-
NOT_FOUND_ERROR =
|
57
|
-
"Unable to read the credential file specified by #{ENV_VAR}".freeze
|
38
|
+
NOT_FOUND_ERROR = "Unable to read the credential file specified by #{ENV_VAR}".freeze
|
58
39
|
WELL_KNOWN_PATH = "gcloud/#{CREDENTIALS_FILE_NAME}".freeze
|
59
40
|
WELL_KNOWN_ERROR = "Unable to read the default credential file".freeze
|
60
41
|
|
61
|
-
SYSTEM_DEFAULT_ERROR =
|
62
|
-
"Unable to read the system default credential file".freeze
|
42
|
+
SYSTEM_DEFAULT_ERROR = "Unable to read the system default credential file".freeze
|
63
43
|
|
64
|
-
CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app"\
|
65
|
-
|
44
|
+
CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app" \
|
45
|
+
"s.googleusercontent.com".freeze
|
66
46
|
|
67
|
-
CLOUD_SDK_CREDENTIALS_WARNING =
|
68
|
-
"credentials from Google Cloud SDK. We recommend that most
|
69
|
-
"service accounts instead. If your application continues to use end user credentials "\
|
70
|
-
'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For '\
|
71
|
-
"
|
72
|
-
"https://cloud.google.com/docs/authentication/. To suppress this message, set the "\
|
47
|
+
CLOUD_SDK_CREDENTIALS_WARNING =
|
48
|
+
"Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most " \
|
49
|
+
"server applications use service accounts instead. If your application continues to use end user credentials " \
|
50
|
+
'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about ' \
|
51
|
+
"service accounts, see https://cloud.google.com/docs/authentication/. To suppress this message, set the " \
|
73
52
|
"GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
|
74
53
|
|
75
54
|
# make_creds proxies the construction of a credentials instance
|
@@ -103,7 +82,7 @@ module Google
|
|
103
82
|
return make_creds options.merge(json_key_io: f)
|
104
83
|
end
|
105
84
|
elsif service_account_env_vars? || authorized_user_env_vars?
|
106
|
-
|
85
|
+
make_creds options
|
107
86
|
end
|
108
87
|
rescue StandardError => e
|
109
88
|
raise "#{NOT_FOUND_ERROR}: #{e}"
|
@@ -175,7 +154,7 @@ module Google
|
|
175
154
|
def load_gcloud_project_id
|
176
155
|
gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
|
177
156
|
gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
|
178
|
-
gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", &:read)
|
157
|
+
gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", in: :close, err: :close, &:read)
|
179
158
|
config = MultiJson.load gcloud_json
|
180
159
|
config["configuration"]["properties"]["core"]["project"]
|
181
160
|
rescue StandardError
|
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2015
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2015 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "multi_json"
|
31
16
|
require "stringio"
|
data/lib/googleauth/iam.rb
CHANGED
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2015
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2015 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "googleauth/signet"
|
31
16
|
require "googleauth/credentials_loader"
|
@@ -68,7 +53,7 @@ module Google
|
|
68
53
|
# Returns a reference to the #apply method, suitable for passing as
|
69
54
|
# a closure
|
70
55
|
def updater_proc
|
71
|
-
|
56
|
+
proc { |a_hash, _opts = {}| apply a_hash }
|
72
57
|
end
|
73
58
|
end
|
74
59
|
end
|