googleauth 0.14.0 → 1.3.0

data/Rakefile

@@ -1,132 +0,0 @@
-# -*- ruby -*-
-require "json"
-require "bundler/gem_tasks"
-
-require "rubocop/rake_task"
-RuboCop::RakeTask.new
-
-require "rake/testtask"
-
-desc "Run tests."
-Rake::TestTask.new do |t|
-  t.libs << "test"
-  t.test_files = FileList["test/**/*_test.rb"]
-  t.warning = false
-end
-
-desc "Run integration tests."
-Rake::TestTask.new("integration") do |t|
-  t.libs << "integration"
-  t.test_files = FileList["integration/**/*_test.rb"]
-  t.warning = false
-end
-
-task :ci do
-  header "Using Ruby - #{RUBY_VERSION}"
-  sh "bundle exec rubocop"
-  Rake::Task["test"].invoke
-  Rake::Task["integration"].invoke
-  sh "bundle exec rspec"
-end
-
-task :release_gem, :tag do |_t, args|
-  tag = args[:tag]
-  raise "You must provide a tag to release." if tag.nil?
-
-  # Verify the tag format "vVERSION"
-  m = tag.match /v(?<version>\S*)/
-  raise "Tag #{tag} does not match the expected format." if m.nil?
-
-  version = m[:version]
-  raise "You must provide a version." if version.nil?
-
-  api_token = ENV["RUBYGEMS_API_TOKEN"]
-
-  require "gems"
-  if api_token
-    ::Gems.configure do |config|
-      config.key = api_token
-    end
-  end
-
-  Bundler.with_clean_env do
-    sh "rm -rf pkg"
-    sh "bundle update"
-    sh "bundle exec rake build"
-  end
-
-  path_to_be_pushed = "pkg/googleauth-#{version}.gem"
-  gem_was_published = nil
-  if File.file? path_to_be_pushed
-    begin
-      response = ::Gems.push File.new(path_to_be_pushed)
-      puts response
-      raise unless response.include? "Successfully registered gem:"
-      gem_was_published = true
-      puts "Successfully built and pushed googleauth for version #{version}"
-    rescue StandardError => e
-      gem_was_published = false
-      puts "Error while releasing googleauth version #{version}: #{e.message}"
-    end
-  else
-    raise "Cannot build googleauth for version #{version}"
-  end
-
-  Rake::Task["kokoro:publish_docs"].invoke if gem_was_published
-end
-
-namespace :kokoro do
-  task :load_env_vars do
-    service_account = "#{ENV['KOKORO_GFILE_DIR']}/service-account.json"
-    ENV["GOOGLE_APPLICATION_CREDENTIALS"] = service_account
-    filename = "#{ENV['KOKORO_GFILE_DIR']}/env_vars.json"
-    env_vars = JSON.parse File.read(filename)
-    env_vars.each { |k, v| ENV[k] = v }
-  end
-
-  task :presubmit do
-    Rake::Task["ci"].invoke
-  end
-
-  task :continuous do
-    Rake::Task["ci"].invoke
-  end
-
-  task :post do
-    require_relative "rakelib/link_checker.rb"
-
-    link_checker = LinkChecker.new
-    link_checker.run
-    exit link_checker.exit_status
-  end
-
-  task :nightly do
-    Rake::Task["ci"].invoke
-  end
-
-  task :release do
-    version = "0.1.0"
-    Bundler.with_clean_env do
-      version = `bundle exec gem list`
-                .split("\n").select { |line| line.include? "googleauth" }
-                .first.split("(").last.split(")").first || "0.1.0"
-    end
-    Rake::Task["kokoro:load_env_vars"].invoke
-    Rake::Task["release_gem"].invoke "v#{version}"
-  end
-
-  task :publish_docs do
-    require_relative "rakelib/devsite_builder.rb"
-
-    DevsiteBuilder.new(__dir__).publish
-  end
-end
-
-def header str, token = "#"
-  line_length = str.length + 8
-  puts ""
-  puts token * line_length
-  puts "#{token * 3} #{str} #{token * 3}"
-  puts token * line_length
-  puts ""
-end

data/googleauth.gemspec

@@ -1,38 +0,0 @@
-# -*- ruby -*-
-# encoding: utf-8
-
-$LOAD_PATH.push File.expand_path("lib", __dir__)
-require "googleauth/version"
-
-Gem::Specification.new do |gem|
-  gem.name          = "googleauth"
-  gem.version       = Google::Auth::VERSION
-  gem.authors       = ["Tim Emiola"]
-  gem.email         = "temiola@google.com"
-  gem.homepage      = "https://github.com/googleapis/google-auth-library-ruby"
-  gem.summary       = "Google Auth Library for Ruby"
-  gem.license       = "Apache-2.0"
-  gem.description   = <<-DESCRIPTION
-   Allows simple authorization for accessing Google APIs.
-   Provide support for Application Default Credentials, as described at
-   https://developers.google.com/accounts/docs/application-default-credentials
-  DESCRIPTION
-
-  gem.files         = `git ls-files`.split "\n"
-  gem.test_files    = `git ls-files -- spec/*`.split "\n"
-  gem.executables   = `git ls-files -- bin/*.rb`.split("\n").map do |f|
-    File.basename f
-  end
-  gem.require_paths = ["lib"]
-  gem.platform      = Gem::Platform::RUBY
-  gem.required_ruby_version = ">= 2.4.0"
-
-  gem.add_dependency "faraday", ">= 0.17.3", "< 2.0"
-  gem.add_dependency "jwt", ">= 1.4", "< 3.0"
-  gem.add_dependency "memoist", "~> 0.16"
-  gem.add_dependency "multi_json", "~> 1.11"
-  gem.add_dependency "os", ">= 0.9", "< 2.0"
-  gem.add_dependency "signet", "~> 0.14"
-
-  gem.add_development_dependency "yard", "~> 0.9"
-end

data/integration/helper.rb

@@ -1,31 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-require "minitest/autorun"
-require "minitest/focus"
-require "googleauth"

data/integration/id_tokens/key_source_test.rb

@@ -1,74 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-require "helper"
-
-describe Google::Auth::IDTokens do
-  describe "key source" do
-    let(:legacy_oidc_key_source) {
-      Google::Auth::IDTokens::X509CertHttpKeySource.new "https://www.googleapis.com/oauth2/v1/certs"
-    }
-    let(:oidc_key_source) { Google::Auth::IDTokens.oidc_key_source }
-    let(:iap_key_source) { Google::Auth::IDTokens.iap_key_source }
-
-    it "Gets real keys from the OAuth2 V1 cert URL" do
-      keys = legacy_oidc_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::RSA, key.key
-        refute key.key.private?
-        assert_equal "RS256", key.algorithm
-      end
-    end
-
-    it "Gets real keys from the OAuth2 V3 cert URL" do
-      keys = oidc_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::RSA, key.key
-        refute key.key.private?
-        assert_equal "RS256", key.algorithm
-      end
-    end
-
-    it "Gets the same keys from the OAuth2 V1 and V3 cert URLs" do
-      keys_v1 = legacy_oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
-      keys_v3 = oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
-      assert_equal keys_v1, keys_v3
-    end
-
-    it "Gets real keys from the IAP public key URL" do
-      keys = iap_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::EC, key.key
-        assert_equal "ES256", key.algorithm
-      end
-    end
-  end
-end

data/rakelib/devsite_builder.rb

@@ -1,45 +0,0 @@
-require "pathname"
-
-require_relative "repo_metadata.rb"
-
-class DevsiteBuilder
-  def initialize master_dir = "."
-    @master_dir = Pathname.new master_dir
-    @output_dir = "doc"
-    @metadata = RepoMetadata.from_source "#{master_dir}/.repo-metadata.json"
-  end
-
-  def build
-    FileUtils.remove_dir @output_dir if Dir.exist? @output_dir
-    markup = "--markup markdown"
-
-    Dir.chdir @master_dir do
-      cmds = ["-o #{@output_dir}", markup]
-      cmd "yard --verbose #{cmds.join ' '}"
-    end
-    @metadata.build @master_dir + @output_dir
-  end
-
-  def upload
-    Dir.chdir @output_dir do
-      opts = [
-        "--credentials=#{ENV['KOKORO_KEYSTORE_DIR']}/73713_docuploader_service_account",
-        "--staging-bucket=#{ENV.fetch 'STAGING_BUCKET', 'docs-staging'}",
-        "--metadata-file=./docs.metadata"
-      ]
-      cmd "python3 -m docuploader upload . #{opts.join ' '}"
-    end
-  end
-
-  def publish
-    build
-    upload
-  end
-
-  def cmd line
-    puts line
-    output = `#{line}`
-    puts output
-    output
-  end
-end

data/rakelib/link_checker.rb

@@ -1,64 +0,0 @@
-require "open3"
-
-class LinkChecker
-  def initialize
-    @failed = false
-  end
-
-  def run
-    job_info
-    git_commit = ENV.fetch "KOKORO_GITHUB_COMMIT", "master"
-
-    markdown_files = Dir.glob "**/*.md"
-    broken_markdown_links = check_links markdown_files,
-                                        "https://github.com/googleapis/google-auth-library-ruby/tree/#{git_commit}",
-                                        " --skip '^(?!(\\Wruby.*google|.*google.*\\Wruby|.*cloud\\.google\\.com))'"
-
-    broken_devsite_links = check_links ["googleauth"],
-                                       "https://googleapis.dev/ruby",
-                                       "/latest/ --recurse --skip https:.*github.*"
-
-    puts_broken_links broken_markdown_links
-    puts_broken_links broken_devsite_links
-  end
-
-  def check_links location_list, base, tail
-    broken_links = Hash.new { |h, k| h[k] = [] }
-    location_list.each do |location|
-      out, err, st = Open3.capture3 "npx linkinator #{base}/#{location}#{tail}"
-      puts out
-      unless st.to_i.zero?
-        @failed = true
-        puts err
-      end
-      checked_links = out.split "\n"
-      checked_links.select! { |link| link =~ /\[\d+\]/ && !link.include?("[200]") }
-      unless checked_links.empty?
-        @failed = true
-        broken_links[location] += checked_links
-      end
-    end
-    broken_links
-  end
-
-  def puts_broken_links link_hash
-    link_hash.each do |location, links|
-      puts "#{location} contains the following broken links:"
-      links.each { |link| puts "  #{link}" }
-      puts ""
-    end
-  end
-
-  def job_info
-    line_length = "Using Ruby - #{RUBY_VERSION}".length + 8
-    puts ""
-    puts "#" * line_length
-    puts "### Using Ruby - #{RUBY_VERSION} ###"
-    puts "#" * line_length
-    puts ""
-  end
-
-  def exit_status
-    @failed ? 1 : 0
-  end
-end

data/rakelib/repo_metadata.rb

@@ -1,59 +0,0 @@
-require "json"
-
-class RepoMetadata
-  attr_reader :data
-
-  def initialize data
-    @data = data
-    normalize_data!
-  end
-
-  def allowed_fields
-    [
-      "name", "version", "language", "distribution-name",
-      "product-page", "github-repository", "issue-tracker"
-    ]
-  end
-
-  def build output_directory
-    fields = @data.to_a.map { |kv| "--#{kv[0]} #{kv[1]}" }
-    Dir.chdir output_directory do
-      cmd "python3 -m docuploader create-metadata #{fields.join ' '}"
-    end
-  end
-
-  def normalize_data!
-    require_relative "../lib/googleauth/version.rb"
-
-    @data.delete_if { |k, _| !allowed_fields.include?(k) }
-    @data["version"] = "v#{Google::Auth::VERSION}"
-  end
-
-  def [] key
-    data[key]
-  end
-
-  def []= key, value
-    @data[key] = value
-  end
-
-  def cmd line
-    puts line
-    output = `#{line}`
-    puts output
-    output
-  end
-
-  def self.from_source source
-    if source.is_a? RepoMetadata
-      data = source.data
-    elsif source.is_a? Hash
-      data = source
-    elsif File.file? source
-      data = JSON.parse File.read(source)
-    else
-      raise "Source must be a path, hash, or RepoMetadata instance"
-    end
-    RepoMetadata.new data
-  end
-end

data/spec/googleauth/apply_auth_examples.rb

@@ -1,171 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "faraday"
-require "spec_helper"
-
-shared_examples "apply/apply! are OK" do
-  let(:auth_key) { :authorization }
-
-  # tests that use these examples need to define
-  #
-  # @client which should be an auth client
-  #
-  # @make_auth_stubs, which should stub out the expected http behaviour of the
-  # auth client
-  describe "#fetch_access_token" do
-    let(:token) { "1/abcdef1234567890" }
-    let :access_stub do
-      make_auth_stubs access_token: token
-    end
-    let :id_stub do
-      make_auth_stubs id_token: token
-    end
-
-    it "should set access_token to the fetched value" do
-      access_stub
-      @client.fetch_access_token!
-      expect(@client.access_token).to eq(token)
-      expect(access_stub).to have_been_requested
-    end
-
-    it "should set id_token to the fetched value" do
-      skip unless @id_client
-      id_stub
-      @id_client.fetch_access_token!
-      expect(@id_client.id_token).to eq(token)
-      expect(id_stub).to have_been_requested
-    end
-
-    it "should notify refresh listeners after updating" do
-      access_stub
-      expect do |b|
-        @client.on_refresh(&b)
-        @client.fetch_access_token!
-      end.to yield_with_args(have_attributes(
-                               access_token: "1/abcdef1234567890"
-                             ))
-      expect(access_stub).to have_been_requested
-    end
-  end
-
-  describe "#apply!" do
-    it "should update the target hash with fetched access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      @client.apply! md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should update the target hash with fetched ID token" do
-      skip unless @id_client
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs id_token: token
-
-      md = { foo: "bar" }
-      @id_client.apply! md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  describe "updater_proc" do
-    it "should provide a proc that updates a hash with the access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-      md = { foo: "bar" }
-      the_proc = @client.updater_proc
-      got = the_proc.call md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(got).to eq(want)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  describe "#apply" do
-    it "should not update the original hash with the access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      @client.apply md
-      want = { foo: "bar" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should add the token to the returned hash" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      got = @client.apply md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(got).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should not fetch a new token if the current is not expired" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      n = 5 # arbitrary
-      n.times do |_t|
-        md = { foo: "bar" }
-        got = @client.apply md
-        want = { :foo => "bar", auth_key => "Bearer #{token}" }
-        expect(got).to eq(want)
-      end
-      expect(stub).to have_been_requested
-    end
-
-    it "should fetch a new token if the current one is expired" do
-      token1 = "1/abcdef1234567890"
-      token2 = "2/abcdef1234567891"
-
-      [token1, token2].each do |t|
-        make_auth_stubs access_token: t
-        md = { foo: "bar" }
-        got = @client.apply md
-        want = { :foo => "bar", auth_key => "Bearer #{t}" }
-        expect(got).to eq(want)
-        @client.expires_at -= 3601 # default is to expire in 1hr
-      end
-    end
-  end
-end