googleauth 0.16.2 → 0.17.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1f96ad8fd7b2aae5671af839775b83db2c3f6b9c31e36622c2dc983d647e54d
-  data.tar.gz: 58db2385909da01755365839451a6a8bbb79fceaabd76de313dab9496a7ea0dd
+  metadata.gz: 1cc321053063d0fcbe9b0ac9cece62227049fca62bb4377161cd0679342ceee9
+  data.tar.gz: 635e4992df0bfc21fe3df120dc86347619324e685ca136aa6770c23b4104153a
 SHA512:
-  metadata.gz: 39f9a7e75bbb27ff0cd9bb50ebc077751f83ee22fec724d4de9ed54c3bde97a92e5a9f577859784d2c298405fa9cf57491bddf73043ff5a0cb6a567379fc2cbb
-  data.tar.gz: 543d6c2e8175ea1262c4235e581124378ef932fe96b7c63e27b75654a2e7cdfc5e427c6f9668141de1b06d770dedfb97ca8b94b1df800d0bdf04c1860644dc2c
+  metadata.gz: 19b49461310e8b41a4062005255d51c15792481183c6fc161baf36a13e40ba1528d604ef8c17048de1661a41dfe7de6867fab3b721cd1be3b148b1c5a15f8a97
+  data.tar.gz: 2ae55a1ad27def042196075cb8c5e46db5295797edc568126903ccd7e345a2b7400d5a30f3d79d7001588a1c25ec9fcb12ea128dfc06234dd67077a3c1aae0af

data/.yardopts

@@ -0,0 +1,11 @@
+--no-private
+--title=Google Auth
+--markup markdown
+--markup-provider redcarpet
+
+./lib/**/*.rb
+-
+README.md
+CHANGELOG.md
+CODE_OF_CONDUCT.md
+LICENSE

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Release History
 
+### [0.17.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/googleauth/v0.15.0...googleauth/v0.17.1) (2021-09-01)
+
+### Bug Fixes
+
+* Updates to gem metadata ([fb5e56d](https://www.github.com/googleapis/google-auth-library-ruby/commit/fb5e56dad1e6ed6afd4f9b5c626e5e1495e48343))
+
+## [0.17.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.2...google-auth-library-ruby/v0.17.0) (2021-07-30)
+
+
+### Features
+
+* Allow scopes to be self-signed into jwts ([e67ce40](https://www.github.com/googleapis/google-auth-library-ruby/commit/e67ce40f919b7eb3723c2ec95f5b8d58315ab1ee))
+
 ### [0.16.2](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.1...google-auth-library-ruby/v0.16.2) (2021-04-28)
 
 

data/SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+To report a security issue, please use [g.co/vulnz](https://g.co/vulnz).
+
+The Google Security Team will respond within 5 working days of your report on g.co/vulnz.
+
+We use g.co/vulnz for our intake, and do coordination and disclosure here using GitHub Security Advisory to privately discuss and fix the issue.

data/lib/googleauth/service_account.rb

@@ -129,7 +129,7 @@ module Google
           quota_project_id: @quota_project_id
         }
         key_io = StringIO.new MultiJson.dump(cred_json)
-        alt = ServiceAccountJwtHeaderCredentials.make_creds json_key_io: key_io
+        alt = ServiceAccountJwtHeaderCredentials.make_creds json_key_io: key_io, scope: scope
         alt.apply! a_hash
       end
     end
@@ -154,15 +154,13 @@ module Google
       attr_reader :project_id
       attr_reader :quota_project_id
 
-      # make_creds proxies the construction of a credentials instance
+      # Create a ServiceAccountJwtHeaderCredentials.
       #
-      # make_creds is used by the methods in CredentialsLoader.
-      #
-      # By default, it calls #new with 2 args, the second one being an
-      # optional scope. Here's the constructor only has one param, so
-      # we modify make_creds to reflect this.
-      def self.make_creds *args
-        new json_key_io: args[0][:json_key_io]
+      # @param json_key_io [IO] an IO from which the JSON key can be read
+      # @param scope [string|array|nil] the scope(s) to access
+      def self.make_creds options = {}
+        json_key_io, scope = options.values_at :json_key_io, :scope
+        new json_key_io: json_key_io, scope: scope
       end
 
       # Initializes a ServiceAccountJwtHeaderCredentials.
@@ -181,6 +179,7 @@ module Google
         end
         @project_id ||= CredentialsLoader.load_gcloud_project_id
         @signing_key = OpenSSL::PKey::RSA.new @private_key
+        @scope = options[:scope]
       end
 
       # Construct a jwt token if the JWT_AUD_URI key is present in the input
@@ -189,7 +188,7 @@ module Google
       # The jwt token is used as the value of a 'Bearer '.
       def apply! a_hash, opts = {}
         jwt_aud_uri = a_hash.delete JWT_AUD_URI_KEY
-        return a_hash if jwt_aud_uri.nil?
+        return a_hash if jwt_aud_uri.nil? && @scope.nil?
         jwt_token = new_jwt_token jwt_aud_uri, opts
         a_hash[AUTH_METADATA_KEY] = "Bearer #{jwt_token}"
         a_hash
@@ -211,16 +210,21 @@ module Google
       protected
 
       # Creates a jwt uri token.
-      def new_jwt_token jwt_aud_uri, options = {}
+      def new_jwt_token jwt_aud_uri = nil, options = {}
         now = Time.new
         skew = options[:skew] || 60
         assertion = {
           "iss" => @issuer,
           "sub" => @issuer,
-          "aud" => jwt_aud_uri,
           "exp" => (now + EXPIRY).to_i,
           "iat" => (now - skew).to_i
         }
+
+        jwt_aud_uri = nil if @scope
+
+        assertion["scope"] = Array(@scope).join " " if @scope
+        assertion["aud"] = jwt_aud_uri if jwt_aud_uri
+
         JWT.encode assertion, @signing_key, SIGNING_ALGORITHM
       end
     end

data/lib/googleauth/version.rb

@@ -31,6 +31,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = "0.16.2".freeze
+    VERSION = "0.17.1".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 0.16.2
+  version: 0.17.1
 platform: ruby
 authors:
 - Tim Emiola
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-28 00:00:00.000000000 Z
+date: 2021-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -104,69 +104,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
+        version: '0.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-description: |2
-     Allows simple authorization for accessing Google APIs.
-     Provide support for Application Default Credentials, as described at
-     https://developers.google.com/accounts/docs/application-default-credentials
-email: temiola@google.com
+        version: '0.15'
+description: Implements simple authorization for accessing Google APIs, and provides
+  support for Application Default Credentials.
+email:
+- temiola@google.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/CODEOWNERS"
-- ".github/CONTRIBUTING.md"
-- ".github/ISSUE_TEMPLATE/bug_report.md"
-- ".github/ISSUE_TEMPLATE/feature_request.md"
-- ".github/ISSUE_TEMPLATE/support_request.md"
-- ".github/renovate.json"
-- ".github/sync-repo-settings.yaml"
-- ".github/workflows/ci.yml"
-- ".github/workflows/release-please.yml"
-- ".gitignore"
-- ".kokoro/populate-secrets.sh"
-- ".kokoro/release.cfg"
-- ".kokoro/release.sh"
-- ".kokoro/trampoline_v2.sh"
-- ".repo-metadata.json"
-- ".rspec"
-- ".rubocop.yml"
-- ".toys/.toys.rb"
-- ".toys/ci.rb"
-- ".toys/kokoro/.toys.rb"
-- ".toys/kokoro/publish-docs.rb"
-- ".toys/kokoro/publish-gem.rb"
-- ".toys/linkinator.rb"
-- ".trampolinerc"
+- ".yardopts"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
-- Gemfile
 - LICENSE
 - README.md
-- googleauth.gemspec
-- integration/helper.rb
-- integration/id_tokens/key_source_test.rb
+- SECURITY.md
 - lib/googleauth.rb
 - lib/googleauth/application_default.rb
 - lib/googleauth/client_id.rb
@@ -190,29 +149,13 @@ files:
 - lib/googleauth/user_refresh.rb
 - lib/googleauth/version.rb
 - lib/googleauth/web_user_authorizer.rb
-- spec/googleauth/apply_auth_examples.rb
-- spec/googleauth/client_id_spec.rb
-- spec/googleauth/compute_engine_spec.rb
-- spec/googleauth/credentials_spec.rb
-- spec/googleauth/get_application_default_spec.rb
-- spec/googleauth/iam_spec.rb
-- spec/googleauth/scope_util_spec.rb
-- spec/googleauth/service_account_spec.rb
-- spec/googleauth/signet_spec.rb
-- spec/googleauth/stores/file_token_store_spec.rb
-- spec/googleauth/stores/redis_token_store_spec.rb
-- spec/googleauth/stores/store_examples.rb
-- spec/googleauth/user_authorizer_spec.rb
-- spec/googleauth/user_refresh_spec.rb
-- spec/googleauth/web_user_authorizer_spec.rb
-- spec/spec_helper.rb
-- test/helper.rb
-- test/id_tokens/key_sources_test.rb
-- test/id_tokens/verifier_test.rb
 homepage: https://github.com/googleapis/google-auth-library-ruby
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  changelog_uri: https://github.com/googleapis/google-auth-library-ruby/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/googleapis/google-auth-library-ruby
+  bug_tracker_uri: https://github.com/googleapis/google-auth-library-ruby/issues
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -228,24 +171,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.16
+rubygems_version: 3.2.17
 signing_key: 
 specification_version: 4
 summary: Google Auth Library for Ruby
-test_files:
-- spec/googleauth/apply_auth_examples.rb
-- spec/googleauth/client_id_spec.rb
-- spec/googleauth/compute_engine_spec.rb
-- spec/googleauth/credentials_spec.rb
-- spec/googleauth/get_application_default_spec.rb
-- spec/googleauth/iam_spec.rb
-- spec/googleauth/scope_util_spec.rb
-- spec/googleauth/service_account_spec.rb
-- spec/googleauth/signet_spec.rb
-- spec/googleauth/stores/file_token_store_spec.rb
-- spec/googleauth/stores/redis_token_store_spec.rb
-- spec/googleauth/stores/store_examples.rb
-- spec/googleauth/user_authorizer_spec.rb
-- spec/googleauth/user_refresh_spec.rb
-- spec/googleauth/web_user_authorizer_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.github/CODEOWNERS

@@ -1,7 +0,0 @@
-# Code owners file.
-# This file controls who is tagged for review for any given pull request.
-#
-# For syntax help see:
-# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
-
-*     @googleapis/yoshi-ruby

data/.github/CONTRIBUTING.md

@@ -1,74 +0,0 @@
-# How to become a contributor and submit your own code
-
-## Contributor License Agreements
-
-We'd love to accept your sample apps and patches! Before we can take them, we
-have to jump a couple of legal hurdles.
-
-Please fill out either the individual or corporate Contributor License Agreement
-(CLA).
-
-  * If you are an individual writing original source code and you're sure you
-    own the intellectual property, then you'll need to sign an [individual CLA].
-  * If you work for a company that wants to allow you to contribute your work,
-    then you'll need to sign a [corporate CLA].
-
-[individual CLA]: http://code.google.com/legal/individual-cla-v1.0.html
-[corporate CLA]: http://code.google.com/legal/corporate-cla-v1.0.html
-
-Follow either of the two links above to access the appropriate CLA and
-instructions for how to sign and return it. Once we receive it, we'll be able to
-accept your pull requests.
-
-## Issue reporting
-
-* Check that the issue has not already been reported.
-* Check that the issue has not already been fixed in the latest code
-  (a.k.a. `master`).
-* Be clear, concise and precise in your description of the problem.
-* Open an issue with a descriptive title and a summary in grammatically correct,
-    complete sentences.
-* Include any relevant code to the issue summary.
-
-## Pull requests
-
-* Read [how to properly contribute to open source projects on Github][2].
-* Fork the project.
-* Use a topic/feature branch to easily amend a pull request later, if necessary.
-* Write [good commit messages][3].
-* Use the same coding conventions as the rest of the project.
-* Commit and push until you are happy with your contribution.
-* Make sure to add tests for it. This is important so I don't break it
-  in a future version unintentionally.
-* Add an entry to the [Changelog](CHANGELOG.md) accordingly. See [changelog entry format](#changelog-entry-format).
-* Please try not to mess with the Rakefile, version, or history. If you want to
-  have your own version, or is otherwise necessary, that is fine, but please
-  isolate to its own commit so I can cherry-pick around it.
-* Make sure the test suite is passing and the code you wrote doesn't produce
-  RuboCop offenses.
-* [Squash related commits together][5].
-* Open a [pull request][4] that relates to *only* one subject with a clear title
-  and description in grammatically correct, complete sentences.
-
-### Changelog entry format
-
-Here are a few examples:
-
-```
-* makes the scope parameter's optional in all APIs. (@tbetbetbe[])
-* [#14](https://github.com/google/google-auth-library-ruby/issues/14): ADC Support for JWT Service Tokens. ([@tbetbetbe][])
-```
-
-* Mark it up in [Markdown syntax][6].
-* The entry line should start with `* ` (an asterisk and a space).
-* If the change has a related GitHub issue (e.g. a bug fix for a reported issue), put a link to the issue as `[#123](https://github.com/google/google-auth-library-ruby/issues/11): `.
-* Describe the brief of the change. The sentence should end with a punctuation.
-* At the end of the entry, add an implicit link to your GitHub user page as `([@username][])`.
-* If this is your first contribution to google-auth-library-ruby project, add a link definition for the implicit link to the bottom of the changelog as `[@username]: https://github.com/username`.
-
-[1]: https://github.com/google/google-auth-ruby-library/issues
-[2]: http://gun.io/blog/how-to-github-fork-branch-and-pull-request
-[3]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
-[4]: https://help.github.com/articles/using-pull-requests
-[5]: http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
-[6]: http://daringfireball.net/projects/markdown/syntax

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,36 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-
-Thanks for stopping by to let us know something could be better!
-
-**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
-
-Please run down the following list and make sure you've tried the usual "quick fixes":
-
-  - Search the issues already opened: https://github.com/googleapis/google-auth-library-ruby/issues
-  - Search Stack Overflow: https://stackoverflow.com/questions/tagged/google-auth-library-ruby
-
-If you are still having issues, please be sure to include as much information as possible:
-
-#### Environment details
-
-  - OS:
-  - Ruby version:
-  - Gem name and version:
-
-#### Steps to reproduce
-
-  1. ...
-
-#### Code example
-
-```ruby
-# example
-```
-
-Making sure to follow these steps will guarantee the quickest resolution possible.
-
-Thanks!

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,21 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this library
-
----
-
-Thanks for stopping by to let us know something could be better!
-
-**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
-
- **Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
- **Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
- **Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
- **Additional context**
-Add any other context or screenshots about the feature request here.

data/.github/ISSUE_TEMPLATE/support_request.md

@@ -1,7 +0,0 @@
----
-name: Support request
-about: If you have a support contract with Google, please create an issue in the Google Cloud Support console.
-
----
-
-**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.

data/.github/renovate.json

@@ -1,6 +0,0 @@
-{
-  "extends": [
-    "config:base"
-  ],
-  "rangeStrategy": "widen"
-}