googleauth 0.17.0 → 0.17.1

data/integration/helper.rb

@@ -1,31 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-require "minitest/autorun"
-require "minitest/focus"
-require "googleauth"

data/integration/id_tokens/key_source_test.rb

@@ -1,74 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-require "helper"
-
-describe Google::Auth::IDTokens do
-  describe "key source" do
-    let(:legacy_oidc_key_source) {
-      Google::Auth::IDTokens::X509CertHttpKeySource.new "https://www.googleapis.com/oauth2/v1/certs"
-    }
-    let(:oidc_key_source) { Google::Auth::IDTokens.oidc_key_source }
-    let(:iap_key_source) { Google::Auth::IDTokens.iap_key_source }
-
-    it "Gets real keys from the OAuth2 V1 cert URL" do
-      keys = legacy_oidc_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::RSA, key.key
-        refute key.key.private?
-        assert_equal "RS256", key.algorithm
-      end
-    end
-
-    it "Gets real keys from the OAuth2 V3 cert URL" do
-      keys = oidc_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::RSA, key.key
-        refute key.key.private?
-        assert_equal "RS256", key.algorithm
-      end
-    end
-
-    it "Gets the same keys from the OAuth2 V1 and V3 cert URLs" do
-      keys_v1 = legacy_oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
-      keys_v3 = oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
-      assert_equal keys_v1, keys_v3
-    end
-
-    it "Gets real keys from the IAP public key URL" do
-      keys = iap_key_source.refresh_keys
-      refute_empty keys
-      keys.each do |key|
-        assert_kind_of OpenSSL::PKey::EC, key.key
-        assert_equal "ES256", key.algorithm
-      end
-    end
-  end
-end

data/spec/googleauth/apply_auth_examples.rb

@@ -1,171 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "faraday"
-require "spec_helper"
-
-shared_examples "apply/apply! are OK" do
-  let(:auth_key) { :authorization }
-
-  # tests that use these examples need to define
-  #
-  # @client which should be an auth client
-  #
-  # @make_auth_stubs, which should stub out the expected http behaviour of the
-  # auth client
-  describe "#fetch_access_token" do
-    let(:token) { "1/abcdef1234567890" }
-    let :access_stub do
-      make_auth_stubs access_token: token
-    end
-    let :id_stub do
-      make_auth_stubs id_token: token
-    end
-
-    it "should set access_token to the fetched value" do
-      access_stub
-      @client.fetch_access_token!
-      expect(@client.access_token).to eq(token)
-      expect(access_stub).to have_been_requested
-    end
-
-    it "should set id_token to the fetched value" do
-      skip unless @id_client
-      id_stub
-      @id_client.fetch_access_token!
-      expect(@id_client.id_token).to eq(token)
-      expect(id_stub).to have_been_requested
-    end
-
-    it "should notify refresh listeners after updating" do
-      access_stub
-      expect do |b|
-        @client.on_refresh(&b)
-        @client.fetch_access_token!
-      end.to yield_with_args(have_attributes(
-                               access_token: "1/abcdef1234567890"
-                             ))
-      expect(access_stub).to have_been_requested
-    end
-  end
-
-  describe "#apply!" do
-    it "should update the target hash with fetched access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      @client.apply! md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should update the target hash with fetched ID token" do
-      skip unless @id_client
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs id_token: token
-
-      md = { foo: "bar" }
-      @id_client.apply! md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  describe "updater_proc" do
-    it "should provide a proc that updates a hash with the access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-      md = { foo: "bar" }
-      the_proc = @client.updater_proc
-      got = the_proc.call md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(got).to eq(want)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  describe "#apply" do
-    it "should not update the original hash with the access token" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      @client.apply md
-      want = { foo: "bar" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should add the token to the returned hash" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      md = { foo: "bar" }
-      got = @client.apply md
-      want = { :foo => "bar", auth_key => "Bearer #{token}" }
-      expect(got).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "should not fetch a new token if the current is not expired" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token
-
-      n = 5 # arbitrary
-      n.times do |_t|
-        md = { foo: "bar" }
-        got = @client.apply md
-        want = { :foo => "bar", auth_key => "Bearer #{token}" }
-        expect(got).to eq(want)
-      end
-      expect(stub).to have_been_requested
-    end
-
-    it "should fetch a new token if the current one is expired" do
-      token1 = "1/abcdef1234567890"
-      token2 = "2/abcdef1234567891"
-
-      [token1, token2].each do |t|
-        make_auth_stubs access_token: t
-        md = { foo: "bar" }
-        got = @client.apply md
-        want = { :foo => "bar", auth_key => "Bearer #{t}" }
-        expect(got).to eq(want)
-        @client.expires_at -= 3601 # default is to expire in 1hr
-      end
-    end
-  end
-end

data/spec/googleauth/client_id_spec.rb

@@ -1,160 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "spec_helper"
-require "fakefs/safe"
-require "googleauth"
-
-describe Google::Auth::ClientId do
-  shared_examples "it has a valid config" do
-    it "should include a valid id" do
-      expect(client_id.id).to eql "abc@example.com"
-    end
-
-    it "should include a valid secret" do
-      expect(client_id.secret).to eql "notasecret"
-    end
-  end
-
-  shared_examples "it can successfully load client_id" do
-    context "loaded from hash" do
-      let(:client_id) { Google::Auth::ClientId.from_hash config }
-
-      it_behaves_like "it has a valid config"
-    end
-
-    context "loaded from file" do
-      file_path = "/client_secrets.json"
-
-      let :client_id do
-        FakeFS do
-          content = MultiJson.dump config
-          File.write file_path, content
-          Google::Auth::ClientId.from_file file_path
-        end
-      end
-
-      it_behaves_like "it has a valid config"
-    end
-  end
-
-  describe "with web config" do
-    let :config do
-      {
-        "web" => {
-          "client_id"     => "abc@example.com",
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-    it_behaves_like "it can successfully load client_id"
-  end
-
-  describe "with installed app config" do
-    let :config do
-      {
-        "installed" => {
-          "client_id"     => "abc@example.com",
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-    it_behaves_like "it can successfully load client_id"
-  end
-
-  context "with missing top level property" do
-    let :config do
-      {
-        "notvalid" => {
-          "client_id"     => "abc@example.com",
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-
-    it "should raise error" do
-      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
-        /Expected top level property/
-      )
-    end
-  end
-
-  context "with missing client id" do
-    let :config do
-      {
-        "web" => {
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-
-    it "should raise error" do
-      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
-        /Client id can not be nil/
-      )
-    end
-  end
-
-  context "with missing client secret" do
-    let :config do
-      {
-        "web" => {
-          "client_id" => "abc@example.com"
-        }
-      }
-    end
-
-    it "should raise error" do
-      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
-        /Client secret can not be nil/
-      )
-    end
-  end
-
-  context "with cloud sdk credentials" do
-    let :config do
-      {
-        "web" => {
-          "client_id"     => Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID,
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-
-    it "should raise warning" do
-      expect { Google::Auth::ClientId.from_hash config }.to output(
-        Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
-      ).to_stderr
-    end
-  end
-end

data/spec/googleauth/compute_engine_spec.rb

@@ -1,178 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "apply_auth_examples"
-require "faraday"
-require "googleauth/compute_engine"
-require "spec_helper"
-
-describe Google::Auth::GCECredentials do
-  MD_ACCESS_URI = "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token".freeze
-  MD_ID_URI = "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity?audience=https://pubsub.googleapis.com/&format=full".freeze
-  GCECredentials = Google::Auth::GCECredentials
-
-  before :example do
-    @client = GCECredentials.new
-    @id_client = GCECredentials.new target_audience: "https://pubsub.googleapis.com/"
-  end
-
-  def make_auth_stubs opts
-    if opts[:access_token]
-      body = MultiJson.dump("access_token" => opts[:access_token],
-                            "token_type"   => "Bearer",
-                            "expires_in"   => 3600)
-
-      uri = MD_ACCESS_URI
-      uri += "?scopes=#{Array(opts[:scope]).join ','}" if opts[:scope]
-
-      stub_request(:get, uri)
-        .with(headers: { "Metadata-Flavor" => "Google" })
-        .to_return(body:    body,
-                   status:  200,
-                   headers: { "Content-Type" => "application/json" })
-    elsif opts[:id_token]
-      stub_request(:get, MD_ID_URI)
-        .with(headers: { "Metadata-Flavor" => "Google" })
-        .to_return(body:    opts[:id_token],
-                   status:  200,
-                   headers: { "Content-Type" => "text/html" })
-    end
-  end
-
-  it_behaves_like "apply/apply! are OK"
-
-  context "metadata is unavailable" do
-    describe "#fetch_access_token" do
-      it "should pass scopes when requesting an access token" do
-        scopes = ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/bigtable.data"]
-        stub = make_auth_stubs access_token: "1/abcdef1234567890", scope: scopes
-        @client = GCECredentials.new(scope: scopes)
-        @client.fetch_access_token!
-        expect(stub).to have_been_requested
-      end
-
-      it "should fail if the metadata request returns a 404" do
-        stub = stub_request(:get, MD_ACCESS_URI)
-               .to_return(status:  404,
-                          headers: { "Metadata-Flavor" => "Google" })
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-        expect(stub).to have_been_requested
-      end
-
-      it "should fail if the metadata request returns a 403" do
-        stub = stub_request(:get, MD_ACCESS_URI)
-                 .to_return(status:  403,
-                            headers: { "Metadata-Flavor" => "Google" })
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-        expect(stub).to have_been_requested.times(6)
-      end
-
-      it "should fail if the metadata request returns a 500" do
-        stub = stub_request(:get, MD_ACCESS_URI)
-                 .to_return(status:  500,
-                            headers: { "Metadata-Flavor" => "Google" })
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-        expect(stub).to have_been_requested.times(6)
-      end
-
-      it "should fail if the metadata request returns an unexpected code" do
-        stub = stub_request(:get, MD_ACCESS_URI)
-               .to_return(status:  503,
-                          headers: { "Metadata-Flavor" => "Google" })
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-        expect(stub).to have_been_requested
-      end
-
-      it "should fail with Signet::AuthorizationError if request times out" do
-        allow_any_instance_of(Faraday::Connection).to receive(:get)
-          .and_raise(Faraday::TimeoutError)
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-      end
-
-      it "should fail with Signet::AuthorizationError if request fails" do
-        allow_any_instance_of(Faraday::Connection).to receive(:get)
-          .and_raise(Faraday::ConnectionFailed, nil)
-        expect { @client.fetch_access_token! }
-          .to raise_error Signet::AuthorizationError
-      end
-    end
-  end
-
-  describe "#on_gce?" do
-    it "should be true when Metadata-Flavor is Google" do
-      stub = stub_request(:get, "http://169.254.169.254")
-             .with(headers: { "Metadata-Flavor" => "Google" })
-             .to_return(status:  200,
-                        headers: { "Metadata-Flavor" => "Google" })
-      expect(GCECredentials.on_gce?({}, true)).to eq(true)
-      expect(stub).to have_been_requested
-    end
-
-    it "should be false when Metadata-Flavor is not Google" do
-      stub = stub_request(:get, "http://169.254.169.254")
-             .with(headers: { "Metadata-Flavor" => "Google" })
-             .to_return(status:  200,
-                        headers: { "Metadata-Flavor" => "NotGoogle" })
-      expect(GCECredentials.on_gce?({}, true)).to eq(false)
-      expect(stub).to have_been_requested
-    end
-
-    it "should be false if the response is not 200" do
-      stub = stub_request(:get, "http://169.254.169.254")
-             .with(headers: { "Metadata-Flavor" => "Google" })
-             .to_return(status:  404,
-                        headers: { "Metadata-Flavor" => "NotGoogle" })
-      expect(GCECredentials.on_gce?({}, true)).to eq(false)
-      expect(stub).to have_been_requested
-    end
-
-    it "should honor GCE_METADATA_HOST environment variable" do
-      ENV["GCE_METADATA_HOST"] = "mymetadata.example.com"
-      begin
-        stub = stub_request(:get, "http://mymetadata.example.com")
-               .with(headers: { "Metadata-Flavor" => "Google" })
-               .to_return(status:  200,
-                          headers: { "Metadata-Flavor" => "Google" })
-        expect(GCECredentials.on_gce?({}, true)).to eq(true)
-        expect(stub).to have_been_requested
-      ensure
-        ENV.delete "GCE_METADATA_HOST"
-      end
-    end
-  end
-end