googleauth 0.5.1 → 0.11.0

data/lib/googleauth.rb

@@ -27,99 +27,9 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'multi_json'
-require 'stringio'
-
-require 'googleauth/credentials_loader'
-require 'googleauth/compute_engine'
-require 'googleauth/service_account'
-require 'googleauth/user_refresh'
-require 'googleauth/client_id'
-require 'googleauth/user_authorizer'
-require 'googleauth/web_user_authorizer'
-
-module Google
-  # Module Auth provides classes that provide Google-specific authorization
-  # used to access Google APIs.
-  module Auth
-    NOT_FOUND_ERROR = <<END
-Could not load the default credentials. Browse to
-https://developers.google.com/accounts/docs/application-default-credentials
-for more information
-END
-
-    # DefaultCredentials is used to preload the credentials file, to determine
-    # which type of credentials should be loaded.
-    class DefaultCredentials
-      extend CredentialsLoader
-
-      # override CredentialsLoader#make_creds to use the class determined by
-      # loading the json.
-      def self.make_creds(options = {})
-        json_key_io, scope = options.values_at(:json_key_io, :scope)
-        if json_key_io
-          json_key, clz = determine_creds_class(json_key_io)
-          clz.make_creds(json_key_io: StringIO.new(MultiJson.dump(json_key)),
-                         scope: scope)
-        else
-          clz = read_creds
-          clz.make_creds(scope: scope)
-        end
-      end
-
-      def self.read_creds
-        env_var = CredentialsLoader::ACCOUNT_TYPE_VAR
-        type = ENV[env_var]
-        fail "#{ACCOUNT_TYPE_VAR} is undefined in env" unless type
-        case type
-        when 'service_account'
-          ServiceAccountCredentials
-        when 'authorized_user'
-          UserRefreshCredentials
-        else
-          fail "credentials type '#{type}' is not supported"
-        end
-      end
-
-      # Reads the input json and determines which creds class to use.
-      def self.determine_creds_class(json_key_io)
-        json_key = MultiJson.load(json_key_io.read)
-        key = 'type'
-        fail "the json is missing the '#{key}' field" unless json_key.key?(key)
-        type = json_key[key]
-        case type
-        when 'service_account'
-          [json_key, ServiceAccountCredentials]
-        when 'authorized_user'
-          [json_key, UserRefreshCredentials]
-        else
-          fail "credentials type '#{type}' is not supported"
-        end
-      end
-    end
-
-    # Obtains the default credentials implementation to use in this
-    # environment.
-    #
-    # Use this to obtain the Application Default Credentials for accessing
-    # Google APIs.  Application Default Credentials are described in detail
-    # at http://goo.gl/IUuyuX.
-    #
-    # If supplied, scope is used to create the credentials instance, when it can
-    # be applied.  E.g, on google compute engine and for user credentials the
-    # scope is ignored.
-    #
-    # @param scope [string|array|nil] the scope(s) to access
-    # @param options [hash] allows override of the connection being used
-    def get_application_default(scope = nil, options = {})
-      creds = DefaultCredentials.from_env(scope) ||
-              DefaultCredentials.from_well_known_path(scope) ||
-              DefaultCredentials.from_system_default_path(scope)
-      return creds unless creds.nil?
-      fail NOT_FOUND_ERROR unless GCECredentials.on_gce?(options)
-      GCECredentials.new
-    end
-
-    module_function :get_application_default
-  end
-end
+require "googleauth/application_default"
+require "googleauth/client_id"
+require "googleauth/credentials"
+require "googleauth/default_credentials"
+require "googleauth/user_authorizer"
+require "googleauth/web_user_authorizer"

data/rakelib/devsite_builder.rb

@@ -0,0 +1,45 @@
+require "pathname"
+
+require_relative "repo_metadata.rb"
+
+class DevsiteBuilder
+  def initialize master_dir = "."
+    @master_dir = Pathname.new master_dir
+    @output_dir = "doc"
+    @metadata = RepoMetadata.from_source "#{master_dir}/.repo-metadata.json"
+  end
+
+  def build
+    FileUtils.remove_dir @output_dir if Dir.exist? @output_dir
+    markup = "--markup markdown"
+
+    Dir.chdir @master_dir do
+      cmds = ["-o #{@output_dir}", markup]
+      cmd "yard --verbose #{cmds.join ' '}"
+    end
+    @metadata.build @master_dir + @output_dir
+  end
+
+  def upload
+    Dir.chdir @output_dir do
+      opts = [
+        "--credentials=#{ENV['KOKORO_KEYSTORE_DIR']}/73713_docuploader_service_account",
+        "--staging-bucket=#{ENV.fetch 'STAGING_BUCKET', 'docs-staging'}",
+        "--metadata-file=./docs.metadata"
+      ]
+      cmd "python3 -m docuploader upload . #{opts.join ' '}"
+    end
+  end
+
+  def publish
+    build
+    upload
+  end
+
+  def cmd line
+    puts line
+    output = `#{line}`
+    puts output
+    output
+  end
+end

data/rakelib/link_checker.rb

@@ -0,0 +1,64 @@
+require "open3"
+
+class LinkChecker
+  def initialize
+    @failed = false
+  end
+
+  def run
+    job_info
+    git_commit = ENV.fetch "KOKORO_GITHUB_COMMIT", "master"
+
+    markdown_files = Dir.glob "**/*.md"
+    broken_markdown_links = check_links markdown_files,
+                                        "https://github.com/googleapis/google-auth-library-ruby/tree/#{git_commit}",
+                                        " --skip '^(?!(\\Wruby.*google|.*google.*\\Wruby|.*cloud\\.google\\.com))'"
+
+    broken_devsite_links = check_links ["googleauth"],
+                                       "https://googleapis.dev/ruby",
+                                       "/latest/ --recurse --skip https:.*github.*"
+
+    puts_broken_links broken_markdown_links
+    puts_broken_links broken_devsite_links
+  end
+
+  def check_links location_list, base, tail
+    broken_links = Hash.new { |h, k| h[k] = [] }
+    location_list.each do |location|
+      out, err, st = Open3.capture3 "npx linkinator #{base}/#{location}#{tail}"
+      puts out
+      unless st.to_i.zero?
+        @failed = true
+        puts err
+      end
+      checked_links = out.split "\n"
+      checked_links.select! { |link| link =~ /\[\d+\]/ && !link.include?("[200]") }
+      unless checked_links.empty?
+        @failed = true
+        broken_links[location] += checked_links
+      end
+    end
+    broken_links
+  end
+
+  def puts_broken_links link_hash
+    link_hash.each do |location, links|
+      puts "#{location} contains the following broken links:"
+      links.each { |link| puts "  #{link}" }
+      puts ""
+    end
+  end
+
+  def job_info
+    line_length = "Using Ruby - #{RUBY_VERSION}".length + 8
+    puts ""
+    puts "#" * line_length
+    puts "### Using Ruby - #{RUBY_VERSION} ###"
+    puts "#" * line_length
+    puts ""
+  end
+
+  def exit_status
+    @failed ? 1 : 0
+  end
+end

data/rakelib/repo_metadata.rb

@@ -0,0 +1,59 @@
+require "json"
+
+class RepoMetadata
+  attr_reader :data
+
+  def initialize data
+    @data = data
+    normalize_data!
+  end
+
+  def allowed_fields
+    [
+      "name", "version", "language", "distribution-name",
+      "product-page", "github-repository", "issue-tracker"
+    ]
+  end
+
+  def build output_directory
+    fields = @data.to_a.map { |kv| "--#{kv[0]} #{kv[1]}" }
+    Dir.chdir output_directory do
+      cmd "python3 -m docuploader create-metadata #{fields.join ' '}"
+    end
+  end
+
+  def normalize_data!
+    require_relative "../lib/googleauth/version.rb"
+
+    @data.delete_if { |k, _| !allowed_fields.include?(k) }
+    @data["version"] = "v#{Google::Auth::VERSION}"
+  end
+
+  def [] key
+    data[key]
+  end
+
+  def []= key, value
+    @data[key] = value
+  end
+
+  def cmd line
+    puts line
+    output = `#{line}`
+    puts output
+    output
+  end
+
+  def self.from_source source
+    if source.is_a? RepoMetadata
+      data = source.data
+    elsif source.is_a? Hash
+      data = source
+    elsif File.file? source
+      data = JSON.parse File.read(source)
+    else
+      raise "Source must be a path, hash, or RepoMetadata instance"
+    end
+    RepoMetadata.new data
+  end
+end

data/spec/googleauth/apply_auth_examples.rb

@@ -27,14 +27,14 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'faraday'
-require 'spec_helper'
+require "faraday"
+require "spec_helper"
 
-shared_examples 'apply/apply! are OK' do
+shared_examples "apply/apply! are OK" do
   let(:auth_key) { :authorization }
 
   # tests that use these examples need to define
@@ -43,102 +43,103 @@ shared_examples 'apply/apply! are OK' do
   #
   # @make_auth_stubs, which should stub out the expected http behaviour of the
   # auth client
-  describe '#fetch_access_token' do
-    let(:token) { '1/abcdef1234567890' }
-    let(:stub) do
+  describe "#fetch_access_token" do
+    let(:token) { "1/abcdef1234567890" }
+    let :stub do
       make_auth_stubs access_token: token
     end
 
-    it 'should set access_token to the fetched value' do
+    it "should set access_token to the fetched value" do
       stub
       @client.fetch_access_token!
       expect(@client.access_token).to eq(token)
       expect(stub).to have_been_requested
     end
 
-    it 'should notify refresh listeners after updating' do
+    it "should notify refresh listeners after updating" do
       stub
       expect do |b|
         @client.on_refresh(&b)
         @client.fetch_access_token!
       end.to yield_with_args(have_attributes(
-                               access_token: '1/abcdef1234567890'))
+                               access_token: "1/abcdef1234567890"
+                             ))
       expect(stub).to have_been_requested
     end
   end
 
-  describe '#apply!' do
-    it 'should update the target hash with fetched access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply!" do
+    it "should update the target hash with fetched access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply!(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      @client.apply! md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe 'updater_proc' do
-    it 'should provide a proc that updates a hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "updater_proc" do
+    it "should provide a proc that updates a hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
-      md = { foo: 'bar' }
+      md = { foo: "bar" }
       the_proc = @client.updater_proc
-      got = the_proc.call(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      got = the_proc.call md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe '#apply' do
-    it 'should not update the original hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply" do
+    it "should not update the original hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply(md)
-      want = { foo: 'bar' }
+      md = { foo: "bar" }
+      @client.apply md
+      want = { foo: "bar" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should add the token to the returned hash' do
-      token = '1/abcdef1234567890'
+    it "should add the token to the returned hash" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      got = @client.apply(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      got = @client.apply md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should not fetch a new token if the current is not expired' do
-      token = '1/abcdef1234567890'
+    it "should not fetch a new token if the current is not expired" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
       n = 5 # arbitrary
       n.times do |_t|
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{token}" }
         expect(got).to eq(want)
       end
       expect(stub).to have_been_requested
     end
 
-    it 'should fetch a new token if the current one is expired' do
-      token_1 = '1/abcdef1234567890'
-      token_2 = '2/abcdef1234567891'
+    it "should fetch a new token if the current one is expired" do
+      token1 = "1/abcdef1234567890"
+      token2 = "2/abcdef1234567891"
 
-      [token_1, token_2].each do |t|
+      [token1, token2].each do |t|
         make_auth_stubs access_token: t
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{t}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{t}" }
         expect(got).to eq(want)
         @client.expires_at -= 3601 # default is to expire in 1hr
       end

data/spec/googleauth/client_id_spec.rb

@@ -27,114 +27,134 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'spec_helper'
-require 'fakefs/safe'
-require 'googleauth'
+require "spec_helper"
+require "fakefs/safe"
+require "googleauth"
 
 describe Google::Auth::ClientId do
-  shared_examples 'it has a valid config' do
-    it 'should include a valid id' do
-      expect(client_id.id).to eql 'abc@example.com'
+  shared_examples "it has a valid config" do
+    it "should include a valid id" do
+      expect(client_id.id).to eql "abc@example.com"
     end
 
-    it 'should include a valid secret' do
-      expect(client_id.secret).to eql 'notasecret'
+    it "should include a valid secret" do
+      expect(client_id.secret).to eql "notasecret"
     end
   end
 
-  shared_examples 'it can successfully load client_id' do
-    context 'loaded from hash' do
-      let(:client_id) { Google::Auth::ClientId.from_hash(config) }
+  shared_examples "it can successfully load client_id" do
+    context "loaded from hash" do
+      let(:client_id) { Google::Auth::ClientId.from_hash config }
 
-      it_behaves_like 'it has a valid config'
+      it_behaves_like "it has a valid config"
     end
 
-    context 'loaded from file' do
-      file_path = '/client_secrets.json'
+    context "loaded from file" do
+      file_path = "/client_secrets.json"
 
-      let(:client_id) do
+      let :client_id do
         FakeFS do
-          content = MultiJson.dump(config)
-          File.write(file_path, content)
-          Google::Auth::ClientId.from_file(file_path)
+          content = MultiJson.dump config
+          File.write file_path, content
+          Google::Auth::ClientId.from_file file_path
         end
       end
 
-      it_behaves_like 'it has a valid config'
+      it_behaves_like "it has a valid config"
     end
   end
 
-  describe 'with web config' do
-    let(:config) do
+  describe "with web config" do
+    let :config do
       {
-        'web' => {
-          'client_id' => 'abc@example.com',
-          'client_secret' => 'notasecret'
+        "web" => {
+          "client_id"     => "abc@example.com",
+          "client_secret" => "notasecret"
         }
       }
     end
-    it_behaves_like 'it can successfully load client_id'
+    it_behaves_like "it can successfully load client_id"
   end
 
-  describe 'with installed app config' do
-    let(:config) do
+  describe "with installed app config" do
+    let :config do
       {
-        'installed' => {
-          'client_id' => 'abc@example.com',
-          'client_secret' => 'notasecret'
+        "installed" => {
+          "client_id"     => "abc@example.com",
+          "client_secret" => "notasecret"
         }
       }
     end
-    it_behaves_like 'it can successfully load client_id'
+    it_behaves_like "it can successfully load client_id"
   end
 
-  context 'with missing top level property' do
-    let(:config) do
+  context "with missing top level property" do
+    let :config do
       {
-        'notvalid' => {
-          'client_id' => 'abc@example.com',
-          'client_secret' => 'notasecret'
+        "notvalid" => {
+          "client_id"     => "abc@example.com",
+          "client_secret" => "notasecret"
         }
       }
     end
 
-    it 'should raise error' do
-      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
-        /Expected top level property/)
+    it "should raise error" do
+      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
+        /Expected top level property/
+      )
     end
   end
 
-  context 'with missing client id' do
-    let(:config) do
+  context "with missing client id" do
+    let :config do
       {
-        'web' => {
-          'client_secret' => 'notasecret'
+        "web" => {
+          "client_secret" => "notasecret"
         }
       }
     end
 
-    it 'should raise error' do
-      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
-        /Client id can not be nil/)
+    it "should raise error" do
+      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
+        /Client id can not be nil/
+      )
     end
   end
 
-  context 'with missing client secret' do
-    let(:config) do
+  context "with missing client secret" do
+    let :config do
       {
-        'web' => {
-          'client_id' => 'abc@example.com'
+        "web" => {
+          "client_id" => "abc@example.com"
         }
       }
     end
 
-    it 'should raise error' do
-      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
-        /Client secret can not be nil/)
+    it "should raise error" do
+      expect { Google::Auth::ClientId.from_hash config }.to raise_error(
+        /Client secret can not be nil/
+      )
+    end
+  end
+
+  context "with cloud sdk credentials" do
+    let :config do
+      {
+        "web" => {
+          "client_id"     => Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID,
+          "client_secret" => "notasecret"
+        }
+      }
+    end
+
+    it "should raise warning" do
+      expect { Google::Auth::ClientId.from_hash config }.to output(
+        Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
+      ).to_stderr
     end
   end
 end