googleauth 0.5.1 → 0.11.0

data/spec/googleauth/get_application_default_spec.rb

@@ -27,124 +27,148 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'faraday'
-require 'fakefs/safe'
-require 'googleauth'
-require 'spec_helper'
+require "faraday"
+require "fakefs/safe"
+require "googleauth"
+require "spec_helper"
+require "os"
 
-describe '#get_application_default' do
+describe "#get_application_default" do
   # Pass unique options each time to bypass memoization
   let(:options) { |example| { dememoize: example } }
 
-  before(:example) do
-    @key = OpenSSL::PKey::RSA.new(2048)
+  before :example do
+    @key = OpenSSL::PKey::RSA.new 2048
     @var_name = ENV_VAR
     @credential_vars = [
       ENV_VAR, PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR, CLIENT_ID_VAR,
-      CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR]
+      CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR
+    ]
     @original_env_vals = {}
     @credential_vars.each { |var| @original_env_vals[var] = ENV[var] }
-    @home = ENV['HOME']
-    @scope = 'https://www.googleapis.com/auth/userinfo.profile'
+    @home = ENV["HOME"]
+    @app_data = ENV["APPDATA"]
+    @program_data = ENV["ProgramData"]
+    @scope = "https://www.googleapis.com/auth/userinfo.profile"
   end
 
-  after(:example) do
+  after :example do
     @credential_vars.each { |var| ENV[var] = @original_env_vals[var] }
-    ENV['HOME'] = @home unless @home == ENV['HOME']
+    ENV["HOME"] = @home unless @home == ENV["HOME"]
+    ENV["APPDATA"] = @app_data unless @app_data == ENV["APPDATA"]
+    ENV["ProgramData"] = @program_data unless @program_data == ENV["ProgramData"]
   end
 
-  shared_examples 'it cannot load misconfigured credentials' do
-    it 'fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist' do
+  shared_examples "it cannot load misconfigured credentials" do
+    it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, 'does-not-exist')
+        key_path = File.join dir, "does-not-exist"
         ENV[@var_name] = key_path
-        expect { Google::Auth.get_application_default(@scope, options) }
+        expect { Google::Auth.get_application_default @scope, options }
           .to raise_error RuntimeError
       end
     end
 
-    it 'fails without default file or env if not on compute engine' do
-      stub = stub_request(:get, 'http://169.254.169.254')
-             .to_return(status: 404,
-                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
+    it "fails without default file or env if not on compute engine" do
+      stub = stub_request(:get, "http://169.254.169.254")
+             .to_return(status:  404,
+                        headers: { "Metadata-Flavor" => "NotGoogle" })
       Dir.mktmpdir do |dir|
-        ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
-        ENV['HOME'] = dir # no config present in this tmp dir
-        blk = proc do
-          Google::Auth.get_application_default(@scope, options)
-        end
-        expect(&blk).to raise_error RuntimeError
+        ENV.delete @var_name unless ENV[@var_name].nil? # no env var
+        ENV["HOME"] = dir # no config present in this tmp dir
+        expect do
+          Google::Auth.get_application_default @scope, options
+        end.to raise_error RuntimeError
       end
       expect(stub).to have_been_requested
     end
   end
 
-  shared_examples 'it can successfully load credentials' do
-    it 'succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid' do
+  shared_examples "it can successfully load credentials" do
+    it "succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid" do
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, 'my_cert_file')
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
+        key_path = File.join dir, "my_cert_file"
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
         ENV[@var_name] = key_path
         expect(Google::Auth.get_application_default(@scope, options))
           .to_not be_nil
       end
     end
 
-    it 'succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS' do
-      ENV.delete(@var_name) unless ENV[@var_name].nil?
+    it "propagates default_connection option" do
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, '.config', WELL_KNOWN_PATH)
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
-        ENV['HOME'] = dir
+        key_path = File.join dir, "my_cert_file"
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
+        ENV[@var_name] = key_path
+        connection = Faraday.new headers: { "User-Agent" => "hello" }
+        opts = options.merge default_connection: connection
+        creds = Google::Auth.get_application_default @scope, opts
+        expect(creds.build_default_connection).to be connection
+      end
+    end
+
+    it "succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS" do
+      ENV.delete @var_name unless ENV[@var_name].nil?
+      Dir.mktmpdir do |dir|
+        key_path = File.join dir, ".config", WELL_KNOWN_PATH
+        key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
+        ENV["HOME"] = dir
+        ENV["APPDATA"] = dir
         expect(Google::Auth.get_application_default(@scope, options))
           .to_not be_nil
       end
     end
 
-    it 'succeeds with default file without a scope' do
-      ENV.delete(@var_name) unless ENV[@var_name].nil?
+    it "succeeds with default file without a scope" do
+      ENV.delete @var_name unless ENV[@var_name].nil?
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, '.config', WELL_KNOWN_PATH)
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
-        ENV['HOME'] = dir
+        key_path = File.join dir, ".config", WELL_KNOWN_PATH
+        key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
+        ENV["HOME"] = dir
+        ENV["APPDATA"] = dir
         expect(Google::Auth.get_application_default(nil, options)).to_not be_nil
       end
     end
 
-    it 'succeeds without default file or env if on compute engine' do
-      stub = stub_request(:get, 'http://169.254.169.254')
-             .to_return(status: 200,
-                        headers: { 'Metadata-Flavor' => 'Google' })
+    it "succeeds without default file or env if on compute engine" do
+      stub = stub_request(:get, "http://169.254.169.254")
+             .to_return(status:  200,
+                        headers: { "Metadata-Flavor" => "Google" })
       Dir.mktmpdir do |dir|
-        ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
-        ENV['HOME'] = dir # no config present in this tmp dir
-        creds = Google::Auth.get_application_default(@scope, options)
+        ENV.delete @var_name unless ENV[@var_name].nil? # no env var
+        ENV["HOME"] = dir # no config present in this tmp dir
+        creds = Google::Auth.get_application_default @scope, options
         expect(creds).to_not be_nil
       end
       expect(stub).to have_been_requested
     end
 
-    it 'succeeds with system default file' do
-      ENV.delete(@var_name) unless ENV[@var_name].nil?
+    it "succeeds with system default file" do
+      ENV.delete @var_name unless ENV[@var_name].nil?
       FakeFS do
-        key_path = File.join('/etc/google/auth/', CREDENTIALS_FILE_NAME)
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
+        ENV["ProgramData"] = "/etc"
+        prefix = OS.windows? ? "/etc/Google/Auth/" : "/etc/google/auth/"
+        key_path = File.join prefix, CREDENTIALS_FILE_NAME
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
         expect(Google::Auth.get_application_default(@scope, options))
           .to_not be_nil
-        File.delete(key_path)
+        File.delete key_path
       end
     end
 
-    it 'succeeds if environment vars are valid' do
-      ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
+    it "succeeds if environment vars are valid" do
+      ENV.delete @var_name unless ENV[@var_name].nil? # no env var
       ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
       ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
       ENV[CLIENT_ID_VAR] = cred_json[:client_id]
@@ -154,95 +178,109 @@ describe '#get_application_default' do
       expect(Google::Auth.get_application_default(@scope, options))
         .to_not be_nil
     end
+
+    it "warns when using cloud sdk credentials" do
+      ENV.delete @var_name unless ENV[@var_name].nil? # no env var
+      ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
+      ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
+      ENV[CLIENT_ID_VAR] = Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID
+      ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
+      ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
+      ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
+      ENV[PROJECT_ID_VAR] = "a_project_id"
+      expect { Google::Auth.get_application_default @scope, options }.to output(
+        Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
+      ).to_stderr
+    end
   end
 
-  describe 'when credential type is service account' do
-    let(:cred_json) do
+  describe "when credential type is service account" do
+    let :cred_json do
       {
-        private_key_id: 'a_private_key_id',
-        private_key: @key.to_pem,
-        client_email: 'app@developer.gserviceaccount.com',
-        client_id: 'app.apps.googleusercontent.com',
-        type: 'service_account'
+        private_key_id: "a_private_key_id",
+        private_key:    @key.to_pem,
+        client_email:   "app@developer.gserviceaccount.com",
+        client_id:      "app.apps.googleusercontent.com",
+        type:           "service_account"
       }
     end
 
     def cred_json_text
-      MultiJson.dump(cred_json)
+      MultiJson.dump cred_json
     end
 
-    it_behaves_like 'it can successfully load credentials'
-    it_behaves_like 'it cannot load misconfigured credentials'
+    it_behaves_like "it can successfully load credentials"
+    it_behaves_like "it cannot load misconfigured credentials"
   end
 
-  describe 'when credential type is authorized_user' do
-    let(:cred_json) do
+  describe "when credential type is authorized_user" do
+    let :cred_json do
       {
-        client_secret: 'privatekey',
-        refresh_token: 'refreshtoken',
-        client_id: 'app.apps.googleusercontent.com',
-        type: 'authorized_user'
+        client_secret: "privatekey",
+        refresh_token: "refreshtoken",
+        client_id:     "app.apps.googleusercontent.com",
+        type:          "authorized_user"
       }
     end
 
     def cred_json_text
-      MultiJson.dump(cred_json)
+      MultiJson.dump cred_json
     end
 
-    it_behaves_like 'it can successfully load credentials'
-    it_behaves_like 'it cannot load misconfigured credentials'
+    it_behaves_like "it can successfully load credentials"
+    it_behaves_like "it cannot load misconfigured credentials"
   end
 
-  describe 'when credential type is unknown' do
-    let(:cred_json) do
+  describe "when credential type is unknown" do
+    let :cred_json do
       {
-        client_secret: 'privatekey',
-        refresh_token: 'refreshtoken',
-        client_id: 'app.apps.googleusercontent.com',
-        private_key: @key.to_pem,
-        client_email: 'app@developer.gserviceaccount.com',
-        type: 'not_known_type'
+        client_secret: "privatekey",
+        refresh_token: "refreshtoken",
+        client_id:     "app.apps.googleusercontent.com",
+        private_key:   @key.to_pem,
+        client_email:  "app@developer.gserviceaccount.com",
+        type:          "not_known_type"
       }
     end
 
     def cred_json_text
-      MultiJson.dump(cred_json)
+      MultiJson.dump cred_json
     end
 
-    it 'fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds' do
+    it "fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds" do
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, 'my_cert_file')
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
+        key_path = File.join dir, "my_cert_file"
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
         ENV[@var_name] = key_path
-        blk = proc do
-          Google::Auth.get_application_default(@scope, options)
-        end
-        expect(&blk).to raise_error RuntimeError
+        expect do
+          Google::Auth.get_application_default @scope, options
+        end.to raise_error RuntimeError
       end
     end
 
-    it 'fails if the well known file contains the creds' do
-      ENV.delete(@var_name) unless ENV[@var_name].nil?
+    it "fails if the well known file contains the creds" do
+      ENV.delete @var_name unless ENV[@var_name].nil?
       Dir.mktmpdir do |dir|
-        key_path = File.join(dir, '.config', WELL_KNOWN_PATH)
-        FileUtils.mkdir_p(File.dirname(key_path))
-        File.write(key_path, cred_json_text)
-        ENV['HOME'] = dir
-        blk = proc do
-          Google::Auth.get_application_default(@scope, options)
-        end
-        expect(&blk).to raise_error RuntimeError
+        key_path = File.join dir, ".config", WELL_KNOWN_PATH
+        key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
+        FileUtils.mkdir_p File.dirname(key_path)
+        File.write key_path, cred_json_text
+        ENV["HOME"] = dir
+        ENV["APPDATA"] = dir
+        expect do
+          Google::Auth.get_application_default @scope, options
+        end.to raise_error RuntimeError
       end
     end
 
-    it 'fails if env vars are set' do
+    it "fails if env vars are set" do
+      ENV[ENV_VAR] = nil
       ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
       ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
-      blk = proc do
-        Google::Auth.get_application_default(@scope, options)
-      end
-      expect(&blk).to raise_error RuntimeError
+      expect do
+        Google::Auth.get_application_default @scope, options
+      end.to raise_error RuntimeError
     end
   end
 end

data/spec/googleauth/iam_spec.rb

@@ -27,54 +27,54 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'googleauth/iam'
+require "googleauth/iam"
 
 describe Google::Auth::IAMCredentials do
   IAMCredentials = Google::Auth::IAMCredentials
-  let(:test_selector) { 'the-test-selector' }
-  let(:test_token) { 'the-test-token' }
-  let(:test_creds) { IAMCredentials.new(test_selector, test_token) }
+  let(:test_selector) { "the-test-selector" }
+  let(:test_token) { "the-test-token" }
+  let(:test_creds) { IAMCredentials.new test_selector, test_token }
 
-  describe '#apply!' do
-    it 'should update the target hash with the iam values' do
-      md = { foo: 'bar' }
-      test_creds.apply!(md)
+  describe "#apply!" do
+    it "should update the target hash with the iam values" do
+      md = { foo: "bar" }
+      test_creds.apply! md
       expect(md[IAMCredentials::SELECTOR_KEY]).to eq test_selector
       expect(md[IAMCredentials::TOKEN_KEY]).to eq test_token
-      expect(md[:foo]).to eq 'bar'
+      expect(md[:foo]).to eq "bar"
     end
   end
 
-  describe 'updater_proc' do
-    it 'should provide a proc that updates a hash with the iam values' do
-      md = { foo: 'bar' }
+  describe "updater_proc" do
+    it "should provide a proc that updates a hash with the iam values" do
+      md = { foo: "bar" }
       the_proc = test_creds.updater_proc
-      got = the_proc.call(md)
+      got = the_proc.call md
       expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
       expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
-      expect(got[:foo]).to eq 'bar'
+      expect(got[:foo]).to eq "bar"
     end
   end
 
-  describe '#apply' do
-    it 'should not update the original hash with the iam values' do
-      md = { foo: 'bar' }
-      test_creds.apply(md)
+  describe "#apply" do
+    it "should not update the original hash with the iam values" do
+      md = { foo: "bar" }
+      test_creds.apply md
       expect(md[IAMCredentials::SELECTOR_KEY]).to be_nil
       expect(md[IAMCredentials::TOKEN_KEY]).to be_nil
-      expect(md[:foo]).to eq 'bar'
+      expect(md[:foo]).to eq "bar"
     end
 
-    it 'should return a with the iam values' do
-      md = { foo: 'bar' }
-      got = test_creds.apply(md)
+    it "should return a with the iam values" do
+      md = { foo: "bar" }
+      got = test_creds.apply md
       expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
       expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
-      expect(got[:foo]).to eq 'bar'
+      expect(got[:foo]).to eq "bar"
     end
   end
 end

data/spec/googleauth/scope_util_spec.rb

@@ -27,49 +27,51 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'googleauth/scope_util'
+require "googleauth/scope_util"
 
 describe Google::Auth::ScopeUtil do
-  shared_examples 'normalizes scopes' do
-    let(:normalized) { Google::Auth::ScopeUtil.normalize(source) }
+  shared_examples "normalizes scopes" do
+    let(:normalized) { Google::Auth::ScopeUtil.normalize source }
 
-    it 'normalizes the email scope' do
+    it "normalizes the email scope" do
       expect(normalized).to include(
-        'https://www.googleapis.com/auth/userinfo.email')
-      expect(normalized).to_not include 'email'
+        "https://www.googleapis.com/auth/userinfo.email"
+      )
+      expect(normalized).to_not include "email"
     end
 
-    it 'normalizes the profile scope' do
+    it "normalizes the profile scope" do
       expect(normalized).to include(
-        'https://www.googleapis.com/auth/userinfo.profile')
-      expect(normalized).to_not include 'profile'
+        "https://www.googleapis.com/auth/userinfo.profile"
+      )
+      expect(normalized).to_not include "profile"
     end
 
-    it 'normalizes the openid scope' do
-      expect(normalized).to include 'https://www.googleapis.com/auth/plus.me'
-      expect(normalized).to_not include 'openid'
+    it "normalizes the openid scope" do
+      expect(normalized).to include "https://www.googleapis.com/auth/plus.me"
+      expect(normalized).to_not include "openid"
     end
 
-    it 'leaves other other scopes as-is' do
-      expect(normalized).to include 'https://www.googleapis.com/auth/drive'
+    it "leaves other other scopes as-is" do
+      expect(normalized).to include "https://www.googleapis.com/auth/drive"
     end
   end
 
-  context 'with scope as string' do
-    let(:source) do
-      'email profile openid https://www.googleapis.com/auth/drive'
+  context "with scope as string" do
+    let :source do
+      "email profile openid https://www.googleapis.com/auth/drive"
     end
-    it_behaves_like 'normalizes scopes'
+    it_behaves_like "normalizes scopes"
   end
 
-  context 'with scope as Array' do
-    let(:source) do
-      %w(email profile openid https://www.googleapis.com/auth/drive)
+  context "with scope as Array" do
+    let :source do
+      %w[email profile openid https://www.googleapis.com/auth/drive]
     end
-    it_behaves_like 'normalizes scopes'
+    it_behaves_like "normalizes scopes"
   end
 end