googleauth 0.5.1 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/CODEOWNERS +7 -0
- data/{CONTRIBUTING.md → .github/CONTRIBUTING.md} +5 -4
- data/.github/ISSUE_TEMPLATE/bug_report.md +36 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +21 -0
- data/.github/ISSUE_TEMPLATE/support_request.md +7 -0
- data/.kokoro/build.bat +16 -0
- data/.kokoro/build.sh +4 -0
- data/.kokoro/continuous/common.cfg +24 -0
- data/.kokoro/continuous/linux.cfg +25 -0
- data/.kokoro/continuous/osx.cfg +8 -0
- data/.kokoro/continuous/post.cfg +30 -0
- data/.kokoro/continuous/windows.cfg +29 -0
- data/.kokoro/osx.sh +4 -0
- data/.kokoro/presubmit/common.cfg +24 -0
- data/.kokoro/presubmit/linux.cfg +24 -0
- data/.kokoro/presubmit/osx.cfg +8 -0
- data/.kokoro/presubmit/windows.cfg +29 -0
- data/.kokoro/release.cfg +94 -0
- data/.kokoro/trampoline.bat +10 -0
- data/.kokoro/trampoline.sh +4 -0
- data/.repo-metadata.json +5 -0
- data/.rubocop.yml +19 -1
- data/CHANGELOG.md +112 -19
- data/CODE_OF_CONDUCT.md +43 -0
- data/Gemfile +19 -13
- data/{COPYING → LICENSE} +0 -0
- data/README.md +58 -18
- data/Rakefile +126 -9
- data/googleauth.gemspec +28 -25
- data/integration/helper.rb +31 -0
- data/integration/id_tokens/key_source_test.rb +74 -0
- data/lib/googleauth.rb +7 -96
- data/lib/googleauth/application_default.rb +81 -0
- data/lib/googleauth/client_id.rb +21 -19
- data/lib/googleauth/compute_engine.rb +70 -43
- data/lib/googleauth/credentials.rb +442 -0
- data/lib/googleauth/credentials_loader.rb +117 -43
- data/lib/googleauth/default_credentials.rb +93 -0
- data/lib/googleauth/iam.rb +11 -11
- data/lib/googleauth/id_tokens.rb +233 -0
- data/lib/googleauth/id_tokens/errors.rb +71 -0
- data/lib/googleauth/id_tokens/key_sources.rb +394 -0
- data/lib/googleauth/id_tokens/verifier.rb +144 -0
- data/lib/googleauth/json_key_reader.rb +50 -0
- data/lib/googleauth/scope_util.rb +12 -12
- data/lib/googleauth/service_account.rb +74 -63
- data/lib/googleauth/signet.rb +55 -13
- data/lib/googleauth/stores/file_token_store.rb +8 -8
- data/lib/googleauth/stores/redis_token_store.rb +22 -22
- data/lib/googleauth/token_store.rb +6 -6
- data/lib/googleauth/user_authorizer.rb +80 -68
- data/lib/googleauth/user_refresh.rb +44 -35
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +77 -68
- data/rakelib/devsite_builder.rb +45 -0
- data/rakelib/link_checker.rb +64 -0
- data/rakelib/repo_metadata.rb +59 -0
- data/spec/googleauth/apply_auth_examples.rb +74 -50
- data/spec/googleauth/client_id_spec.rb +75 -55
- data/spec/googleauth/compute_engine_spec.rb +98 -46
- data/spec/googleauth/credentials_spec.rb +478 -0
- data/spec/googleauth/get_application_default_spec.rb +149 -111
- data/spec/googleauth/iam_spec.rb +25 -25
- data/spec/googleauth/scope_util_spec.rb +26 -24
- data/spec/googleauth/service_account_spec.rb +269 -144
- data/spec/googleauth/signet_spec.rb +101 -30
- data/spec/googleauth/stores/file_token_store_spec.rb +12 -13
- data/spec/googleauth/stores/redis_token_store_spec.rb +11 -11
- data/spec/googleauth/stores/store_examples.rb +16 -16
- data/spec/googleauth/user_authorizer_spec.rb +153 -124
- data/spec/googleauth/user_refresh_spec.rb +186 -121
- data/spec/googleauth/web_user_authorizer_spec.rb +82 -69
- data/spec/spec_helper.rb +21 -19
- data/test/helper.rb +33 -0
- data/test/id_tokens/key_sources_test.rb +240 -0
- data/test/id_tokens/verifier_test.rb +269 -0
- metadata +87 -34
- data/.rubocop_todo.yml +0 -32
- data/.travis.yml +0 -37
@@ -27,124 +27,148 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
35
|
-
require
|
36
|
-
require
|
37
|
-
require
|
34
|
+
require "faraday"
|
35
|
+
require "fakefs/safe"
|
36
|
+
require "googleauth"
|
37
|
+
require "spec_helper"
|
38
|
+
require "os"
|
38
39
|
|
39
|
-
describe
|
40
|
+
describe "#get_application_default" do
|
40
41
|
# Pass unique options each time to bypass memoization
|
41
42
|
let(:options) { |example| { dememoize: example } }
|
42
43
|
|
43
|
-
before
|
44
|
-
@key = OpenSSL::PKey::RSA.new
|
44
|
+
before :example do
|
45
|
+
@key = OpenSSL::PKey::RSA.new 2048
|
45
46
|
@var_name = ENV_VAR
|
46
47
|
@credential_vars = [
|
47
48
|
ENV_VAR, PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR, CLIENT_ID_VAR,
|
48
|
-
CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR
|
49
|
+
CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR
|
50
|
+
]
|
49
51
|
@original_env_vals = {}
|
50
52
|
@credential_vars.each { |var| @original_env_vals[var] = ENV[var] }
|
51
|
-
@home = ENV[
|
52
|
-
@
|
53
|
+
@home = ENV["HOME"]
|
54
|
+
@app_data = ENV["APPDATA"]
|
55
|
+
@program_data = ENV["ProgramData"]
|
56
|
+
@scope = "https://www.googleapis.com/auth/userinfo.profile"
|
53
57
|
end
|
54
58
|
|
55
|
-
after
|
59
|
+
after :example do
|
56
60
|
@credential_vars.each { |var| ENV[var] = @original_env_vals[var] }
|
57
|
-
ENV[
|
61
|
+
ENV["HOME"] = @home unless @home == ENV["HOME"]
|
62
|
+
ENV["APPDATA"] = @app_data unless @app_data == ENV["APPDATA"]
|
63
|
+
ENV["ProgramData"] = @program_data unless @program_data == ENV["ProgramData"]
|
58
64
|
end
|
59
65
|
|
60
|
-
shared_examples
|
61
|
-
it
|
66
|
+
shared_examples "it cannot load misconfigured credentials" do
|
67
|
+
it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do
|
62
68
|
Dir.mktmpdir do |dir|
|
63
|
-
key_path = File.join
|
69
|
+
key_path = File.join dir, "does-not-exist"
|
64
70
|
ENV[@var_name] = key_path
|
65
|
-
expect { Google::Auth.get_application_default
|
71
|
+
expect { Google::Auth.get_application_default @scope, options }
|
66
72
|
.to raise_error RuntimeError
|
67
73
|
end
|
68
74
|
end
|
69
75
|
|
70
|
-
it
|
71
|
-
stub = stub_request(:get,
|
72
|
-
.to_return(status:
|
73
|
-
headers: {
|
76
|
+
it "fails without default file or env if not on compute engine" do
|
77
|
+
stub = stub_request(:get, "http://169.254.169.254")
|
78
|
+
.to_return(status: 404,
|
79
|
+
headers: { "Metadata-Flavor" => "NotGoogle" })
|
74
80
|
Dir.mktmpdir do |dir|
|
75
|
-
ENV.delete
|
76
|
-
ENV[
|
77
|
-
|
78
|
-
Google::Auth.get_application_default
|
79
|
-
end
|
80
|
-
expect(&blk).to raise_error RuntimeError
|
81
|
+
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
82
|
+
ENV["HOME"] = dir # no config present in this tmp dir
|
83
|
+
expect do
|
84
|
+
Google::Auth.get_application_default @scope, options
|
85
|
+
end.to raise_error RuntimeError
|
81
86
|
end
|
82
87
|
expect(stub).to have_been_requested
|
83
88
|
end
|
84
89
|
end
|
85
90
|
|
86
|
-
shared_examples
|
87
|
-
it
|
91
|
+
shared_examples "it can successfully load credentials" do
|
92
|
+
it "succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid" do
|
88
93
|
Dir.mktmpdir do |dir|
|
89
|
-
key_path = File.join
|
90
|
-
FileUtils.mkdir_p
|
91
|
-
File.write
|
94
|
+
key_path = File.join dir, "my_cert_file"
|
95
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
96
|
+
File.write key_path, cred_json_text
|
92
97
|
ENV[@var_name] = key_path
|
93
98
|
expect(Google::Auth.get_application_default(@scope, options))
|
94
99
|
.to_not be_nil
|
95
100
|
end
|
96
101
|
end
|
97
102
|
|
98
|
-
it
|
99
|
-
ENV.delete(@var_name) unless ENV[@var_name].nil?
|
103
|
+
it "propagates default_connection option" do
|
100
104
|
Dir.mktmpdir do |dir|
|
101
|
-
key_path = File.join
|
102
|
-
FileUtils.mkdir_p
|
103
|
-
File.write
|
104
|
-
ENV[
|
105
|
+
key_path = File.join dir, "my_cert_file"
|
106
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
107
|
+
File.write key_path, cred_json_text
|
108
|
+
ENV[@var_name] = key_path
|
109
|
+
connection = Faraday.new headers: { "User-Agent" => "hello" }
|
110
|
+
opts = options.merge default_connection: connection
|
111
|
+
creds = Google::Auth.get_application_default @scope, opts
|
112
|
+
expect(creds.build_default_connection).to be connection
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
it "succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS" do
|
117
|
+
ENV.delete @var_name unless ENV[@var_name].nil?
|
118
|
+
Dir.mktmpdir do |dir|
|
119
|
+
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
120
|
+
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
121
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
122
|
+
File.write key_path, cred_json_text
|
123
|
+
ENV["HOME"] = dir
|
124
|
+
ENV["APPDATA"] = dir
|
105
125
|
expect(Google::Auth.get_application_default(@scope, options))
|
106
126
|
.to_not be_nil
|
107
127
|
end
|
108
128
|
end
|
109
129
|
|
110
|
-
it
|
111
|
-
ENV.delete
|
130
|
+
it "succeeds with default file without a scope" do
|
131
|
+
ENV.delete @var_name unless ENV[@var_name].nil?
|
112
132
|
Dir.mktmpdir do |dir|
|
113
|
-
key_path = File.join
|
114
|
-
|
115
|
-
File.
|
116
|
-
|
133
|
+
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
134
|
+
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
135
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
136
|
+
File.write key_path, cred_json_text
|
137
|
+
ENV["HOME"] = dir
|
138
|
+
ENV["APPDATA"] = dir
|
117
139
|
expect(Google::Auth.get_application_default(nil, options)).to_not be_nil
|
118
140
|
end
|
119
141
|
end
|
120
142
|
|
121
|
-
it
|
122
|
-
stub = stub_request(:get,
|
123
|
-
.to_return(status:
|
124
|
-
headers: {
|
143
|
+
it "succeeds without default file or env if on compute engine" do
|
144
|
+
stub = stub_request(:get, "http://169.254.169.254")
|
145
|
+
.to_return(status: 200,
|
146
|
+
headers: { "Metadata-Flavor" => "Google" })
|
125
147
|
Dir.mktmpdir do |dir|
|
126
|
-
ENV.delete
|
127
|
-
ENV[
|
128
|
-
creds = Google::Auth.get_application_default
|
148
|
+
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
149
|
+
ENV["HOME"] = dir # no config present in this tmp dir
|
150
|
+
creds = Google::Auth.get_application_default @scope, options
|
129
151
|
expect(creds).to_not be_nil
|
130
152
|
end
|
131
153
|
expect(stub).to have_been_requested
|
132
154
|
end
|
133
155
|
|
134
|
-
it
|
135
|
-
ENV.delete
|
156
|
+
it "succeeds with system default file" do
|
157
|
+
ENV.delete @var_name unless ENV[@var_name].nil?
|
136
158
|
FakeFS do
|
137
|
-
|
138
|
-
|
139
|
-
File.
|
159
|
+
ENV["ProgramData"] = "/etc"
|
160
|
+
prefix = OS.windows? ? "/etc/Google/Auth/" : "/etc/google/auth/"
|
161
|
+
key_path = File.join prefix, CREDENTIALS_FILE_NAME
|
162
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
163
|
+
File.write key_path, cred_json_text
|
140
164
|
expect(Google::Auth.get_application_default(@scope, options))
|
141
165
|
.to_not be_nil
|
142
|
-
File.delete
|
166
|
+
File.delete key_path
|
143
167
|
end
|
144
168
|
end
|
145
169
|
|
146
|
-
it
|
147
|
-
ENV.delete
|
170
|
+
it "succeeds if environment vars are valid" do
|
171
|
+
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
148
172
|
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
149
173
|
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
150
174
|
ENV[CLIENT_ID_VAR] = cred_json[:client_id]
|
@@ -154,95 +178,109 @@ describe '#get_application_default' do
|
|
154
178
|
expect(Google::Auth.get_application_default(@scope, options))
|
155
179
|
.to_not be_nil
|
156
180
|
end
|
181
|
+
|
182
|
+
it "warns when using cloud sdk credentials" do
|
183
|
+
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
184
|
+
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
185
|
+
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
186
|
+
ENV[CLIENT_ID_VAR] = Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID
|
187
|
+
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
188
|
+
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
189
|
+
ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
|
190
|
+
ENV[PROJECT_ID_VAR] = "a_project_id"
|
191
|
+
expect { Google::Auth.get_application_default @scope, options }.to output(
|
192
|
+
Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
|
193
|
+
).to_stderr
|
194
|
+
end
|
157
195
|
end
|
158
196
|
|
159
|
-
describe
|
160
|
-
let
|
197
|
+
describe "when credential type is service account" do
|
198
|
+
let :cred_json do
|
161
199
|
{
|
162
|
-
private_key_id:
|
163
|
-
private_key:
|
164
|
-
client_email:
|
165
|
-
client_id:
|
166
|
-
type:
|
200
|
+
private_key_id: "a_private_key_id",
|
201
|
+
private_key: @key.to_pem,
|
202
|
+
client_email: "app@developer.gserviceaccount.com",
|
203
|
+
client_id: "app.apps.googleusercontent.com",
|
204
|
+
type: "service_account"
|
167
205
|
}
|
168
206
|
end
|
169
207
|
|
170
208
|
def cred_json_text
|
171
|
-
MultiJson.dump
|
209
|
+
MultiJson.dump cred_json
|
172
210
|
end
|
173
211
|
|
174
|
-
it_behaves_like
|
175
|
-
it_behaves_like
|
212
|
+
it_behaves_like "it can successfully load credentials"
|
213
|
+
it_behaves_like "it cannot load misconfigured credentials"
|
176
214
|
end
|
177
215
|
|
178
|
-
describe
|
179
|
-
let
|
216
|
+
describe "when credential type is authorized_user" do
|
217
|
+
let :cred_json do
|
180
218
|
{
|
181
|
-
client_secret:
|
182
|
-
refresh_token:
|
183
|
-
client_id:
|
184
|
-
type:
|
219
|
+
client_secret: "privatekey",
|
220
|
+
refresh_token: "refreshtoken",
|
221
|
+
client_id: "app.apps.googleusercontent.com",
|
222
|
+
type: "authorized_user"
|
185
223
|
}
|
186
224
|
end
|
187
225
|
|
188
226
|
def cred_json_text
|
189
|
-
MultiJson.dump
|
227
|
+
MultiJson.dump cred_json
|
190
228
|
end
|
191
229
|
|
192
|
-
it_behaves_like
|
193
|
-
it_behaves_like
|
230
|
+
it_behaves_like "it can successfully load credentials"
|
231
|
+
it_behaves_like "it cannot load misconfigured credentials"
|
194
232
|
end
|
195
233
|
|
196
|
-
describe
|
197
|
-
let
|
234
|
+
describe "when credential type is unknown" do
|
235
|
+
let :cred_json do
|
198
236
|
{
|
199
|
-
client_secret:
|
200
|
-
refresh_token:
|
201
|
-
client_id:
|
202
|
-
private_key:
|
203
|
-
client_email:
|
204
|
-
type:
|
237
|
+
client_secret: "privatekey",
|
238
|
+
refresh_token: "refreshtoken",
|
239
|
+
client_id: "app.apps.googleusercontent.com",
|
240
|
+
private_key: @key.to_pem,
|
241
|
+
client_email: "app@developer.gserviceaccount.com",
|
242
|
+
type: "not_known_type"
|
205
243
|
}
|
206
244
|
end
|
207
245
|
|
208
246
|
def cred_json_text
|
209
|
-
MultiJson.dump
|
247
|
+
MultiJson.dump cred_json
|
210
248
|
end
|
211
249
|
|
212
|
-
it
|
250
|
+
it "fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds" do
|
213
251
|
Dir.mktmpdir do |dir|
|
214
|
-
key_path = File.join
|
215
|
-
FileUtils.mkdir_p
|
216
|
-
File.write
|
252
|
+
key_path = File.join dir, "my_cert_file"
|
253
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
254
|
+
File.write key_path, cred_json_text
|
217
255
|
ENV[@var_name] = key_path
|
218
|
-
|
219
|
-
Google::Auth.get_application_default
|
220
|
-
end
|
221
|
-
expect(&blk).to raise_error RuntimeError
|
256
|
+
expect do
|
257
|
+
Google::Auth.get_application_default @scope, options
|
258
|
+
end.to raise_error RuntimeError
|
222
259
|
end
|
223
260
|
end
|
224
261
|
|
225
|
-
it
|
226
|
-
ENV.delete
|
262
|
+
it "fails if the well known file contains the creds" do
|
263
|
+
ENV.delete @var_name unless ENV[@var_name].nil?
|
227
264
|
Dir.mktmpdir do |dir|
|
228
|
-
key_path = File.join
|
229
|
-
|
230
|
-
File.
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
265
|
+
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
266
|
+
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
267
|
+
FileUtils.mkdir_p File.dirname(key_path)
|
268
|
+
File.write key_path, cred_json_text
|
269
|
+
ENV["HOME"] = dir
|
270
|
+
ENV["APPDATA"] = dir
|
271
|
+
expect do
|
272
|
+
Google::Auth.get_application_default @scope, options
|
273
|
+
end.to raise_error RuntimeError
|
236
274
|
end
|
237
275
|
end
|
238
276
|
|
239
|
-
it
|
277
|
+
it "fails if env vars are set" do
|
278
|
+
ENV[ENV_VAR] = nil
|
240
279
|
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
241
280
|
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
242
|
-
|
243
|
-
Google::Auth.get_application_default
|
244
|
-
end
|
245
|
-
expect(&blk).to raise_error RuntimeError
|
281
|
+
expect do
|
282
|
+
Google::Auth.get_application_default @scope, options
|
283
|
+
end.to raise_error RuntimeError
|
246
284
|
end
|
247
285
|
end
|
248
286
|
end
|
data/spec/googleauth/iam_spec.rb
CHANGED
@@ -27,54 +27,54 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
34
|
+
require "googleauth/iam"
|
35
35
|
|
36
36
|
describe Google::Auth::IAMCredentials do
|
37
37
|
IAMCredentials = Google::Auth::IAMCredentials
|
38
|
-
let(:test_selector) {
|
39
|
-
let(:test_token) {
|
40
|
-
let(:test_creds) { IAMCredentials.new
|
38
|
+
let(:test_selector) { "the-test-selector" }
|
39
|
+
let(:test_token) { "the-test-token" }
|
40
|
+
let(:test_creds) { IAMCredentials.new test_selector, test_token }
|
41
41
|
|
42
|
-
describe
|
43
|
-
it
|
44
|
-
md = { foo:
|
45
|
-
test_creds.apply!
|
42
|
+
describe "#apply!" do
|
43
|
+
it "should update the target hash with the iam values" do
|
44
|
+
md = { foo: "bar" }
|
45
|
+
test_creds.apply! md
|
46
46
|
expect(md[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
47
47
|
expect(md[IAMCredentials::TOKEN_KEY]).to eq test_token
|
48
|
-
expect(md[:foo]).to eq
|
48
|
+
expect(md[:foo]).to eq "bar"
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
-
describe
|
53
|
-
it
|
54
|
-
md = { foo:
|
52
|
+
describe "updater_proc" do
|
53
|
+
it "should provide a proc that updates a hash with the iam values" do
|
54
|
+
md = { foo: "bar" }
|
55
55
|
the_proc = test_creds.updater_proc
|
56
|
-
got = the_proc.call
|
56
|
+
got = the_proc.call md
|
57
57
|
expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
58
58
|
expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
|
59
|
-
expect(got[:foo]).to eq
|
59
|
+
expect(got[:foo]).to eq "bar"
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
63
|
-
describe
|
64
|
-
it
|
65
|
-
md = { foo:
|
66
|
-
test_creds.apply
|
63
|
+
describe "#apply" do
|
64
|
+
it "should not update the original hash with the iam values" do
|
65
|
+
md = { foo: "bar" }
|
66
|
+
test_creds.apply md
|
67
67
|
expect(md[IAMCredentials::SELECTOR_KEY]).to be_nil
|
68
68
|
expect(md[IAMCredentials::TOKEN_KEY]).to be_nil
|
69
|
-
expect(md[:foo]).to eq
|
69
|
+
expect(md[:foo]).to eq "bar"
|
70
70
|
end
|
71
71
|
|
72
|
-
it
|
73
|
-
md = { foo:
|
74
|
-
got = test_creds.apply
|
72
|
+
it "should return a with the iam values" do
|
73
|
+
md = { foo: "bar" }
|
74
|
+
got = test_creds.apply md
|
75
75
|
expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
76
76
|
expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
|
77
|
-
expect(got[:foo]).to eq
|
77
|
+
expect(got[:foo]).to eq "bar"
|
78
78
|
end
|
79
79
|
end
|
80
80
|
end
|
@@ -27,49 +27,51 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
34
|
+
require "googleauth/scope_util"
|
35
35
|
|
36
36
|
describe Google::Auth::ScopeUtil do
|
37
|
-
shared_examples
|
38
|
-
let(:normalized) { Google::Auth::ScopeUtil.normalize
|
37
|
+
shared_examples "normalizes scopes" do
|
38
|
+
let(:normalized) { Google::Auth::ScopeUtil.normalize source }
|
39
39
|
|
40
|
-
it
|
40
|
+
it "normalizes the email scope" do
|
41
41
|
expect(normalized).to include(
|
42
|
-
|
43
|
-
|
42
|
+
"https://www.googleapis.com/auth/userinfo.email"
|
43
|
+
)
|
44
|
+
expect(normalized).to_not include "email"
|
44
45
|
end
|
45
46
|
|
46
|
-
it
|
47
|
+
it "normalizes the profile scope" do
|
47
48
|
expect(normalized).to include(
|
48
|
-
|
49
|
-
|
49
|
+
"https://www.googleapis.com/auth/userinfo.profile"
|
50
|
+
)
|
51
|
+
expect(normalized).to_not include "profile"
|
50
52
|
end
|
51
53
|
|
52
|
-
it
|
53
|
-
expect(normalized).to include
|
54
|
-
expect(normalized).to_not include
|
54
|
+
it "normalizes the openid scope" do
|
55
|
+
expect(normalized).to include "https://www.googleapis.com/auth/plus.me"
|
56
|
+
expect(normalized).to_not include "openid"
|
55
57
|
end
|
56
58
|
|
57
|
-
it
|
58
|
-
expect(normalized).to include
|
59
|
+
it "leaves other other scopes as-is" do
|
60
|
+
expect(normalized).to include "https://www.googleapis.com/auth/drive"
|
59
61
|
end
|
60
62
|
end
|
61
63
|
|
62
|
-
context
|
63
|
-
let
|
64
|
-
|
64
|
+
context "with scope as string" do
|
65
|
+
let :source do
|
66
|
+
"email profile openid https://www.googleapis.com/auth/drive"
|
65
67
|
end
|
66
|
-
it_behaves_like
|
68
|
+
it_behaves_like "normalizes scopes"
|
67
69
|
end
|
68
70
|
|
69
|
-
context
|
70
|
-
let
|
71
|
-
%w
|
71
|
+
context "with scope as Array" do
|
72
|
+
let :source do
|
73
|
+
%w[email profile openid https://www.googleapis.com/auth/drive]
|
72
74
|
end
|
73
|
-
it_behaves_like
|
75
|
+
it_behaves_like "normalizes scopes"
|
74
76
|
end
|
75
77
|
end
|