googleauth 0.8.0 → 0.8.1

data/README.md

@@ -138,7 +138,7 @@ scope = 'https://www.googleapis.com/auth/androidpublisher'
 authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
   json_key_io: File.open('/path/to/service_account_json_key.json'),
   scope: scope)
-  
+
 authorizer.fetch_access_token!
 ```
 
@@ -151,6 +151,26 @@ export GOOGLE_CLIENT_EMAIL=xxxx@xxxx.iam.gserviceaccount.com
 export GOOGLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
 ```
 
+```ruby
+require 'googleauth'
+require 'google/apis/drive_v3'
+
+Drive = ::Google::Apis::DriveV3
+drive = Drive::DriveService.new
+
+# Auths with ENV vars:
+# "GOOGLE_CLIENT_ID",
+# "GOOGLE_CLIENT_EMAIL",
+# "GOOGLE_ACCOUNT_TYPE", 
+# "GOOGLE_PRIVATE_KEY"
+auth = ::Google::Auth::ServiceAccountCredentials
+  .make_creds(scope: 'https://www.googleapis.com/auth/drive')
+drive.authorization = auth
+
+list_files = drive.list_files()
+
+```
+
 ### Storage
 
 Authorizers require a storage instance to manage long term persistence of

data/Rakefile

@@ -1,15 +1,89 @@
 # -*- ruby -*-
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-require 'bundler/gem_tasks'
+require "bundler/gem_tasks"
 
-desc 'Run Rubocop to check for style violations'
-RuboCop::RakeTask.new
+task :ci do
+  header "Using Ruby - #{RUBY_VERSION}"
+  sh "bundle exec rubocop"
+  sh "bundle exec rspec"
+end
 
-desc 'Run rake task'
-RSpec::Core::RakeTask.new(:spec)
+task :release, :tag do |_t, args|
+  tag = args[:tag]
+  raise "You must provide a tag to release." if tag.nil?
 
-desc 'Does rubocop lint and runs the specs'
-task all: [:rubocop, :spec]
+  # Verify the tag format "vVERSION"
+  m = tag.match(/v(?<version>\S*)/)
+  raise "Tag #{tag} does not match the expected format." if m.nil?
 
-task default: :all
+  version = m[:version]
+  raise "You must provide a version." if version.nil?
+
+  api_token = ENV["RUBYGEMS_API_TOKEN"]
+
+  require "gems"
+  if api_token
+    ::Gems.configure do |config|
+      config.key = api_token
+    end
+  end
+
+  Bundler.with_clean_env do
+    sh "rm -rf pkg"
+    sh "bundle update"
+    sh "bundle exec rake build"
+  end
+
+  path_to_be_pushed = "pkg/#{version}.gem"
+  if File.file? path_to_be_pushed
+    begin
+      ::Gems.push File.new(path_to_be_pushed)
+      puts "Successfully built and pushed googleauth for version #{version}"
+    rescue StandardError => e
+      puts "Error while releasing googleauth version #{version}: #{e.message}"
+    end
+  else
+    raise "Cannot build googleauth for version #{version}"
+  end
+end
+
+namespace :kokoro do
+  task :load_env_vars do
+    service_account = "#{ENV['KOKORO_GFILE_DIR']}/service-account.json"
+    ENV["GOOGLE_APPLICATION_CREDENTIALS"] = service_account
+    filename = "#{ENV['KOKORO_GFILE_DIR']}/env_vars.json"
+    env_vars = JSON.parse File.read(filename)
+    env_vars.each { |k, v| ENV[k] = v }
+  end
+
+  task :presubmit do
+    Rake::Task["ci"].invoke
+  end
+
+  task :continuous do
+    Rake::Task["ci"].invoke
+  end
+
+  task :nightly do
+    Rake::Task["ci"].invoke
+  end
+
+  task :release do
+    version = "0.1.0"
+    Bundler.with_clean_env do
+      version = `bundle exec gem list`
+                .split("\n").select { |line| line.include? "googleauth" }
+                .first.split("(").last.split(")").first || "0.1.0"
+    end
+    Rake::Task["kokoro:load_env_vars"].invoke
+    Rake::Task["release"].invoke "v/#{version}"
+  end
+end
+
+def header str, token = "#"
+  line_length = str.length + 8
+  puts ""
+  puts token * line_length
+  puts "#{token * 3} #{str} #{token * 3}"
+  puts token * line_length
+  puts ""
+end

data/googleauth.gemspec

@@ -1,35 +1,35 @@
 # -*- ruby -*-
 # encoding: utf-8
 
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'googleauth/version'
+$LOAD_PATH.push File.expand_path("lib", __dir__)
+require "googleauth/version"
 
-Gem::Specification.new do |s|
-  s.name          = 'googleauth'
-  s.version       = Google::Auth::VERSION
-  s.authors       = ['Tim Emiola']
-  s.email         = 'temiola@google.com'
-  s.homepage      = 'https://github.com/google/google-auth-library-ruby'
-  s.summary       = 'Google Auth Library for Ruby'
-  s.license       = 'Apache-2.0'
-  s.description   = <<-DESCRIPTION
+Gem::Specification.new do |gem|
+  gem.name          = "googleauth"
+  gem.version       = Google::Auth::VERSION
+  gem.authors       = ["Tim Emiola"]
+  gem.email         = "temiola@google.com"
+  gem.homepage      = "https://github.com/google/google-auth-library-ruby"
+  gem.summary       = "Google Auth Library for Ruby"
+  gem.license       = "Apache-2.0"
+  gem.description   = <<-DESCRIPTION
    Allows simple authorization for accessing Google APIs.
    Provide support for Application Default Credentials, as described at
    https://developers.google.com/accounts/docs/application-default-credentials
   DESCRIPTION
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- spec/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*.rb`.split("\n").map do |f|
-    File.basename(f)
+  gem.files         = `git ls-files`.split "\n"
+  gem.test_files    = `git ls-files -- spec/*`.split "\n"
+  gem.executables   = `git ls-files -- bin/*.rb`.split("\n").map do |f|
+    File.basename f
   end
-  s.require_paths = ['lib']
-  s.platform      = Gem::Platform::RUBY
+  gem.require_paths = ["lib"]
+  gem.platform      = Gem::Platform::RUBY
 
-  s.add_dependency 'faraday', '~> 0.12'
-  s.add_dependency 'jwt', '>= 1.4', '< 3.0'
-  s.add_dependency 'memoist', '~> 0.16'
-  s.add_dependency 'multi_json', '~> 1.11'
-  s.add_dependency 'os', '>= 0.9', '< 2.0'
-  s.add_dependency 'signet', '~> 0.7'
+  gem.add_dependency "faraday", "~> 0.12"
+  gem.add_dependency "jwt", ">= 1.4", "< 3.0"
+  gem.add_dependency "memoist", "~> 0.16"
+  gem.add_dependency "multi_json", "~> 1.11"
+  gem.add_dependency "os", ">= 0.9", "< 2.0"
+  gem.add_dependency "signet", "~> 0.7"
 end

data/lib/googleauth.rb

@@ -27,9 +27,9 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/application_default'
-require 'googleauth/client_id'
-require 'googleauth/credentials'
-require 'googleauth/default_credentials'
-require 'googleauth/user_authorizer'
-require 'googleauth/web_user_authorizer'
+require "googleauth/application_default"
+require "googleauth/client_id"
+require "googleauth/credentials"
+require "googleauth/default_credentials"
+require "googleauth/user_authorizer"
+require "googleauth/web_user_authorizer"

data/lib/googleauth/application_default.rb

@@ -27,18 +27,20 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/compute_engine'
-require 'googleauth/default_credentials'
+require "googleauth/compute_engine"
+require "googleauth/default_credentials"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    NOT_FOUND_ERROR = <<ERROR_MESSAGE.freeze
-Could not load the default credentials. Browse to
-https://developers.google.com/accounts/docs/application-default-credentials
-for more information
-ERROR_MESSAGE
+    NOT_FOUND_ERROR = <<~ERROR_MESSAGE.freeze
+      Could not load the default credentials. Browse to
+      https://developers.google.com/accounts/docs/application-default-credentials
+      for more information
+    ERROR_MESSAGE
+
+    module_function
 
     # Obtains the default credentials implementation to use in this
     # environment.
@@ -63,19 +65,17 @@ ERROR_MESSAGE
     #       connection to use for token refresh requests.
     #     * `:connection` The connection to use to determine whether GCE
     #       metadata credentials are available.
-    def get_application_default(scope = nil, options = {})
+    def get_application_default scope = nil, options = {}
       creds = DefaultCredentials.from_env(scope, options) ||
               DefaultCredentials.from_well_known_path(scope, options) ||
               DefaultCredentials.from_system_default_path(scope, options)
       return creds unless creds.nil?
-      unless GCECredentials.on_gce?(options)
+      unless GCECredentials.on_gce? options
         # Clear cache of the result of GCECredentials.on_gce?
         GCECredentials.unmemoize_all
         raise NOT_FOUND_ERROR
       end
       GCECredentials.new
     end
-
-    module_function :get_application_default
   end
 end

data/lib/googleauth/client_id.rb

@@ -27,18 +27,18 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'multi_json'
-require 'googleauth/credentials_loader'
+require "multi_json"
+require "googleauth/credentials_loader"
 
 module Google
   module Auth
     # Representation of an application's identity for user authorization
     # flows.
     class ClientId
-      INSTALLED_APP = 'installed'.freeze
-      WEB_APP = 'web'.freeze
-      CLIENT_ID = 'client_id'.freeze
-      CLIENT_SECRET = 'client_secret'.freeze
+      INSTALLED_APP = "installed".freeze
+      WEB_APP = "web".freeze
+      CLIENT_ID = "client_id".freeze
+      CLIENT_SECRET = "client_secret".freeze
       MISSING_TOP_LEVEL_ELEMENT_ERROR =
         "Expected top level property 'installed' or 'web' to be present.".freeze
 
@@ -63,10 +63,10 @@ module Google
       # @note Direction instantion is discouraged to avoid embedding IDs
       #       & secrets in source. See {#from_file} to load from
       #       `client_secrets.json` files.
-      def initialize(id, secret)
+      def initialize id, secret
         CredentialsLoader.warn_if_cloud_sdk_credentials id
-        raise 'Client id can not be nil' if id.nil?
-        raise 'Client secret can not be nil' if secret.nil?
+        raise "Client id can not be nil" if id.nil?
+        raise "Client secret can not be nil" if secret.nil?
         @id = id
         @secret = secret
       end
@@ -77,12 +77,12 @@ module Google
       # @param [String, File] file
       #  Path of file to read from
       # @return [Google::Auth::ClientID]
-      def self.from_file(file)
-        raise 'File can not be nil.' if file.nil?
-        File.open(file.to_s) do |f|
+      def self.from_file file
+        raise "File can not be nil." if file.nil?
+        File.open file.to_s do |f|
           json = f.read
           config = MultiJson.load json
-          from_hash(config)
+          from_hash config
         end
       end
 
@@ -93,11 +93,11 @@ module Google
       # @param [hash] config
       #  Parsed contents of the JSON file
       # @return [Google::Auth::ClientID]
-      def self.from_hash(config)
-        raise 'Hash can not be nil.' if config.nil?
+      def self.from_hash config
+        raise "Hash can not be nil." if config.nil?
         raw_detail = config[INSTALLED_APP] || config[WEB_APP]
         raise MISSING_TOP_LEVEL_ELEMENT_ERROR if raw_detail.nil?
-        ClientId.new(raw_detail[CLIENT_ID], raw_detail[CLIENT_SECRET])
+        ClientId.new raw_detail[CLIENT_ID], raw_detail[CLIENT_SECRET]
       end
     end
   end

data/lib/googleauth/compute_engine.rb

@@ -27,42 +27,42 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'faraday'
-require 'googleauth/signet'
-require 'memoist'
+require "faraday"
+require "googleauth/signet"
+require "memoist"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    NO_METADATA_SERVER_ERROR = <<ERROR.freeze
-Error code 404 trying to get security access token
-from Compute Engine metadata for the default service account. This
-may be because the virtual machine instance does not have permission
-scopes specified.
-ERROR
-    UNEXPECTED_ERROR_SUFFIX = <<ERROR.freeze
-trying to get security access token from Compute Engine metadata for
-the default service account
-ERROR
+    NO_METADATA_SERVER_ERROR = <<~ERROR.freeze
+      Error code 404 trying to get security access token
+      from Compute Engine metadata for the default service account. This
+      may be because the virtual machine instance does not have permission
+      scopes specified.
+    ERROR
+    UNEXPECTED_ERROR_SUFFIX = <<~ERROR.freeze
+      trying to get security access token from Compute Engine metadata for
+      the default service account
+    ERROR
 
     # Extends Signet::OAuth2::Client so that the auth token is obtained from
     # the GCE metadata server.
     class GCECredentials < Signet::OAuth2::Client
       # The IP Address is used in the URIs to speed up failures on non-GCE
       # systems.
-      COMPUTE_AUTH_TOKEN_URI = 'http://169.254.169.254/computeMetadata/v1/'\
-      'instance/service-accounts/default/token'.freeze
-      COMPUTE_CHECK_URI = 'http://169.254.169.254'.freeze
+      COMPUTE_AUTH_TOKEN_URI = "http://169.254.169.254/computeMetadata/v1/"\
+      "instance/service-accounts/default/token".freeze
+      COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
 
       class << self
         extend Memoist
 
         # Detect if this appear to be a GCE instance, by checking if metadata
         # is available
-        def on_gce?(options = {})
+        def on_gce? options = {}
           c = options[:connection] || Faraday.default_connection
-          resp = c.get(COMPUTE_CHECK_URI) do |req|
+          resp = c.get COMPUTE_CHECK_URI do |req|
             # Comment from: oauth2client/client.py
             #
             # Note: the explicit `timeout` below is a workaround. The underlying
@@ -74,10 +74,10 @@ ERROR
             req.options.timeout = 0.1
           end
           return false unless resp.status == 200
-          return false unless resp.headers.key?('Metadata-Flavor')
-          return resp.headers['Metadata-Flavor'] == 'Google'
+          return false unless resp.headers.key? "Metadata-Flavor"
+          resp.headers["Metadata-Flavor"] == "Google"
         rescue Faraday::TimeoutError, Faraday::ConnectionFailed
-          return false
+          false
         end
 
         memoize :on_gce?
@@ -85,21 +85,21 @@ ERROR
 
       # Overrides the super class method to change how access tokens are
       # fetched.
-      def fetch_access_token(options = {})
+      def fetch_access_token options = {}
         c = options[:connection] || Faraday.default_connection
         retry_with_error do
-          headers = { 'Metadata-Flavor' => 'Google' }
-          resp = c.get(COMPUTE_AUTH_TOKEN_URI, nil, headers)
+          headers = { "Metadata-Flavor" => "Google" }
+          resp = c.get COMPUTE_AUTH_TOKEN_URI, nil, headers
           case resp.status
           when 200
             Signet::OAuth2.parse_credentials(resp.body,
-                                             resp.headers['content-type'])
+                                             resp.headers["content-type"])
           when 404
-            raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
+            raise Signet::AuthorizationError, NO_METADATA_SERVER_ERROR
           else
             msg = "Unexpected error code #{resp.status}" \
               "#{UNEXPECTED_ERROR_SUFFIX}"
-            raise(Signet::AuthorizationError, msg)
+            raise Signet::AuthorizationError, msg
           end
         end
       end

data/lib/googleauth/credentials.rb

@@ -27,21 +27,19 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-# rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity, MethodLength
+require "forwardable"
+require "json"
+require "signet/oauth_2/client"
 
-require 'forwardable'
-require 'json'
-require 'signet/oauth_2/client'
-
-require 'googleauth/credentials_loader'
+require "googleauth/credentials_loader"
 
 module Google
   module Auth
     # This class is intended to be inherited by API-specific classes
     # which overrides the SCOPE constant.
     class Credentials
-      TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'.freeze
-      AUDIENCE = 'https://oauth2.googleapis.com/token'.freeze
+      TOKEN_CREDENTIAL_URI = "https://oauth2.googleapis.com/token".freeze
+      AUDIENCE = "https://oauth2.googleapis.com/token".freeze
       SCOPE = [].freeze
       PATH_ENV_VARS = [].freeze
       JSON_ENV_VARS = [].freeze
@@ -56,35 +54,37 @@ module Google
                      :token_credential_uri, :audience,
                      :scope, :issuer, :signing_key, :updater_proc
 
-      def initialize(keyfile, options = {})
+      # rubocop:disable Metrics/AbcSize
+      def initialize keyfile, options = {}
         scope = options[:scope]
         verify_keyfile_provided! keyfile
-        @project_id = options['project_id'] || options['project']
+        @project_id = options["project_id"] || options["project"]
         if keyfile.is_a? Signet::OAuth2::Client
           @client = keyfile
           @project_id ||= keyfile.project_id if keyfile.respond_to? :project_id
         elsif keyfile.is_a? Hash
           hash = stringify_hash_keys keyfile
-          hash['scope'] ||= scope
+          hash["scope"] ||= scope
           @client = init_client hash, options
-          @project_id ||= (hash['project_id'] || hash['project'])
+          @project_id ||= (hash["project_id"] || hash["project"])
         else
           verify_keyfile_exists! keyfile
           json = JSON.parse ::File.read(keyfile)
-          json['scope'] ||= scope
-          @project_id ||= (json['project_id'] || json['project'])
+          json["scope"] ||= scope
+          @project_id ||= (json["project_id"] || json["project"])
           @client = init_client json, options
         end
         CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
         @project_id ||= CredentialsLoader.load_gcloud_project_id
         @client.fetch_access_token!
       end
+      # rubocop:enable Metrics/AbcSize
 
       # Returns the default credentials checking, in this order, the path env
       # evironment variables, json environment variables, default paths. If the
       # previously stated locations do not contain keyfile information,
       # this method defaults to use the application default.
-      def self.default(options = {})
+      def self.default options = {}
         # First try to find keyfile file from environment variables.
         client = from_path_vars options
 
@@ -99,7 +99,7 @@ module Google
         client
       end
 
-      def self.from_path_vars(options)
+      def self.from_path_vars options
         self::PATH_ENV_VARS
           .map { |v| ENV[v] }
           .compact
@@ -110,23 +110,21 @@ module Google
         nil
       end
 
-      def self.from_json_vars(options)
+      def self.from_json_vars options
         json = lambda do |v|
           unless ENV[v].nil?
             begin
               JSON.parse ENV[v]
-            rescue
+            rescue StandardError
               nil
             end
           end
         end
-        self::JSON_ENV_VARS.map(&json).compact.each do |hash|
-          return new hash, options
-        end
+        self::JSON_ENV_VARS.map(&json).compact.each { |hash| return new hash, options }
         nil
       end
 
-      def self.from_default_paths(options)
+      def self.from_default_paths options
         self::DEFAULT_PATHS
           .select { |p| ::File.file? p }
           .each do |file|
@@ -135,7 +133,7 @@ module Google
         nil
       end
 
-      def self.from_application_default(options)
+      def self.from_application_default options
         scope = options[:scope] || self::SCOPE
         client = Google::Auth.get_application_default scope
         new client, options
@@ -148,41 +146,41 @@ module Google
       protected
 
       # Verify that the keyfile argument is provided.
-      def verify_keyfile_provided!(keyfile)
+      def verify_keyfile_provided! keyfile
         return unless keyfile.nil?
-        raise 'The keyfile passed to Google::Auth::Credentials.new was nil.'
+        raise "The keyfile passed to Google::Auth::Credentials.new was nil."
       end
 
       # Verify that the keyfile argument is a file.
-      def verify_keyfile_exists!(keyfile)
+      def verify_keyfile_exists! keyfile
         exists = ::File.file? keyfile
         raise "The keyfile '#{keyfile}' is not a valid file." unless exists
       end
 
       # Initializes the Signet client.
-      def init_client(keyfile, connection_options = {})
+      def init_client keyfile, connection_options = {}
         client_opts = client_options keyfile
         Signet::OAuth2::Client.new(client_opts)
                               .configure_connection(connection_options)
       end
 
       # returns a new Hash with string keys instead of symbol keys.
-      def stringify_hash_keys(hash)
+      def stringify_hash_keys hash
         Hash[hash.map { |k, v| [k.to_s, v] }]
       end
 
-      def client_options(options)
+      def client_options options
         # Keyfile options have higher priority over constructor defaults
-        options['token_credential_uri'] ||= self.class::TOKEN_CREDENTIAL_URI
-        options['audience'] ||= self.class::AUDIENCE
-        options['scope'] ||= self.class::SCOPE
+        options["token_credential_uri"] ||= self.class::TOKEN_CREDENTIAL_URI
+        options["audience"] ||= self.class::AUDIENCE
+        options["scope"] ||= self.class::SCOPE
 
         # client options for initializing signet client
-        { token_credential_uri: options['token_credential_uri'],
-          audience: options['audience'],
-          scope: Array(options['scope']),
-          issuer: options['client_email'],
-          signing_key: OpenSSL::PKey::RSA.new(options['private_key']) }
+        { token_credential_uri: options["token_credential_uri"],
+          audience:             options["audience"],
+          scope:                Array(options["scope"]),
+          issuer:               options["client_email"],
+          signing_key:          OpenSSL::PKey::RSA.new(options["private_key"]) }
       end
     end
   end