googleauth 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.kokoro/build.sh +2 -34
- data/.kokoro/continuous/common.cfg +5 -0
- data/.kokoro/continuous/linux.cfg +1 -1
- data/.kokoro/osx.sh +2 -33
- data/.kokoro/presubmit/common.cfg +5 -0
- data/.kokoro/presubmit/linux.cfg +1 -1
- data/.kokoro/release.cfg +53 -0
- data/.kokoro/trampoline.sh +3 -23
- data/.kokoro/windows.sh +2 -30
- data/.rubocop.yml +7 -24
- data/CHANGELOG.md +24 -39
- data/Gemfile +14 -14
- data/README.md +21 -1
- data/Rakefile +84 -10
- data/googleauth.gemspec +23 -23
- data/lib/googleauth.rb +6 -6
- data/lib/googleauth/application_default.rb +11 -11
- data/lib/googleauth/client_id.rb +16 -16
- data/lib/googleauth/compute_engine.rb +27 -27
- data/lib/googleauth/credentials.rb +35 -37
- data/lib/googleauth/credentials_loader.rb +64 -67
- data/lib/googleauth/default_credentials.rb +18 -18
- data/lib/googleauth/iam.rb +9 -9
- data/lib/googleauth/json_key_reader.rb +6 -6
- data/lib/googleauth/scope_util.rb +11 -11
- data/lib/googleauth/service_account.rb +42 -42
- data/lib/googleauth/signet.rb +15 -17
- data/lib/googleauth/stores/file_token_store.rb +8 -8
- data/lib/googleauth/stores/redis_token_store.rb +17 -17
- data/lib/googleauth/token_store.rb +6 -6
- data/lib/googleauth/user_authorizer.rb +55 -59
- data/lib/googleauth/user_refresh.rb +27 -27
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +55 -56
- data/spec/googleauth/apply_auth_examples.rb +46 -46
- data/spec/googleauth/client_id_spec.rb +54 -54
- data/spec/googleauth/compute_engine_spec.rb +41 -41
- data/spec/googleauth/credentials_spec.rb +97 -97
- data/spec/googleauth/get_application_default_spec.rb +114 -114
- data/spec/googleauth/iam_spec.rb +25 -25
- data/spec/googleauth/scope_util_spec.rb +24 -24
- data/spec/googleauth/service_account_spec.rb +204 -194
- data/spec/googleauth/signet_spec.rb +37 -38
- data/spec/googleauth/stores/file_token_store_spec.rb +12 -12
- data/spec/googleauth/stores/redis_token_store_spec.rb +11 -11
- data/spec/googleauth/stores/store_examples.rb +16 -16
- data/spec/googleauth/user_authorizer_spec.rb +120 -121
- data/spec/googleauth/user_refresh_spec.rb +151 -146
- data/spec/googleauth/web_user_authorizer_spec.rb +66 -66
- data/spec/spec_helper.rb +19 -19
- metadata +4 -6
- data/.kokoro/common.cfg +0 -22
- data/.travis.yml +0 -40
@@ -27,131 +27,131 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
35
|
-
require
|
36
|
-
require
|
34
|
+
require "spec_helper"
|
35
|
+
require "fakefs/safe"
|
36
|
+
require "googleauth"
|
37
37
|
|
38
38
|
describe Google::Auth::ClientId do
|
39
|
-
shared_examples
|
40
|
-
it
|
41
|
-
expect(client_id.id).to eql
|
39
|
+
shared_examples "it has a valid config" do
|
40
|
+
it "should include a valid id" do
|
41
|
+
expect(client_id.id).to eql "abc@example.com"
|
42
42
|
end
|
43
43
|
|
44
|
-
it
|
45
|
-
expect(client_id.secret).to eql
|
44
|
+
it "should include a valid secret" do
|
45
|
+
expect(client_id.secret).to eql "notasecret"
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
49
|
-
shared_examples
|
50
|
-
context
|
49
|
+
shared_examples "it can successfully load client_id" do
|
50
|
+
context "loaded from hash" do
|
51
51
|
let(:client_id) { Google::Auth::ClientId.from_hash config }
|
52
52
|
|
53
|
-
it_behaves_like
|
53
|
+
it_behaves_like "it has a valid config"
|
54
54
|
end
|
55
55
|
|
56
|
-
context
|
57
|
-
file_path =
|
56
|
+
context "loaded from file" do
|
57
|
+
file_path = "/client_secrets.json"
|
58
58
|
|
59
|
-
let
|
59
|
+
let :client_id do
|
60
60
|
FakeFS do
|
61
|
-
content = MultiJson.dump
|
62
|
-
File.write
|
63
|
-
Google::Auth::ClientId.from_file
|
61
|
+
content = MultiJson.dump config
|
62
|
+
File.write file_path, content
|
63
|
+
Google::Auth::ClientId.from_file file_path
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
-
it_behaves_like
|
67
|
+
it_behaves_like "it has a valid config"
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
|
-
describe
|
72
|
-
let
|
71
|
+
describe "with web config" do
|
72
|
+
let :config do
|
73
73
|
{
|
74
|
-
|
75
|
-
|
76
|
-
|
74
|
+
"web" => {
|
75
|
+
"client_id" => "abc@example.com",
|
76
|
+
"client_secret" => "notasecret"
|
77
77
|
}
|
78
78
|
}
|
79
79
|
end
|
80
|
-
it_behaves_like
|
80
|
+
it_behaves_like "it can successfully load client_id"
|
81
81
|
end
|
82
82
|
|
83
|
-
describe
|
84
|
-
let
|
83
|
+
describe "with installed app config" do
|
84
|
+
let :config do
|
85
85
|
{
|
86
|
-
|
87
|
-
|
88
|
-
|
86
|
+
"installed" => {
|
87
|
+
"client_id" => "abc@example.com",
|
88
|
+
"client_secret" => "notasecret"
|
89
89
|
}
|
90
90
|
}
|
91
91
|
end
|
92
|
-
it_behaves_like
|
92
|
+
it_behaves_like "it can successfully load client_id"
|
93
93
|
end
|
94
94
|
|
95
|
-
context
|
96
|
-
let
|
95
|
+
context "with missing top level property" do
|
96
|
+
let :config do
|
97
97
|
{
|
98
|
-
|
99
|
-
|
100
|
-
|
98
|
+
"notvalid" => {
|
99
|
+
"client_id" => "abc@example.com",
|
100
|
+
"client_secret" => "notasecret"
|
101
101
|
}
|
102
102
|
}
|
103
103
|
end
|
104
104
|
|
105
|
-
it
|
105
|
+
it "should raise error" do
|
106
106
|
expect { Google::Auth::ClientId.from_hash config }.to raise_error(
|
107
107
|
/Expected top level property/
|
108
108
|
)
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
-
context
|
113
|
-
let
|
112
|
+
context "with missing client id" do
|
113
|
+
let :config do
|
114
114
|
{
|
115
|
-
|
116
|
-
|
115
|
+
"web" => {
|
116
|
+
"client_secret" => "notasecret"
|
117
117
|
}
|
118
118
|
}
|
119
119
|
end
|
120
120
|
|
121
|
-
it
|
121
|
+
it "should raise error" do
|
122
122
|
expect { Google::Auth::ClientId.from_hash config }.to raise_error(
|
123
123
|
/Client id can not be nil/
|
124
124
|
)
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
|
-
context
|
129
|
-
let
|
128
|
+
context "with missing client secret" do
|
129
|
+
let :config do
|
130
130
|
{
|
131
|
-
|
132
|
-
|
131
|
+
"web" => {
|
132
|
+
"client_id" => "abc@example.com"
|
133
133
|
}
|
134
134
|
}
|
135
135
|
end
|
136
136
|
|
137
|
-
it
|
137
|
+
it "should raise error" do
|
138
138
|
expect { Google::Auth::ClientId.from_hash config }.to raise_error(
|
139
139
|
/Client secret can not be nil/
|
140
140
|
)
|
141
141
|
end
|
142
142
|
end
|
143
143
|
|
144
|
-
context
|
145
|
-
let
|
144
|
+
context "with cloud sdk credentials" do
|
145
|
+
let :config do
|
146
146
|
{
|
147
|
-
|
148
|
-
|
149
|
-
|
147
|
+
"web" => {
|
148
|
+
"client_id" => Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID,
|
149
|
+
"client_secret" => "notasecret"
|
150
150
|
}
|
151
151
|
}
|
152
152
|
end
|
153
153
|
|
154
|
-
it
|
154
|
+
it "should raise warning" do
|
155
155
|
expect { Google::Auth::ClientId.from_hash config }.to output(
|
156
156
|
Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
|
157
157
|
).to_stderr
|
@@ -27,65 +27,65 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
35
|
-
require
|
36
|
-
require
|
37
|
-
require
|
34
|
+
require "apply_auth_examples"
|
35
|
+
require "faraday"
|
36
|
+
require "googleauth/compute_engine"
|
37
|
+
require "spec_helper"
|
38
38
|
|
39
39
|
describe Google::Auth::GCECredentials do
|
40
|
-
MD_URI =
|
40
|
+
MD_URI = "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token".freeze
|
41
41
|
GCECredentials = Google::Auth::GCECredentials
|
42
42
|
|
43
|
-
before
|
43
|
+
before :example do
|
44
44
|
@client = GCECredentials.new
|
45
45
|
end
|
46
46
|
|
47
|
-
def make_auth_stubs
|
48
|
-
access_token = opts[:access_token] ||
|
49
|
-
body = MultiJson.dump(
|
50
|
-
|
51
|
-
|
47
|
+
def make_auth_stubs opts = {}
|
48
|
+
access_token = opts[:access_token] || ""
|
49
|
+
body = MultiJson.dump("access_token" => access_token,
|
50
|
+
"token_type" => "Bearer",
|
51
|
+
"expires_in" => 3600)
|
52
52
|
stub_request(:get, MD_URI)
|
53
|
-
.with(headers: {
|
54
|
-
.to_return(body:
|
55
|
-
status:
|
56
|
-
headers: {
|
53
|
+
.with(headers: { "Metadata-Flavor" => "Google" })
|
54
|
+
.to_return(body: body,
|
55
|
+
status: 200,
|
56
|
+
headers: { "Content-Type" => "application/json" })
|
57
57
|
end
|
58
58
|
|
59
|
-
it_behaves_like
|
59
|
+
it_behaves_like "apply/apply! are OK"
|
60
60
|
|
61
|
-
context
|
62
|
-
describe
|
63
|
-
it
|
61
|
+
context "metadata is unavailable" do
|
62
|
+
describe "#fetch_access_token" do
|
63
|
+
it "should fail if the metadata request returns a 404" do
|
64
64
|
stub = stub_request(:get, MD_URI)
|
65
|
-
.to_return(status:
|
66
|
-
headers: {
|
65
|
+
.to_return(status: 404,
|
66
|
+
headers: { "Metadata-Flavor" => "Google" })
|
67
67
|
expect { @client.fetch_access_token! }
|
68
68
|
.to raise_error Signet::AuthorizationError
|
69
69
|
expect(stub).to have_been_requested
|
70
70
|
end
|
71
71
|
|
72
|
-
it
|
72
|
+
it "should fail if the metadata request returns an unexpected code" do
|
73
73
|
stub = stub_request(:get, MD_URI)
|
74
|
-
.to_return(status:
|
75
|
-
headers: {
|
74
|
+
.to_return(status: 503,
|
75
|
+
headers: { "Metadata-Flavor" => "Google" })
|
76
76
|
expect { @client.fetch_access_token! }
|
77
77
|
.to raise_error Signet::AuthorizationError
|
78
78
|
expect(stub).to have_been_requested
|
79
79
|
end
|
80
80
|
|
81
|
-
it
|
81
|
+
it "should fail with Signet::AuthorizationError if request times out" do
|
82
82
|
allow_any_instance_of(Faraday::Connection).to receive(:get)
|
83
83
|
.and_raise(Faraday::TimeoutError)
|
84
84
|
expect { @client.fetch_access_token! }
|
85
85
|
.to raise_error Signet::AuthorizationError
|
86
86
|
end
|
87
87
|
|
88
|
-
it
|
88
|
+
it "should fail with Signet::AuthorizationError if request fails" do
|
89
89
|
allow_any_instance_of(Faraday::Connection).to receive(:get)
|
90
90
|
.and_raise(Faraday::ConnectionFailed, nil)
|
91
91
|
expect { @client.fetch_access_token! }
|
@@ -94,27 +94,27 @@ describe Google::Auth::GCECredentials do
|
|
94
94
|
end
|
95
95
|
end
|
96
96
|
|
97
|
-
describe
|
98
|
-
it
|
99
|
-
stub = stub_request(:get,
|
100
|
-
.to_return(status:
|
101
|
-
headers: {
|
97
|
+
describe "#on_gce?" do
|
98
|
+
it "should be true when Metadata-Flavor is Google" do
|
99
|
+
stub = stub_request(:get, "http://169.254.169.254")
|
100
|
+
.to_return(status: 200,
|
101
|
+
headers: { "Metadata-Flavor" => "Google" })
|
102
102
|
expect(GCECredentials.on_gce?({}, true)).to eq(true)
|
103
103
|
expect(stub).to have_been_requested
|
104
104
|
end
|
105
105
|
|
106
|
-
it
|
107
|
-
stub = stub_request(:get,
|
108
|
-
.to_return(status:
|
109
|
-
headers: {
|
106
|
+
it "should be false when Metadata-Flavor is not Google" do
|
107
|
+
stub = stub_request(:get, "http://169.254.169.254")
|
108
|
+
.to_return(status: 200,
|
109
|
+
headers: { "Metadata-Flavor" => "NotGoogle" })
|
110
110
|
expect(GCECredentials.on_gce?({}, true)).to eq(false)
|
111
111
|
expect(stub).to have_been_requested
|
112
112
|
end
|
113
113
|
|
114
|
-
it
|
115
|
-
stub = stub_request(:get,
|
116
|
-
.to_return(status:
|
117
|
-
headers: {
|
114
|
+
it "should be false if the response is not 200" do
|
115
|
+
stub = stub_request(:get, "http://169.254.169.254")
|
116
|
+
.to_return(status: 404,
|
117
|
+
headers: { "Metadata-Flavor" => "NotGoogle" })
|
118
118
|
expect(GCECredentials.on_gce?({}, true)).to eq(false)
|
119
119
|
expect(stub).to have_been_requested
|
120
120
|
end
|
@@ -27,34 +27,34 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
require
|
30
|
+
require "googleauth"
|
31
31
|
|
32
32
|
|
33
33
|
# This test is testing the private class Google::Auth::Credentials. We want to
|
34
34
|
# make sure that the passed in scope propogates to the Signet object. This means
|
35
35
|
# testing the private API, which is generally frowned on.
|
36
36
|
describe Google::Auth::Credentials, :private do
|
37
|
-
let
|
37
|
+
let :default_keyfile_hash do
|
38
38
|
{
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
39
|
+
"private_key_id" => "testabc1234567890xyz",
|
40
|
+
"private_key" => "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAOyi0Hy1l4Ym2m2o71Q0TF4O9E81isZEsX0bb+Bqz1SXEaSxLiXM\nUZE8wu0eEXivXuZg6QVCW/5l+f2+9UPrdNUCAwEAAQJAJkqubA/Chj3RSL92guy3\nktzeodarLyw8gF8pOmpuRGSiEo/OLTeRUMKKD1/kX4f9sxf3qDhB4e7dulXR1co/\nIQIhAPx8kMW4XTTL6lJYd2K5GrH8uBMp8qL5ya3/XHrBgw3dAiEA7+3Iw3ULTn2I\n1J34WlJ2D5fbzMzB4FAHUNEV7Ys3f1kCIQDtUahCMChrl7+H5t9QS+xrn77lRGhs\nB50pjvy95WXpgQIhAI2joW6JzTfz8fAapb+kiJ/h9Vcs1ZN3iyoRlNFb61JZAiA8\nNy5NyNrMVwtB/lfJf1dAK/p/Bwd8LZLtgM6PapRfgw==\n-----END RSA PRIVATE KEY-----\n",
|
41
|
+
"client_email" => "credz-testabc1234567890xyz@developer.gserviceaccount.com",
|
42
|
+
"client_id" => "credz-testabc1234567890xyz.apps.googleusercontent.com",
|
43
|
+
"type" => "service_account",
|
44
|
+
"project_id" => "a_project_id"
|
45
45
|
}
|
46
46
|
end
|
47
47
|
|
48
|
-
it
|
49
|
-
mocked_signet = double
|
48
|
+
it "uses a default scope" do
|
49
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
50
50
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
51
51
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
52
52
|
allow(mocked_signet).to receive(:client_id)
|
53
53
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
54
|
-
expect(options[:token_credential_uri]).to eq(
|
55
|
-
expect(options[:audience]).to eq(
|
54
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
55
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
56
56
|
expect(options[:scope]).to eq([])
|
57
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
57
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
58
58
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
59
59
|
|
60
60
|
mocked_signet
|
@@ -63,49 +63,49 @@ describe Google::Auth::Credentials, :private do
|
|
63
63
|
Google::Auth::Credentials.new default_keyfile_hash
|
64
64
|
end
|
65
65
|
|
66
|
-
it
|
67
|
-
mocked_signet = double
|
66
|
+
it "uses a custom scope" do
|
67
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
68
68
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
69
69
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
70
70
|
allow(mocked_signet).to receive(:client_id)
|
71
71
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
72
|
-
expect(options[:token_credential_uri]).to eq(
|
73
|
-
expect(options[:audience]).to eq(
|
74
|
-
expect(options[:scope]).to eq([
|
75
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
72
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
73
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
74
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
75
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
76
76
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
77
77
|
|
78
78
|
mocked_signet
|
79
79
|
end
|
80
80
|
|
81
|
-
Google::Auth::Credentials.new default_keyfile_hash, scope:
|
81
|
+
Google::Auth::Credentials.new default_keyfile_hash, scope: "http://example.com/scope"
|
82
82
|
end
|
83
83
|
|
84
|
-
it
|
85
|
-
TEST_PATH_ENV_VAR =
|
86
|
-
TEST_PATH_ENV_VAL =
|
87
|
-
TEST_JSON_ENV_VAR =
|
84
|
+
it "can be subclassed to pass in other env paths" do
|
85
|
+
TEST_PATH_ENV_VAR = "TEST_PATH".freeze
|
86
|
+
TEST_PATH_ENV_VAL = "/unknown/path/to/file.txt".freeze
|
87
|
+
TEST_JSON_ENV_VAR = "TEST_JSON_VARS".freeze
|
88
88
|
|
89
89
|
ENV[TEST_PATH_ENV_VAR] = TEST_PATH_ENV_VAL
|
90
|
-
ENV[TEST_JSON_ENV_VAR] = JSON.generate
|
90
|
+
ENV[TEST_JSON_ENV_VAR] = JSON.generate default_keyfile_hash
|
91
91
|
|
92
92
|
class TestCredentials < Google::Auth::Credentials
|
93
|
-
SCOPE =
|
93
|
+
SCOPE = "http://example.com/scope".freeze
|
94
94
|
PATH_ENV_VARS = [TEST_PATH_ENV_VAR].freeze
|
95
95
|
JSON_ENV_VARS = [TEST_JSON_ENV_VAR].freeze
|
96
96
|
end
|
97
97
|
|
98
98
|
allow(::File).to receive(:file?).with(TEST_PATH_ENV_VAL) { false }
|
99
99
|
|
100
|
-
mocked_signet = double
|
100
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
101
101
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
102
102
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
103
103
|
allow(mocked_signet).to receive(:client_id)
|
104
104
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
105
|
-
expect(options[:token_credential_uri]).to eq(
|
106
|
-
expect(options[:audience]).to eq(
|
107
|
-
expect(options[:scope]).to eq([
|
108
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
105
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
106
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
107
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
108
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
109
109
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
110
110
|
|
111
111
|
mocked_signet
|
@@ -114,32 +114,32 @@ describe Google::Auth::Credentials, :private do
|
|
114
114
|
creds = TestCredentials.default
|
115
115
|
expect(creds).to be_a_kind_of(TestCredentials)
|
116
116
|
expect(creds.client).to eq(mocked_signet)
|
117
|
-
expect(creds.project_id).to eq(default_keyfile_hash[
|
117
|
+
expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
|
118
118
|
end
|
119
119
|
|
120
|
-
it
|
120
|
+
it "subclasses can use PATH_ENV_VARS to get keyfile path" do
|
121
121
|
class TestCredentials < Google::Auth::Credentials
|
122
|
-
SCOPE =
|
123
|
-
PATH_ENV_VARS = [
|
124
|
-
JSON_ENV_VARS = [
|
125
|
-
DEFAULT_PATHS = [
|
122
|
+
SCOPE = "http://example.com/scope".freeze
|
123
|
+
PATH_ENV_VARS = %w[PATH_ENV_DUMMY PATH_ENV_TEST].freeze
|
124
|
+
JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
|
125
|
+
DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
|
126
126
|
end
|
127
127
|
|
128
|
-
allow(::ENV).to receive(:[]).with(
|
129
|
-
allow(::File).to receive(:file?).with(
|
130
|
-
allow(::ENV).to receive(:[]).with(
|
131
|
-
allow(::File).to receive(:file?).with(
|
132
|
-
allow(::File).to receive(:read).with(
|
128
|
+
allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
|
129
|
+
allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
|
130
|
+
allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
|
131
|
+
allow(::File).to receive(:file?).with("/unknown/path/to/file.txt") { true }
|
132
|
+
allow(::File).to receive(:read).with("/unknown/path/to/file.txt") { JSON.generate default_keyfile_hash }
|
133
133
|
|
134
|
-
mocked_signet = double
|
134
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
135
135
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
136
136
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
137
137
|
allow(mocked_signet).to receive(:client_id)
|
138
138
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
139
|
-
expect(options[:token_credential_uri]).to eq(
|
140
|
-
expect(options[:audience]).to eq(
|
141
|
-
expect(options[:scope]).to eq([
|
142
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
139
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
140
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
141
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
142
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
143
143
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
144
144
|
|
145
145
|
mocked_signet
|
@@ -148,31 +148,31 @@ describe Google::Auth::Credentials, :private do
|
|
148
148
|
creds = TestCredentials.default
|
149
149
|
expect(creds).to be_a_kind_of(TestCredentials)
|
150
150
|
expect(creds.client).to eq(mocked_signet)
|
151
|
-
expect(creds.project_id).to eq(default_keyfile_hash[
|
151
|
+
expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
|
152
152
|
end
|
153
153
|
|
154
|
-
it
|
154
|
+
it "subclasses can use JSON_ENV_VARS to get keyfile contents" do
|
155
155
|
class TestCredentials < Google::Auth::Credentials
|
156
|
-
SCOPE =
|
157
|
-
PATH_ENV_VARS = [
|
158
|
-
JSON_ENV_VARS = [
|
159
|
-
DEFAULT_PATHS = [
|
156
|
+
SCOPE = "http://example.com/scope".freeze
|
157
|
+
PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
|
158
|
+
JSON_ENV_VARS = %w[JSON_ENV_DUMMY JSON_ENV_TEST].freeze
|
159
|
+
DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
|
160
160
|
end
|
161
161
|
|
162
|
-
allow(::ENV).to receive(:[]).with(
|
163
|
-
allow(::File).to receive(:file?).with(
|
164
|
-
allow(::ENV).to receive(:[]).with(
|
165
|
-
allow(::ENV).to receive(:[]).with(
|
162
|
+
allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
|
163
|
+
allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
|
164
|
+
allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
|
165
|
+
allow(::ENV).to receive(:[]).with("JSON_ENV_TEST") { JSON.generate default_keyfile_hash }
|
166
166
|
|
167
|
-
mocked_signet = double
|
167
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
168
168
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
169
169
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
170
170
|
allow(mocked_signet).to receive(:client_id)
|
171
171
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
172
|
-
expect(options[:token_credential_uri]).to eq(
|
173
|
-
expect(options[:audience]).to eq(
|
174
|
-
expect(options[:scope]).to eq([
|
175
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
172
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
173
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
174
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
175
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
176
176
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
177
177
|
|
178
178
|
mocked_signet
|
@@ -181,32 +181,32 @@ describe Google::Auth::Credentials, :private do
|
|
181
181
|
creds = TestCredentials.default
|
182
182
|
expect(creds).to be_a_kind_of(TestCredentials)
|
183
183
|
expect(creds.client).to eq(mocked_signet)
|
184
|
-
expect(creds.project_id).to eq(default_keyfile_hash[
|
184
|
+
expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
|
185
185
|
end
|
186
186
|
|
187
|
-
it
|
187
|
+
it "subclasses can use DEFAULT_PATHS to get keyfile path" do
|
188
188
|
class TestCredentials < Google::Auth::Credentials
|
189
|
-
SCOPE =
|
190
|
-
PATH_ENV_VARS = [
|
191
|
-
JSON_ENV_VARS = [
|
192
|
-
DEFAULT_PATHS = [
|
189
|
+
SCOPE = "http://example.com/scope".freeze
|
190
|
+
PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
|
191
|
+
JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
|
192
|
+
DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
|
193
193
|
end
|
194
194
|
|
195
|
-
allow(::ENV).to receive(:[]).with(
|
196
|
-
allow(::File).to receive(:file?).with(
|
197
|
-
allow(::ENV).to receive(:[]).with(
|
198
|
-
allow(::File).to receive(:file?).with(
|
199
|
-
allow(::File).to receive(:read).with(
|
195
|
+
allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
|
196
|
+
allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
|
197
|
+
allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
|
198
|
+
allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { true }
|
199
|
+
allow(::File).to receive(:read).with("~/default/path/to/file.txt") { JSON.generate default_keyfile_hash }
|
200
200
|
|
201
|
-
mocked_signet = double
|
201
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
202
202
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
203
203
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
204
204
|
allow(mocked_signet).to receive(:client_id)
|
205
205
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
206
|
-
expect(options[:token_credential_uri]).to eq(
|
207
|
-
expect(options[:audience]).to eq(
|
208
|
-
expect(options[:scope]).to eq([
|
209
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
206
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
207
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
208
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
209
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
210
210
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
211
211
|
|
212
212
|
mocked_signet
|
@@ -215,23 +215,23 @@ describe Google::Auth::Credentials, :private do
|
|
215
215
|
creds = TestCredentials.default
|
216
216
|
expect(creds).to be_a_kind_of(TestCredentials)
|
217
217
|
expect(creds.client).to eq(mocked_signet)
|
218
|
-
expect(creds.project_id).to eq(default_keyfile_hash[
|
218
|
+
expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
|
219
219
|
end
|
220
220
|
|
221
|
-
it
|
221
|
+
it "subclasses that find no matches default to Google::Auth.get_application_default" do
|
222
222
|
class TestCredentials < Google::Auth::Credentials
|
223
|
-
SCOPE =
|
224
|
-
PATH_ENV_VARS = [
|
225
|
-
JSON_ENV_VARS = [
|
226
|
-
DEFAULT_PATHS = [
|
223
|
+
SCOPE = "http://example.com/scope".freeze
|
224
|
+
PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
|
225
|
+
JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
|
226
|
+
DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
|
227
227
|
end
|
228
228
|
|
229
|
-
allow(::ENV).to receive(:[]).with(
|
230
|
-
allow(::File).to receive(:file?).with(
|
231
|
-
allow(::ENV).to receive(:[]).with(
|
232
|
-
allow(::File).to receive(:file?).with(
|
229
|
+
allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
|
230
|
+
allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
|
231
|
+
allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
|
232
|
+
allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { false }
|
233
233
|
|
234
|
-
mocked_signet = double
|
234
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
235
235
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
236
236
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
237
237
|
allow(mocked_signet).to receive(:client_id)
|
@@ -243,10 +243,10 @@ describe Google::Auth::Credentials, :private do
|
|
243
243
|
default_keyfile_hash
|
244
244
|
end
|
245
245
|
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
246
|
-
expect(options[:token_credential_uri]).to eq(
|
247
|
-
expect(options[:audience]).to eq(
|
248
|
-
expect(options[:scope]).to eq([
|
249
|
-
expect(options[:issuer]).to eq(default_keyfile_hash[
|
246
|
+
expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
|
247
|
+
expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
|
248
|
+
expect(options[:scope]).to eq(["http://example.com/scope"])
|
249
|
+
expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
|
250
250
|
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
251
251
|
|
252
252
|
mocked_signet
|
@@ -255,14 +255,14 @@ describe Google::Auth::Credentials, :private do
|
|
255
255
|
creds = TestCredentials.default
|
256
256
|
expect(creds).to be_a_kind_of(TestCredentials)
|
257
257
|
expect(creds.client).to eq(mocked_signet)
|
258
|
-
expect(creds.project_id).to eq(default_keyfile_hash[
|
258
|
+
expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
|
259
259
|
end
|
260
260
|
|
261
|
-
it
|
262
|
-
mocked_signet = double
|
261
|
+
it "warns when cloud sdk credentials are used" do
|
262
|
+
mocked_signet = double "Signet::OAuth2::Client"
|
263
263
|
allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
|
264
264
|
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
265
|
-
allow(Signet::OAuth2::Client).to receive(:new) do |
|
265
|
+
allow(Signet::OAuth2::Client).to receive(:new) do |_options|
|
266
266
|
mocked_signet
|
267
267
|
end
|
268
268
|
allow(mocked_signet).to receive(:client_id).and_return(Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID)
|