googleauth 1.5.0 → 1.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/googleauth/external_account/aws_credentials.rb +3 -11
  4. data/lib/googleauth/external_account.rb +0 -41
  5. data/lib/googleauth/version.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 42581efbf67b1cafdcdcd18cd227d22b5d456d695f3b5cfaa089f4121c17bce2
4
- data.tar.gz: 968618cfa8048d5c246c83acc769b19c3f258958e21810481464d1b297d651bc
3
+ metadata.gz: 553d9c5927ca82c62dafc3a90529029ffd7813d99a9ae4ae146ae27370beb631
4
+ data.tar.gz: 55b33ba8e1ea2cf72f1f0c6c3c356ca825a4d575d8ac5665dc038118fc635198
5
5
  SHA512:
6
- metadata.gz: 392dc977400f0229fd416cdcd2d5ed60fa0a8592926c622fed3dea2ba6ba1e083169d978c7a48d4e895014909352196fca56ac8c21df1f0b3694e55439cfedb2
7
- data.tar.gz: 1a33a41171c9963196f833fa83702d61af6e335b677a229bf0f93316e7f0272f9b211f00fc7e180c4f07e1e7dd5ffbe29b484f5cd72578a49096046c6d017fc4
6
+ metadata.gz: 73a897d4813f5f016b252a299d126535fa32f017aa40ac7ac67200bef1332696298e2e082c279c3b8b850ca1d93d46f8a56f75d5c3ab408c33db391572944af7
7
+ data.tar.gz: b0d137864100e7e16ae1bac0b22ca7b2b09b5a9724692ed794170dbd712bc16b6ef00ad0913c47620d6df3e7324ce5a54484e2e4f9dfe06f999ebbeffd3c6007
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Release History
2
2
 
3
+ ### 1.5.1 (2023-04-10)
4
+
5
+ #### Bug Fixes
6
+
7
+ * Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
8
+
3
9
  ### 1.5.0 (2023-03-21)
4
10
 
5
11
  #### Features
data/lib/googleauth/external_account/aws_credentials.rb CHANGED
@@ -38,11 +38,10 @@ module Google
38
38
  @audience = options[:audience]
39
39
  @credential_source = options[:credential_source] || {}
40
40
  @environment_id = @credential_source["environment_id"]
41
- @region_url = validate_metadata_server @credential_source["region_url"], "region_url"
42
- @credential_verification_url = validate_metadata_server @credential_source["url"], "url"
41
+ @region_url = @credential_source["region_url"]
42
+ @credential_verification_url = @credential_source["url"]
43
43
  @regional_cred_verification_url = @credential_source["regional_cred_verification_url"]
44
- @imdsv2_session_token_url = validate_metadata_server @credential_source["imdsv2_session_token_url"],
45
- "imdsv2_session_token_url"
44
+ @imdsv2_session_token_url = @credential_source["imdsv2_session_token_url"]
46
45
 
47
46
  # These will be lazily loaded when needed, or will raise an error if not provided
48
47
  @region = nil
@@ -105,13 +104,6 @@ module Google
105
104
 
106
105
  private
107
106
 
108
- def validate_metadata_server url, name
109
- return nil if url.nil?
110
- host = URI(url).host
111
- raise "Invalid host #{host} for #{name}." unless ["169.254.169.254", "[fd00:ec2::254]"].include? host
112
- url
113
- end
114
-
115
107
  def get_aws_resource url, name, data: nil, headers: {}
116
108
  begin
117
109
  unless [nil, url].include? @imdsv2_session_token_url
data/lib/googleauth/external_account.rb CHANGED
@@ -30,22 +30,6 @@ module Google
30
30
  AWS_SUBJECT_TOKEN_TYPE = "urn:ietf:params:aws:token-type:aws4_request".freeze
31
31
  AWS_SUBJECT_TOKEN_INVALID = "aws is the only currently supported external account type".freeze
32
32
 
33
- TOKEN_URL_PATTERNS = [
34
- /^[^.\s\/\\]+\.sts(?:\.mtls)?\.googleapis\.com$/,
35
- /^sts(?:\.mtls)?\.googleapis\.com$/,
36
- /^sts\.[^.\s\/\\]+(?:\.mtls)?\.googleapis\.com$/,
37
- /^[^.\s\/\\]+-sts(?:\.mtls)?\.googleapis\.com$/,
38
- /^sts-[^.\s\/\\]+\.p(?:\.mtls)?\.googleapis\.com$/
39
- ].freeze
40
-
41
- SERVICE_ACCOUNT_IMPERSONATION_URL_PATTERNS = [
42
- /^[^.\s\/\\]+\.iamcredentials\.googleapis\.com$/.freeze,
43
- /^iamcredentials\.googleapis\.com$/.freeze,
44
- /^iamcredentials\.[^.\s\/\\]+\.googleapis\.com$/.freeze,
45
- /^[^.\s\/\\]+-iamcredentials\.googleapis\.com$/.freeze,
46
- /^iamcredentials-[^.\s\/\\]+\.p\.googleapis\.com$/.freeze
47
- ].freeze
48
-
49
33
  # Create a ExternalAccount::Credentials
50
34
  #
51
35
  # @param json_key_io [IO] an IO from which the JSON key can be read
@@ -56,11 +40,6 @@ module Google
56
40
  raise "A json file is required for external account credentials." unless json_key_io
57
41
  user_creds = read_json_key json_key_io
58
42
 
59
- raise "The provided token URL is invalid." unless is_token_url_valid? user_creds["token_url"]
60
- unless is_service_account_impersonation_url_valid? user_creds["service_account_impersonation_url"]
61
- raise "The provided service account impersonation url is invalid."
62
- end
63
-
64
43
  # TODO: check for other External Account Credential types. Currently only AWS is supported.
65
44
  raise AWS_SUBJECT_TOKEN_INVALID unless user_creds["subject_token_type"] == AWS_SUBJECT_TOKEN_TYPE
66
45
 
@@ -85,26 +64,6 @@ module Google
85
64
  end
86
65
  json_key
87
66
  end
88
-
89
- def self.is_valid_url? url, valid_hostnames
90
- begin
91
- uri = URI(url)
92
- rescue URI::InvalidURIError, ArgumentError
93
- return false
94
- end
95
-
96
- return false unless uri.scheme == "https"
97
-
98
- valid_hostnames.any? { |hostname| hostname =~ uri.host }
99
- end
100
-
101
- def self.is_token_url_valid? url
102
- is_valid_url? url, TOKEN_URL_PATTERNS
103
- end
104
-
105
- def self.is_service_account_impersonation_url_valid? url
106
- !url or is_valid_url? url, SERVICE_ACCOUNT_IMPERSONATION_URL_PATTERNS
107
- end
108
67
  end
109
68
  end
110
69
  end
data/lib/googleauth/version.rb CHANGED
@@ -16,6 +16,6 @@ module Google
16
16
  # Module Auth provides classes that provide Google-specific authorization
17
17
  # used to access Google APIs.
18
18
  module Auth
19
- VERSION = "1.5.0".freeze
19
+ VERSION = "1.5.1".freeze
20
20
  end
21
21
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: googleauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Emiola
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-22 00:00:00.000000000 Z
11
+ date: 2023-04-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -168,7 +168,7 @@ metadata:
168
168
  changelog_uri: https://github.com/googleapis/google-auth-library-ruby/blob/main/CHANGELOG.md
169
169
  source_code_uri: https://github.com/googleapis/google-auth-library-ruby
170
170
  bug_tracker_uri: https://github.com/googleapis/google-auth-library-ruby/issues
171
- post_install_message:
171
+ post_install_message:
172
172
  rdoc_options: []
173
173
  require_paths:
174
174
  - lib
@@ -183,8 +183,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
183
183
  - !ruby/object:Gem::Version
184
184
  version: '0'
185
185
  requirements: []
186
- rubygems_version: 3.3.26
187
- signing_key:
186
+ rubygems_version: 3.4.2
187
+ signing_key:
188
188
  specification_version: 4
189
189
  summary: Google Auth Library for Ruby
190
190
  test_files: []