googleauth 0.13.1 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +7 -0
- data/CHANGELOG.md +5 -0
- data/{COPYING → LICENSE} +0 -0
- data/lib/googleauth/compute_engine.rb +24 -3
- data/lib/googleauth/version.rb +1 -1
- data/spec/googleauth/compute_engine_spec.rb +18 -4
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8846e57d325ff993c15ca691e299b9c2c4b7472b1b0a9e905b36cdb99216e061
|
|
4
|
+
data.tar.gz: 2fcee29e36a6fd57420b9cd0106cf3ab73bf447e94e2f6bdce61a973d256cd5e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dd54bce055240fc1db34ccfe2850ab49f23b17f55f5336dfeccf380c2f93b8b9e29100a1c53f360564e8387805a9c4bf74d09eb2ca58b5bda666cdab3b061f45
|
|
7
|
+
data.tar.gz: 27dae4439e8163194604e912918709d2cd623c61856f70f7c350b08dfac010fdff50ad703934b88631c2759dcf7e5aab5b315a884cb160790c153115ee88bdfe
|
data/.github/CODEOWNERS
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Code owners file.
|
|
2
|
+
# This file controls who is tagged for review for any given pull request.
|
|
3
|
+
#
|
|
4
|
+
# For syntax help see:
|
|
5
|
+
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
|
|
6
|
+
|
|
7
|
+
* @googleapis/yoshi-ruby
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
+
### 0.14.0 / 2020-10-09
|
|
4
|
+
|
|
5
|
+
* Honor GCE_METADATA_HOST environment variable
|
|
6
|
+
* Fix errors in some environments when requesting an access token for multiple scopes
|
|
7
|
+
|
|
3
8
|
### 0.13.1 / 2020-07-30
|
|
4
9
|
|
|
5
10
|
* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
|
data/{COPYING → LICENSE}
RENAMED
|
File without changes
|
|
@@ -51,22 +51,43 @@ module Google
|
|
|
51
51
|
class GCECredentials < Signet::OAuth2::Client
|
|
52
52
|
# The IP Address is used in the URIs to speed up failures on non-GCE
|
|
53
53
|
# systems.
|
|
54
|
+
DEFAULT_METADATA_HOST = "169.254.169.254".freeze
|
|
55
|
+
|
|
56
|
+
# @private Unused and deprecated
|
|
54
57
|
COMPUTE_AUTH_TOKEN_URI =
|
|
55
58
|
"http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token".freeze
|
|
59
|
+
# @private Unused and deprecated
|
|
56
60
|
COMPUTE_ID_TOKEN_URI =
|
|
57
61
|
"http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity".freeze
|
|
62
|
+
# @private Unused and deprecated
|
|
58
63
|
COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
|
|
59
64
|
|
|
60
65
|
class << self
|
|
61
66
|
extend Memoist
|
|
62
67
|
|
|
68
|
+
def metadata_host
|
|
69
|
+
ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def compute_check_uri
|
|
73
|
+
"http://#{metadata_host}".freeze
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def compute_auth_token_uri
|
|
77
|
+
"#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/token".freeze
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def compute_id_token_uri
|
|
81
|
+
"#{compute_check_uri}/computeMetadata/v1/instance/service-accounts/default/identity".freeze
|
|
82
|
+
end
|
|
83
|
+
|
|
63
84
|
# Detect if this appear to be a GCE instance, by checking if metadata
|
|
64
85
|
# is available.
|
|
65
86
|
def on_gce? options = {}
|
|
66
87
|
# TODO: This should use google-cloud-env instead.
|
|
67
88
|
c = options[:connection] || Faraday.default_connection
|
|
68
89
|
headers = { "Metadata-Flavor" => "Google" }
|
|
69
|
-
resp = c.get
|
|
90
|
+
resp = c.get compute_check_uri, nil, headers do |req|
|
|
70
91
|
req.options.timeout = 1.0
|
|
71
92
|
req.options.open_timeout = 0.1
|
|
72
93
|
end
|
|
@@ -84,9 +105,9 @@ module Google
|
|
|
84
105
|
def fetch_access_token options = {}
|
|
85
106
|
c = options[:connection] || Faraday.default_connection
|
|
86
107
|
retry_with_error do
|
|
87
|
-
uri = target_audience ?
|
|
108
|
+
uri = target_audience ? GCECredentials.compute_id_token_uri : GCECredentials.compute_auth_token_uri
|
|
88
109
|
query = target_audience ? { "audience" => target_audience, "format" => "full" } : {}
|
|
89
|
-
query[:scopes] = Array(scope).join "
|
|
110
|
+
query[:scopes] = Array(scope).join "," if scope
|
|
90
111
|
headers = { "Metadata-Flavor" => "Google" }
|
|
91
112
|
resp = c.get uri, query, headers
|
|
92
113
|
case resp.status
|
data/lib/googleauth/version.rb
CHANGED
|
@@ -53,7 +53,7 @@ describe Google::Auth::GCECredentials do
|
|
|
53
53
|
"expires_in" => 3600)
|
|
54
54
|
|
|
55
55
|
uri = MD_ACCESS_URI
|
|
56
|
-
uri += "?scopes=#{opts[:scope]}" if opts[:scope]
|
|
56
|
+
uri += "?scopes=#{Array(opts[:scope]).join ','}" if opts[:scope]
|
|
57
57
|
|
|
58
58
|
stub_request(:get, uri)
|
|
59
59
|
.with(headers: { "Metadata-Flavor" => "Google" })
|
|
@@ -74,9 +74,9 @@ describe Google::Auth::GCECredentials do
|
|
|
74
74
|
context "metadata is unavailable" do
|
|
75
75
|
describe "#fetch_access_token" do
|
|
76
76
|
it "should pass scopes when requesting an access token" do
|
|
77
|
-
|
|
78
|
-
stub = make_auth_stubs access_token: "1/abcdef1234567890", scope:
|
|
79
|
-
@client = GCECredentials.new(scope:
|
|
77
|
+
scopes = ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/bigtable.data"]
|
|
78
|
+
stub = make_auth_stubs access_token: "1/abcdef1234567890", scope: scopes
|
|
79
|
+
@client = GCECredentials.new(scope: scopes)
|
|
80
80
|
@client.fetch_access_token!
|
|
81
81
|
expect(stub).to have_been_requested
|
|
82
82
|
end
|
|
@@ -142,5 +142,19 @@ describe Google::Auth::GCECredentials do
|
|
|
142
142
|
expect(GCECredentials.on_gce?({}, true)).to eq(false)
|
|
143
143
|
expect(stub).to have_been_requested
|
|
144
144
|
end
|
|
145
|
+
|
|
146
|
+
it "should honor GCE_METADATA_HOST environment variable" do
|
|
147
|
+
ENV["GCE_METADATA_HOST"] = "mymetadata.example.com"
|
|
148
|
+
begin
|
|
149
|
+
stub = stub_request(:get, "http://mymetadata.example.com")
|
|
150
|
+
.with(headers: { "Metadata-Flavor" => "Google" })
|
|
151
|
+
.to_return(status: 200,
|
|
152
|
+
headers: { "Metadata-Flavor" => "Google" })
|
|
153
|
+
expect(GCECredentials.on_gce?({}, true)).to eq(true)
|
|
154
|
+
expect(stub).to have_been_requested
|
|
155
|
+
ensure
|
|
156
|
+
ENV.delete "GCE_METADATA_HOST"
|
|
157
|
+
end
|
|
158
|
+
end
|
|
145
159
|
end
|
|
146
160
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -135,6 +135,7 @@ executables: []
|
|
|
135
135
|
extensions: []
|
|
136
136
|
extra_rdoc_files: []
|
|
137
137
|
files:
|
|
138
|
+
- ".github/CODEOWNERS"
|
|
138
139
|
- ".github/CONTRIBUTING.md"
|
|
139
140
|
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
|
140
141
|
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
|
@@ -160,8 +161,8 @@ files:
|
|
|
160
161
|
- ".rubocop.yml"
|
|
161
162
|
- CHANGELOG.md
|
|
162
163
|
- CODE_OF_CONDUCT.md
|
|
163
|
-
- COPYING
|
|
164
164
|
- Gemfile
|
|
165
|
+
- LICENSE
|
|
165
166
|
- README.md
|
|
166
167
|
- Rakefile
|
|
167
168
|
- googleauth.gemspec
|
|
@@ -231,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
231
232
|
- !ruby/object:Gem::Version
|
|
232
233
|
version: '0'
|
|
233
234
|
requirements: []
|
|
234
|
-
rubygems_version: 3.1.
|
|
235
|
+
rubygems_version: 3.1.4
|
|
235
236
|
signing_key:
|
|
236
237
|
specification_version: 4
|
|
237
238
|
summary: Google Auth Library for Ruby
|