googleauth 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +3 -3
- data/CHANGELOG.md +8 -0
- data/googleauth.gemspec +4 -4
- data/lib/googleauth.rb +10 -6
- data/lib/googleauth/compute_engine.rb +22 -3
- data/lib/googleauth/version.rb +1 -1
- data/spec/googleauth/compute_engine_spec.rb +36 -0
- data/spec/googleauth/signet_spec.rb +1 -2
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e62231971bac1c91acd998f3c70095834c4f4b6c
|
|
4
|
+
data.tar.gz: dc687953a02e4c2eca85dbf044bcab4be46e69fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e18ff4154e5f66978e93156551804699cd3a62d4ae920893a94178ad276495130bbb0711b1e6284ab35eef04191f306c0c457aeedfad3b68e0612529daaf3b86
|
|
7
|
+
data.tar.gz: 4835734c63b673c62fcfbea1ee6407f2ffb1a7cc3c05d5bffecfbe8293e186b9f8a7d594d1722097d552b205e64fa3d4ff6e566ceadc8035c9e7a0c5c8c9bb59
|
data/.rubocop_todo.yml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# This configuration was generated by `rubocop --auto-gen-config`
|
|
2
|
-
# on 2015-
|
|
2
|
+
# on 2015-04-23 11:18:24 -0700 using RuboCop version 0.30.0.
|
|
3
3
|
# The point is for the user to remove these configuration records
|
|
4
4
|
# one by one as the offenses are removed from the code base.
|
|
5
5
|
# Note that changes in the inspected code, or installation of new
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
Metrics/AbcSize:
|
|
10
10
|
Max: 24
|
|
11
11
|
|
|
12
|
-
# Offense count:
|
|
12
|
+
# Offense count: 6
|
|
13
13
|
# Configuration parameters: CountComments.
|
|
14
14
|
Metrics/MethodLength:
|
|
15
|
-
Max:
|
|
15
|
+
Max: 13
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
## 0.4.1 (25/04/2015)
|
|
2
|
+
|
|
3
|
+
### Changes
|
|
4
|
+
|
|
5
|
+
* Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
|
|
6
|
+
* Refactoring and cleanup ([@joneslee85][])
|
|
7
|
+
|
|
1
8
|
## 0.4.0 (25/03/2015)
|
|
2
9
|
|
|
3
10
|
### Changes
|
|
@@ -12,3 +19,4 @@
|
|
|
12
19
|
* changes the scope parameter's position in various constructors. ([@tbetbetbe][])
|
|
13
20
|
|
|
14
21
|
[@tbetbetbe]: https://github.com/tbetbetbe
|
|
22
|
+
[@joneslee85]: https://github.com/joneslee85
|
data/googleauth.gemspec
CHANGED
|
@@ -26,16 +26,16 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.platform = Gem::Platform::RUBY
|
|
27
27
|
|
|
28
28
|
s.add_dependency 'faraday', '~> 0.9'
|
|
29
|
-
s.add_dependency 'logging', '~>
|
|
29
|
+
s.add_dependency 'logging', '~> 2.0'
|
|
30
30
|
s.add_dependency 'jwt', '~> 1.4'
|
|
31
|
-
s.add_dependency 'memoist', '~> 0.
|
|
31
|
+
s.add_dependency 'memoist', '~> 0.12'
|
|
32
32
|
s.add_dependency 'multi_json', '1.11'
|
|
33
33
|
s.add_dependency 'signet', '~> 0.6'
|
|
34
34
|
|
|
35
|
-
s.add_development_dependency 'bundler', '~> 1.
|
|
35
|
+
s.add_development_dependency 'bundler', '~> 1.9'
|
|
36
36
|
s.add_development_dependency 'simplecov', '~> 0.9'
|
|
37
37
|
s.add_development_dependency 'coveralls', '~> 0.7'
|
|
38
38
|
s.add_development_dependency 'rake', '~> 10.0'
|
|
39
|
-
s.add_development_dependency 'rubocop', '~> 0.
|
|
39
|
+
s.add_development_dependency 'rubocop', '~> 0.30'
|
|
40
40
|
s.add_development_dependency 'rspec', '~> 3.0'
|
|
41
41
|
end
|
data/lib/googleauth.rb
CHANGED
|
@@ -62,9 +62,14 @@ END
|
|
|
62
62
|
json_key = MultiJson.load(json_key_io.read)
|
|
63
63
|
fail "the json is missing the #{key} field" unless json_key.key?('type')
|
|
64
64
|
type = json_key['type']
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
65
|
+
case type
|
|
66
|
+
when 'service_account'
|
|
67
|
+
[json_key, ServiceAccountCredentials]
|
|
68
|
+
when 'authorized_user'
|
|
69
|
+
[json_key, UserRefreshCredentials]
|
|
70
|
+
else
|
|
71
|
+
fail "credentials type '#{type}' is not supported"
|
|
72
|
+
end
|
|
68
73
|
end
|
|
69
74
|
end
|
|
70
75
|
|
|
@@ -82,9 +87,8 @@ END
|
|
|
82
87
|
# @param scope [string|array|nil] the scope(s) to access
|
|
83
88
|
# @param options [hash] allows override of the connection being used
|
|
84
89
|
def get_application_default(scope = nil, options = {})
|
|
85
|
-
creds = DefaultCredentials.from_env(scope)
|
|
86
|
-
|
|
87
|
-
creds = DefaultCredentials.from_well_known_path(scope)
|
|
90
|
+
creds = DefaultCredentials.from_env(scope) ||
|
|
91
|
+
DefaultCredentials.from_well_known_path(scope)
|
|
88
92
|
return creds unless creds.nil?
|
|
89
93
|
fail NOT_FOUND_ERROR unless GCECredentials.on_gce?(options)
|
|
90
94
|
GCECredentials.new
|
|
@@ -35,13 +35,24 @@ module Google
|
|
|
35
35
|
# Module Auth provides classes that provide Google-specific authorization
|
|
36
36
|
# used to access Google APIs.
|
|
37
37
|
module Auth
|
|
38
|
+
NO_METADATA_SERVER_ERROR = <<END
|
|
39
|
+
Error code 404 trying to get security access token
|
|
40
|
+
from Compute Engine metadata for the default service account. This
|
|
41
|
+
may be because the virtual machine instance does not have permission
|
|
42
|
+
scopes specified.
|
|
43
|
+
END
|
|
44
|
+
UNEXPECTED_ERROR_SUFFIX = <<END
|
|
45
|
+
trying to get security access token from Compute Engine metadata for
|
|
46
|
+
the default service account
|
|
47
|
+
END
|
|
48
|
+
|
|
38
49
|
# Extends Signet::OAuth2::Client so that the auth token is obtained from
|
|
39
50
|
# the GCE metadata server.
|
|
40
51
|
class GCECredentials < Signet::OAuth2::Client
|
|
41
52
|
# The IP Address is used in the URIs to speed up failures on non-GCE
|
|
42
53
|
# systems.
|
|
43
54
|
COMPUTE_AUTH_TOKEN_URI = 'http://169.254.169.254/computeMetadata/v1/'\
|
|
44
|
-
|
|
55
|
+
'instance/service-accounts/default/token'
|
|
45
56
|
COMPUTE_CHECK_URI = 'http://169.254.169.254'
|
|
46
57
|
|
|
47
58
|
class << self
|
|
@@ -78,8 +89,16 @@ module Google
|
|
|
78
89
|
c = options[:connection] || Faraday.default_connection
|
|
79
90
|
c.headers = { 'Metadata-Flavor' => 'Google' }
|
|
80
91
|
resp = c.get(COMPUTE_AUTH_TOKEN_URI)
|
|
81
|
-
|
|
82
|
-
|
|
92
|
+
case resp.status
|
|
93
|
+
when 200
|
|
94
|
+
Signet::OAuth2.parse_credentials(resp.body,
|
|
95
|
+
resp.headers['content-type'])
|
|
96
|
+
when 404
|
|
97
|
+
fail(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
|
|
98
|
+
else
|
|
99
|
+
msg = "Unexpected error code #{resp.status}" + UNEXPECTED_ERROR_SUFFIX
|
|
100
|
+
fail(Signet::AuthorizationError, msg)
|
|
101
|
+
end
|
|
83
102
|
end
|
|
84
103
|
end
|
|
85
104
|
end
|
data/lib/googleauth/version.rb
CHANGED
|
@@ -60,6 +60,42 @@ describe Google::Auth::GCECredentials do
|
|
|
60
60
|
|
|
61
61
|
it_behaves_like 'apply/apply! are OK'
|
|
62
62
|
|
|
63
|
+
context 'metadata is unavailable' do
|
|
64
|
+
describe '#fetch_access_token' do
|
|
65
|
+
it 'should fail if the metadata request returns a 404' do
|
|
66
|
+
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
|
67
|
+
stub.get(MD_URI) do |_env|
|
|
68
|
+
[404,
|
|
69
|
+
{ 'Metadata-Flavor' => 'Google' },
|
|
70
|
+
'']
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
c = Faraday.new do |b|
|
|
74
|
+
b.adapter(:test, stubs)
|
|
75
|
+
end
|
|
76
|
+
blk = proc { @client.fetch_access_token!(connection: c) }
|
|
77
|
+
expect(&blk).to raise_error Signet::AuthorizationError
|
|
78
|
+
stubs.verify_stubbed_calls
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
it 'should fail if the metadata request returns an unexpected code' do
|
|
82
|
+
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
|
83
|
+
stub.get(MD_URI) do |_env|
|
|
84
|
+
[503,
|
|
85
|
+
{ 'Metadata-Flavor' => 'Google' },
|
|
86
|
+
'']
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
c = Faraday.new do |b|
|
|
90
|
+
b.adapter(:test, stubs)
|
|
91
|
+
end
|
|
92
|
+
blk = proc { @client.fetch_access_token!(connection: c) }
|
|
93
|
+
expect(&blk).to raise_error Signet::AuthorizationError
|
|
94
|
+
stubs.verify_stubbed_calls
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
|
|
63
99
|
describe '#on_gce?' do
|
|
64
100
|
it 'should be true when Metadata-Flavor is Google' do
|
|
65
101
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
|
@@ -45,8 +45,7 @@ describe Signet::OAuth2::Client do
|
|
|
45
45
|
scope: 'https://www.googleapis.com/auth/userinfo.profile',
|
|
46
46
|
issuer: 'app@example.com',
|
|
47
47
|
audience: 'https://accounts.google.com/o/oauth2/token',
|
|
48
|
-
signing_key: @key
|
|
49
|
-
)
|
|
48
|
+
signing_key: @key)
|
|
50
49
|
end
|
|
51
50
|
|
|
52
51
|
def make_auth_stubs(opts)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-04-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '2.0'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '2.0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: jwt
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '0.
|
|
61
|
+
version: '0.12'
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '0.
|
|
68
|
+
version: '0.12'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: multi_json
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '1.
|
|
103
|
+
version: '1.9'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '1.
|
|
110
|
+
version: '1.9'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -156,14 +156,14 @@ dependencies:
|
|
|
156
156
|
requirements:
|
|
157
157
|
- - "~>"
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '0.
|
|
159
|
+
version: '0.30'
|
|
160
160
|
type: :development
|
|
161
161
|
prerelease: false
|
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
163
|
requirements:
|
|
164
164
|
- - "~>"
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: '0.
|
|
166
|
+
version: '0.30'
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
168
|
name: rspec
|
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|